Does installing a new Linux OS erase the hard drive?
April 8, 2011 9:51 AM Subscribe
Will installing a Linux Operating System onto an old Windows laptop fully erase the contents of the hard drive?
My friend gave me an old Windows laptop. It has text files on it that he would prefer for others to never see.
I am using the laptop to teach a friend's child about installing Linux.
If I install the Linux Ubuntu Operating System on the pc, NOT for dual boot, will his hard drive be securely erased?
My friend gave me an old Windows laptop. It has text files on it that he would prefer for others to never see.
I am using the laptop to teach a friend's child about installing Linux.
If I install the Linux Ubuntu Operating System on the pc, NOT for dual boot, will his hard drive be securely erased?
For all realistic purposes, yes. When you install Linux its going to install either grub or lilo (bootloaders) which will then overwrite the MBR that Windows creates.
For all paranoid purposes, the only way to make sure the data is totally unrecoverable is a sledgehammer.
posted by SweetJesus at 10:04 AM on April 8, 2011
For all paranoid purposes, the only way to make sure the data is totally unrecoverable is a sledgehammer.
posted by SweetJesus at 10:04 AM on April 8, 2011
Best answer: Download and use DBAN to securely erase the hard drive.
Then install your Linux-of-choice.
posted by Blazecock Pileon at 10:04 AM on April 8, 2011 [4 favorites]
Then install your Linux-of-choice.
posted by Blazecock Pileon at 10:04 AM on April 8, 2011 [4 favorites]
If I install the Linux Ubuntu Operating System on the pc, NOT for dual boot, will his hard drive be securely erased?
That depends on whether the installation process formats the drive by writing data to all of it, or does some kind of 'quick format' that sets up the basic file system structures but leaves most of the existing data untouched.
To be more certain, use something like dban on it first, and then you'll know all the data was erased before you started installing the OS.
posted by FishBike at 10:06 AM on April 8, 2011
That depends on whether the installation process formats the drive by writing data to all of it, or does some kind of 'quick format' that sets up the basic file system structures but leaves most of the existing data untouched.
To be more certain, use something like dban on it first, and then you'll know all the data was erased before you started installing the OS.
posted by FishBike at 10:06 AM on April 8, 2011
Best answer: Nthing DBAN. If you want to securely erase everything, that is the most straightforward way. The regular format included in the Ubuntu install will leave the actual bytes of the text files accessible to anyone who bothers to read the unused space on the drive.
the odds of a child doing the type of data forensics required after reformatting the drive to install Ubuntu are exceedingly low
It would be more of a risk if the laptop ends up getting sold on eBay or something. At any rate, if someone told me they had sensitive information on a drive when giving it to me, I would erase it on principle even if there was not much of a realistic chance that anyone would go digging for it. Better safe than sorry.
posted by burnmp3s at 10:14 AM on April 8, 2011
the odds of a child doing the type of data forensics required after reformatting the drive to install Ubuntu are exceedingly low
It would be more of a risk if the laptop ends up getting sold on eBay or something. At any rate, if someone told me they had sensitive information on a drive when giving it to me, I would erase it on principle even if there was not much of a realistic chance that anyone would go digging for it. Better safe than sorry.
posted by burnmp3s at 10:14 AM on April 8, 2011
For all paranoid purposes, the only way to make sure the data is totally unrecoverable is a sledgehammer.
This is bad advice and the OP would do well to steer clear of it. There are several good ways to securely reformat hard drives. DBAN is about the simplest.
posted by Blazecock Pileon at 10:22 AM on April 8, 2011
This is bad advice and the OP would do well to steer clear of it. There are several good ways to securely reformat hard drives. DBAN is about the simplest.
posted by Blazecock Pileon at 10:22 AM on April 8, 2011
This is bad advice and the OP would do well to steer clear of it. There are several good ways to securely reformat hard drives. DBAN is about the simplest.
