Tags:








What is the proper way to safely unplug USB drives?
January 2, 2009 5:41 PM   RSS feed for this thread Subscribe

I've heard many different explanations about how to unplug drives in Windows XP. Some insist on using the removal tool and others just yank it out. So actually i have a matter of questions which i hope someone with the proper expertise can answer.

1) What exactly does the "safe removal" tool in Windows XP do and it is any different than just waiting until the drive isn't writing and then unplugging it?

2) Is there any increased risk by running a NTFS filesystem on the usb flashdrive than the more common FAT on these devices? I use NTFS to move around bigger files than FAT32 can support, but i heard something about NTFS being more prone to data corruption when unplugged prematurely, than FAT systems.

3) What happens when you have some drives plugged in and then shut down your computer? (proper shutdown, not forced) Does Windows safely unplug these drives automatically when shutting down?

Thanks in advance
posted by kampken to computers & internet (17 comments total) 1 user marked this as a favorite
As I understand it, there can be "cached" writes to removable storage that are flushed when you force Windows to safely eject a USB device. I think you're mostly safe with the "wait until it's not doing anything and then pull it out" method, but (again, as I understand it) you do run the risk of ejecting a device with a cached write pending, and obviously that's not good.

When you shut down your computer, as far as I know, Windows safely unmounts all storage.
posted by kbanas at 5:48 PM on January 2


NTFS will be more vulnerable to data corruption on an unexpected dismount than FAT is. The safe removal tool attempts to force closed all file handles and finish up any writes that are in the queue, so it's a good idea to use it, especially if you use NTFS.

I have personally lost files that were written out to NTFS when the safe removal process wasn't followed. Upon examination, the data was there, but the file list wouldn't show it, so without a fair bit of work it's not usable.
posted by Dipsomaniac at 6:00 PM on January 2


You might also be interested in USB Disk Ejector.
posted by spikeleemajortomdickandharryconnickjrmints at 6:01 PM on January 2


Many operating systems attempt to increase the apparent speed of writes by buffering them to RAM instead of immediately writing them to disk. Windows does this to some extent, I understand; I know that Linux does it very aggressively by default. In theory, these buffered writes can sit around forever, or until you shut down (which answers your question about shutting down with a flash stick plugged in). This is especially true of small writes (like, a couple kilobytes), which are almost always buffered together so that one large write will be done instead of many tiny ones.

The "safe removal" option flushes all of those buffered writes to disk. The OS periodically flushes the buffers as well, but not on any schedule that you can predict--the safe removal tool is about the only way to *know* that it's happened recently. It then unmounts the disk from the operating system, so that programs or drivers don't expect the thing to exist when it isn't actually attached anymore. In general, however, the only part you care about is the buffer flushing--Windows is pretty good about accepting that some piece of hardware just dropped off the planet.

If you remove the disk while writes are pending without having the operating system flush the write buffers, those writes will be lost. It's unlikely that you'll harm existing data on the drive, but if you've saved something to it, you could easily lose it. The same thing will happen if you remove power from the computer without shutting it down... those writes that sit in RAM will simply be lost.

So, if you've written (saved) anything to the flash drive, you should use the safe removal. Otherwise, you'll likely do no damage by just yanking it.
posted by Netzapper at 6:03 PM on January 2 [3 favorites]


What kbana's says is how I basically understand it to work. The reason you use "safe eject" is because Windows might be caching files before they are written to the USB drive, and if you just yank it out, those files won't be written, leading to corruption.

What this means of course is that it doesn't matter that you do a safe eject IF you didn't write to the drive, since there are no cached files to write out with the safe eject. It could also be argued that after some time it's probably safe to just yank it out, since cached files would have been written, but don't ask me what that time limit is! Personally, I find it best to just get into the habit of always doing the "safe eject", rather than taking the risk.

(PS. Did you know that if you left-click ONCE on the icon in the dock, you can then select from a menu and eject directly? Many people don't seem to know this! It's much easier than double-clicking and getting the window up and then having to click the "Stop" button).

To answer your last question, when you shut down the machine it will unmount all the drives for you.
posted by ranglin at 6:03 PM on January 2


Actually, I've just thought of a situation where you can destroy previously-saved data by unexpectedly yanking the drive. But, it still requires you writing something out.

Assume your flash drive is E:, and you have a file E:\foo.txt. You open foo.txt in your text editor, and make some changes to it. You then press Save and immediately yank the usb stick. It's possible that you will yank it *after* the previous version of the file has been delisted, but *before* the new version actually gets written out. Thus, E:\foo.txt no longer appears to exist, or now contains garbage.

This can happen because many filesystems do not physically overwrite files when they're updated. Rather they essentially* delete the old file and create a new one with the same name and the new data.

*Note to hackers: yes, I know. But, do you think they really want to hear about blocks, inodes, runs, and free lists?
posted by Netzapper at 6:09 PM on January 2


1) What exactly does the "safe removal" tool in Windows XP do and it is any different than just waiting until the drive isn't writing and then unplugging it?

kbanas is right, as far as I understand - it's just doing cached writes to the drive until it gets ejected, and the eject function just makes certain that it's done.

2. Is there any increased risk by running a NTFS filesystem on the usb flashdrive than the more common FAT on these devices? I use NTFS to move around bigger files than FAT32 can support, but i heard something about NTFS being more prone to data corruption when unplugged prematurely, than FAT systems.

Who the hell knows? I don't think there's any way to answer this question legally, unfortunately. All we can say is that Microsoft seems to believe that NTFS is more stable for larger files (since they've added the locks that keep FAT32 from writing large files) and that Microsoft seems to believe that NTFS is more prone to corruption through premature unplugging - that last bit because they've chosen to make NTFS disks lock-mount, unlike USB drives, so that they won't allow you to use any software method to unmount the disk until it's been properly ejected, and so that they make the eject process a little more clear-cut.

