Is there a free secure wiper for Macs?
March 20, 2005 3:56 AM Subscribe
Is there a free multi-pass wiper for Mac (like BCWipe on the PC)?
I inherited my father's old 030 Mac, and I want to try and sell or donate it. Before I do, I need to wipe it clean of a lot of financial and other personal information. I don't want to delete the OS, because I don't have the Install disks for that system.
I inherited my father's old 030 Mac, and I want to try and sell or donate it. Before I do, I need to wipe it clean of a lot of financial and other personal information. I don't want to delete the OS, because I don't have the Install disks for that system.
PGP includes a multi-pass wiper, and a free version (missing various higher functions) for both PC and Mac is offered for non-commerical use.
posted by -harlequin- at 5:11 AM on March 20, 2005
posted by -harlequin- at 5:11 AM on March 20, 2005
...must read more carefully. You're unlikely to be running OS X on an 030 Mac. Sorry!
posted by Mwongozi at 5:12 AM on March 20, 2005
posted by Mwongozi at 5:12 AM on March 20, 2005
Buying someone else's hard drive for $5-$10 and throwing yours out is the best solution. I'm sure your town has a used computer store.
posted by about_time at 5:17 AM on March 20, 2005
posted by about_time at 5:17 AM on March 20, 2005
I'd suggest backing all of the files you want to keep to floppies and formatting several times over. You'll also need to create a startup floppy with Disk First Aid on to do the formatting. You can do this by creating a new System Folder on a floppy and dragging a minimal set of files from the hard disk's System Folder onto it. I can't find a list online of the ones you need, and I can't remember, so a bit of guesswork is required.
posted by cillit bang at 7:11 AM on March 20, 2005
posted by cillit bang at 7:11 AM on March 20, 2005
I doubt that a machine of that vintage has any residual value. You'll be doing a lot of work to preserve something that only a deep geek would love or want. Might be better to pull the HD, drill or smash it, and sell/donate the case without.
posted by omnidrew at 8:00 AM on March 20, 2005
posted by omnidrew at 8:00 AM on March 20, 2005
Older versions of PGP are freely available from PGPi. Version 7 should run on your dad's ancient-Mac, allowing you to use PGP's built-in free-space wipe to write all sorts of wonderful gibberish onto your hard drive.
Advice: Boot from a floppy containing PGP and erase and wipe the whole drive. Many older Mac applications love to hide data files in the System Folder. You don't want to miss anything.
Better advice: Pricewatch has SCSI drives available on the cheap. Buy new drive, take plasma torch to old drive.
posted by nathan_teske at 8:18 AM on March 20, 2005
Advice: Boot from a floppy containing PGP and erase and wipe the whole drive. Many older Mac applications love to hide data files in the System Folder. You don't want to miss anything.
Better advice: Pricewatch has SCSI drives available on the cheap. Buy new drive, take plasma torch to old drive.
posted by nathan_teske at 8:18 AM on March 20, 2005
Response by poster: I do understand that the old machine has little or no intrinsic value. My problem is that old computers are considered toxic waste, and I'd like to avoid having to pay to dispose of it. I also want to make sure there's nothing of use to identity or other theives on the HD. If I remove and trash the HD, I'm still left with the toxic-waste problem. If I can put an operating computer out at a yard sale, someone may want it. I don't guess anyone would want a dead 030 Mac.
posted by Kirth Gerson at 10:05 AM on March 20, 2005
posted by Kirth Gerson at 10:05 AM on March 20, 2005
Just about multi-pass wipes,
Now some of you are asking "if you can't recover data that has been overwritten just once, why do companies sell software that does multiple overwrites?" I have an opinion on this, but I can't back it up with any facts. Here it is anyway:posted by holloway at 5:25 PM on March 20, 2005
Company A brings out DataDeathstar, a program that will eradicate your rebel files by overwriting them once. This is all you need.
Company B makes a similar product, perhaps without such a copyright-infringing name, but in order to sound better than Company A, they claim they can do multi-pass overwrites. Perhaps they back this decision up with the Gutmann article mentioned earlier.
Now if the cost is the same, Joe User will choose the program with more features - the version that does multi-pass overwrites. This then precipitates an escalation in the number of wipes any package will perform, to make them sound better than their competitors. Eventually we end up with the Department of Defense 35-pass "standard", or the Bilbo-level Eleventy-billion Insano-wipe.
So why does the Department of Defense specify that huge multi-pass overwrite if one is enough? Once again I can only theorise, as I don't know anyone in that industry who could speak about this topic.
Here goes:
Decisions are made by people far above the technical guys on the ground. That is, management types with no techie knowhow. I'm not berating this issue, as it is the same the world over.