No, it's not bad advise. I prefaced it with 'for all paranoid purposes' and it's precisely why the government uses hard drive shredders or gigantic magnets (Degaussing) when disposing of classified hard drives.
posted by SweetJesus at 10:48 AM on April 8, 2011
No, it's not bad advise. I prefaced it with 'for all paranoid purposes' and it's precisely why the government uses hard drive shredders or gigantic magnets (Degaussing) when disposing of classified hard drives.
posted by SweetJesus at 10:48 AM on April 8, 2011
If your friend is that concerned, just give him the hard drive. You can run linux off a live cd, or install it to a new hard drive or cheapo flash media.
posted by yeoz at 11:00 AM on April 8, 2011
posted by yeoz at 11:00 AM on April 8, 2011
No, it's not bad advise. I prefaced it with 'for all paranoid purposes' and it's precisely why the government uses hard drive shredders or gigantic magnets (Degaussing) when disposing of classified hard drives.
To put this in perspective though, without reformatting the drive at all, someone with normal everyday computer skills can could find and read the files using a standard file search. If you reformat when you install Ubuntu, someone with moderate to advanced computer skills can use specialized tools to find the old files files and read them (I have done this myself to recover accidentally lost files). If you use DBAN and it successfully overwrites all of the data, it gets to the point where it's extremely unlikely that anyone, even professional computer forensics experts, will be able to recover the data from the files. Physically destroying the drive correctly will get you from very likely impossible to recover to completely impossible to recover.
posted by burnmp3s at 11:13 AM on April 8, 2011
To put this in perspective though, without reformatting the drive at all, someone with normal everyday computer skills can could find and read the files using a standard file search. If you reformat when you install Ubuntu, someone with moderate to advanced computer skills can use specialized tools to find the old files files and read them (I have done this myself to recover accidentally lost files). If you use DBAN and it successfully overwrites all of the data, it gets to the point where it's extremely unlikely that anyone, even professional computer forensics experts, will be able to recover the data from the files. Physically destroying the drive correctly will get you from very likely impossible to recover to completely impossible to recover.
posted by burnmp3s at 11:13 AM on April 8, 2011
To put this in perspective though...
All completely true, and I completely agree. I'm of the opinion that overwriting the MBR and allowing the new OS to write over the previous data is a pretty good method of disallowing a casual user to 'stumble' over those sensitive files. You'd have to actively go looking for them in that scenario.
In that respect, something like DBAN is overkill, although legitimate overkill if you really want to really ensure nothing is retained, or alternatively, if you think someone may attempt to physically compromise your machine. But if you're in that situation, the only real 'secure' way to completely insure that the data is gone is to physically destroy the drive.
posted by SweetJesus at 11:36 AM on April 8, 2011
All completely true, and I completely agree. I'm of the opinion that overwriting the MBR and allowing the new OS to write over the previous data is a pretty good method of disallowing a casual user to 'stumble' over those sensitive files. You'd have to actively go looking for them in that scenario.
In that respect, something like DBAN is overkill, although legitimate overkill if you really want to really ensure nothing is retained, or alternatively, if you think someone may attempt to physically compromise your machine. But if you're in that situation, the only real 'secure' way to completely insure that the data is gone is to physically destroy the drive.
posted by SweetJesus at 11:36 AM on April 8, 2011
No, it's not bad advise. I prefaced it with 'for all paranoid purposes' and it's precisely why the government uses hard drive shredders or gigantic magnets (Degaussing) when disposing of classified hard drives.
I work for a company that takes data security very seriously. If we leaked data, we'd be screwed. Our in-house solution for securely wiping disks is essentially DBAN. We only crush disks if they're physically damaged. A 1996 paper (Secure Deletion of Data from Magnetic and Solid-State Memory) does a good job of describing data deletion practices. It also includes an epilogue for more modern times.
posted by kdar at 11:39 AM on April 8, 2011
I work for a company that takes data security very seriously. If we leaked data, we'd be screwed. Our in-house solution for securely wiping disks is essentially DBAN. We only crush disks if they're physically damaged. A 1996 paper (Secure Deletion of Data from Magnetic and Solid-State Memory) does a good job of describing data deletion practices. It also includes an epilogue for more modern times.
posted by kdar at 11:39 AM on April 8, 2011
I was about to say much the same as burnmp3s.
Doing nothing but reformatting (which would be a side effect of installing Linux) = anyone who bothered to look might be able to read your old text files; doesn't take special expertise beyond knowing it's possible and being willing to look up how to do it.