The trouble is that NTFS is a trade secret. Nobody can really tell you what's more or less secure or stable about it. I guess what you could get is anecdotal evidence, and there are probably people who have worked with those kinds of drives to have some experience with that stuff, but it's unfortunately not the kind of thing you can look up, and I'm not one of those experienced types.

3) What happens when you have some drives plugged in and then shut down your computer? (proper shutdown, not forced) Does Windows safely unplug these drives automatically when shutting down?

During a clean and standard shutdown, all drives are unmounted - even the system hard drive. This ought to apply to any operating system I know of. So, yes, it's safe to unplug any drive you wish after a proper shutdown.

To put it simply, the danger of unplugging drives is the danger that data which is in the process of being written to disk will be lost; but when the fucker's off, well, it's not in the process of writing any data, and it's not planning to when it boots back up.
posted by koeselitz at 6:12 PM on January 2


ranglin writes "What this means of course is that it doesn't matter that you do a safe eject IF you didn't write to the drive, since there are no cached files to write out with the safe eject."

Except that certain files systems (NTFS, ext2, ext3) will write meta-data (when the file was last accessed, etc.) even if a file is only read. Since this meta-data tends to be small, the write is often cached. It's possible to turn off this meta-data writing for certain files ystems on certain OSes, but in every case it's safer to eject/unmount before physically removing the drive.
posted by orthogonality at 6:16 PM on January 2 [1 favorite]


Occasionally, the safe removal thing will tell you that the device can't be stopped right now and you should try later. That means that there are files still open on the device. Just yanking it out when files are open on it will certainly increase your risk of filesystem corruption.

I've seen a lot more corrupted FAT USB sticks than NTFS ones. But then, there are a lot more FAT sticks than NTFS ones in use. I don't have enough data to offer an opinion on which is actually more corruption-resistant in practice, though it does seem to me that the NTFS version of chkdsk generally does a better job of putting the world back together than the FAT version does.

Most of the people I've met who just yank the sticks out are doing that because they don't know that the safe removal tool even exists, or what it's for. You clearly do. Use it.
posted by flabdablet at 6:33 PM on January 2


It is possible to disable the caching that Windows does to USB drives, so that you don't need to go through the safe removal rigamarole.

On Vista (the process is similar or identical on XP):

While the USB drive is in the computer:
Right-click it, and choose 'Properties'
Choose the 'Hardware' tab
choose your USB drive again
hit the 'Properties' button
(on Vista hit the 'Change Properties' button)
on the 'Policies' tab, choose "Optimize for Quick Removal"
hit 'OK'

screenshot here
posted by ArgentCorvid at 7:27 PM on January 2


Oh, to clarify a little, I don't think the steps I outlined above disable it for all USB drives. I'm pretty sure that you have to do it to each one you intend to use like this. I could be wrong about that though.
posted by ArgentCorvid at 7:34 PM on January 2


NTFS will be more vulnerable to data corruption on an unexpected dismount than FAT is.

Actually, NTFS is less vulnerable. That was one of the things they wanted to change when they designed NTFS.
posted by Chocolate Pickle at 7:59 PM on January 2


Some seriously bad information here.

Windows disables cache writing to all USB and removable media. All you need to do is close all the files, and unplug it. Anything more is overkill.

NTFS is much more resilient to corruption than FAT.
posted by SirStan at 8:07 PM on January 2


Okay, no, the information isn't bad. NTFS master file tables are more liable to corruption because of write caching than FAT partitions are, and if the MFT goes then you can't see your data. Removing a USB drive that is formatted NTFS without using the dialogue creates a reasonable chance that the MFT will be corrupted - because if it's formatted as NTFS, caching will be enabled.

Anecdotally, I have never corrupted a FAT formatted USB device by improper removal. I have had it happen more than once on an NTFS formatted device.
posted by Dipsomaniac at 8:21 PM on January 2 [1 favorite]


Let's clear up some bad reading skills problems here:

Dipsomaniac: NTFS will be more vulnerable to data corruption on an unexpected dismount than FAT is.

Chocolate Pickle: Actually, NTFS is less vulnerable. That was one of the things they wanted to change when they designed NTFS.

No, no it wasn't. There was absolutely no issue when they were designing NTFS of people unplugging their hard drives in the middle of caching, nor any other kind of drive. Yes, NTFS was designed to be more resilient than FAT32, but not on sudden dismount. It's designed, apparently, for stable long-term locked-mount use. Did you read the comment you were responding to?

SirStan: NTFS is much more resilient to corruption than FAT.

That's you're opinion, and probably mine, but it's not at issue. Again, nobody here said that FAT was more resilient than NTFS.

What we were saying was this, and I still think this is just about all that can be said about it: Microsoft, for whatever reason, decided to make it harder to unmount an NTFS drive than it is to unmount an FAT drive. This decision implies that NTFS drives, while more stable overall, are more susceptible to crashes on dismount. Does that make sense?
posted by koeselitz at 8:47 PM on January 2


Hmm, can you agree with the FAT/NTFS bit? :)

Btw, what about deactivating the usb-drive in Device Management? Does that ensure a clean eject?
posted by kampken at 8:51 PM on January 2


All operating systems have mechanisms for dismounting drives before removing them from the system. Windows' tool for that is "Safely Remove Hardware". What's wrong with just using that, even if it is an over-abundance of caution in many cases?
posted by gjc at 10:01 PM on January 2


« Older What are the best headphones t...   |   How difficult is it for a fami... Newer »

You are not logged in, either login or create an account to post comments