At the weekly meeting, one of the subordinate guys points out he read a report from Gutmann about recovering data. It may have mentioned the MFM-issue but that's all techie-speak.
The boss decides that he'd rather not risk his career on an issue he can't understand and doesn't have the resources to examine in any depth.
To be safe, he makes sure the standard is some huge amount of overkill, so he can never be determined to be a traitor by allowing data to get into the wrong hands.
This all seems fairly reasonable to me - everyone errs on the side of caution in a field they don't understand. Also, the military has had loads of data on old MFM technology in their time, and recovery MAY be possible on this gear. Why make multiple standards for different types of drives when your staff may not be able to tell the difference between them? They also have plenty of manpower, and would be quite happy letting some guys spend their days just wiping data, whether it's a waste of time or not.
Just remember one thing - one overwrite pass is enough to stop anyone recovering your data. If anyone tells you otherwise, tell them to put up or shut up. It's quite simple to get a floppy disk (or hard disk if they prefer), put some files on it and then wipe them so that they can be recovered with some magical system this person says exists. Make it easy for them and tell them what the file types are if you like - it won't help.
-- A Data Recovery FAQ
Response by poster: holloway,
First, I agree that there's a difference between just deleting a file (which only changes the directory and doesn't remove the data in the file) and wiping it even once. I am not so sure as you that even one wiping makes the data unrecoverable. those documentary forensic TV shows (no, I'm not talking about CSI) are telling me it doesn't.
Second, your link discusses only Windows. I do not know if that makes a difference.
Third, I am not confident that a cynical assessment of the DoD's security measures is persuasive that there's no risk to my family's financial data, if I wipe once.
subgenius,
Burn does look like what I want, but it tells me that I'm "unable to establish a secure FTP connection" for the download, on two different computers.
posted by Kirth Gerson at 6:06 AM on March 21, 2005
First, I agree that there's a difference between just deleting a file (which only changes the directory and doesn't remove the data in the file) and wiping it even once. I am not so sure as you that even one wiping makes the data unrecoverable. those documentary forensic TV shows (no, I'm not talking about CSI) are telling me it doesn't.
Second, your link discusses only Windows. I do not know if that makes a difference.
Third, I am not confident that a cynical assessment of the DoD's security measures is persuasive that there's no risk to my family's financial data, if I wipe once.
subgenius,
Burn does look like what I want, but it tells me that I'm "unable to establish a secure FTP connection" for the download, on two different computers.
posted by Kirth Gerson at 6:06 AM on March 21, 2005
I am not so sure as you that even one wiping makes the data unrecoverable. those documentary forensic TV shows (no, I'm not talking about CSI) are telling me it doesn't.Oh yeah, I just thought it was an interesting post from a scientific standpoint as it's written by a guy who does this for a living. While people like to talk about recovering unless you do X many overwrites I've yet to see any evidence that it's possible. Thought you might be interested :)
It's talking about retrieving bits from media, so it's almost certainly platform (read: Windows) independent)
posted by holloway at 1:55 PM on March 21, 2005
Response by poster: Yes, it was interesting, and I appreciate the effort.
posted by Kirth Gerson at 5:46 PM on March 21, 2005
posted by Kirth Gerson at 5:46 PM on March 21, 2005
Holloway:
I've read of at least two different methods used to recover overwritten data that multi-pass guards against, but both involved the removal of the platters from the HDD, to be scanned by much higher resolution devices than the read heads of the HDD. So multi-pass guards against the risk that someone will spend a small fortune on laboratory work on your HDD :-)
Wandering further off topic, I've also read that the same people as did one of the above methods, were also able to recover a surprising amount of info from RAM that had been switched off, prompting (humorous?) speculation of multi-pass RAM wipers. I forget the details, but it had something to do with finding that the state of the RAM latches is far from purely random (as was previously assumed) when powered on, most latches retain their last configuration. Working through a RAMdump that has noise in it is not my idea of fun, however :)
posted by -harlequin- at 11:57 PM on March 22, 2005
I've read of at least two different methods used to recover overwritten data that multi-pass guards against, but both involved the removal of the platters from the HDD, to be scanned by much higher resolution devices than the read heads of the HDD. So multi-pass guards against the risk that someone will spend a small fortune on laboratory work on your HDD :-)
Wandering further off topic, I've also read that the same people as did one of the above methods, were also able to recover a surprising amount of info from RAM that had been switched off, prompting (humorous?) speculation of multi-pass RAM wipers. I forget the details, but it had something to do with finding that the state of the RAM latches is far from purely random (as was previously assumed) when powered on, most latches retain their last configuration. Working through a RAMdump that has noise in it is not my idea of fun, however :)
posted by -harlequin- at 11:57 PM on March 22, 2005
This thread is closed to new comments.
posted by Mwongozi at 5:11 AM on March 20, 2005