Overwriting with DBAN = someone willing to invest truly ludicrous time and money into it might be able to recover something, but I haven't heard of any examples of this actually happening (I'd be grateful for any citations to the contrary.)
Heating the drives beyond the Curie point or completely stripping the platters in an acid bath = absolutely no chance of any data being recovered.
I think it's clear enough what the sweet spot of effort vs. result is here.
posted by Zed at 11:40 AM on April 8, 2011
Doing nothing but reformatting (which would be a side effect of installing Linux) = anyone who bothered to look might be able to read your old text files; doesn't take special expertise beyond knowing it's possible and being willing to look up how to do it.
Overwriting with DBAN = someone willing to invest truly ludicrous time and money into it might be able to recover something, but I haven't heard of any examples of this actually happening (I'd be grateful for any citations to the contrary.)
Heating the drives beyond the Curie point or completely stripping the platters in an acid bath = absolutely no chance of any data being recovered.
I think it's clear enough what the sweet spot of effort vs. result is here.
posted by Zed at 11:40 AM on April 8, 2011
Wow, I just posted something about this on Ask MeFi, yesterday.
>http://ask.metafilter.com/182719/Easiest-way-to-destroy-a-hard-drive-in-situ#2631139
tl;dr -- the 1996 Guttmann paper linked slightly above has been called an "urban legend" by others, and the practical dangers from recovery after a DBAN-esque wipe are zero, unless you are al-Qaeda or worried about not-yet-developed/publicly disclosed technology.
posted by QuantumMeruit at 12:13 PM on April 8, 2011
>http://ask.metafilter.com/182719/Easiest-way-to-destroy-a-hard-drive-in-situ#2631139
tl;dr -- the 1996 Guttmann paper linked slightly above has been called an "urban legend" by others, and the practical dangers from recovery after a DBAN-esque wipe are zero, unless you are al-Qaeda or worried about not-yet-developed/publicly disclosed technology.
posted by QuantumMeruit at 12:13 PM on April 8, 2011
Last I heard it's damn near impossible to recover data from a drive that has simply been zeroed-out once. I wouldn't bother with multi-pass random overwrites unless you are holding onto nuclear secrets. I'd just install Linux on it and not wipe the drive at all. Once you get it up, you can then just:
cp /dev/zero garbage_file ; rm garbage_file
on each fs partition. This will write zeros over all free space. It will crap out when the disk is full and move on to the remove to free it back up.
posted by chairface at 2:49 PM on April 8, 2011
cp /dev/zero garbage_file ; rm garbage_file
on each fs partition. This will write zeros over all free space. It will crap out when the disk is full and move on to the remove to free it back up.
posted by chairface at 2:49 PM on April 8, 2011
Response by poster: Thanks folks! Looks like DBAN is it.
I can't guarantee what will happen to the donated laptop after giving it away to my friend's child, so it's best to clear the drive. Today's laptops are a long-lived item if well-treated and you never know where they could end up.
posted by ElisaOS at 4:53 PM on April 8, 2011
I can't guarantee what will happen to the donated laptop after giving it away to my friend's child, so it's best to clear the drive. Today's laptops are a long-lived item if well-treated and you never know where they could end up.
posted by ElisaOS at 4:53 PM on April 8, 2011
Just use the Ubuntu CD in live mode and dd if=/dev/random of=/dev/whatever_the_hard_disk_is_usually_hda_or_sda . No need to mess with dban if you already have a linux live cd.
PS. I am a data forensic analyst, to the extent that i testify in court as an expert witness on criminal cases, and I am unaware of any technology that can recover from a full single pass wipe (such as in the dd above, or dban) of a modern hard drive. The guttman paper was written at a time where disks were as big as turkey serving platters and had 1/10000th of the space that they do today. What this means is that the bits on a hard disk are MUCH closer together and less discernable. Even at that time, the guttman paper was very theoretical. The technological advances in electron microscopes have not nearly kept up at the same rate as that of bit density in hard disks.
But this:
cp /dev/zero garbage_file ; rm garbage_file
Does not wipe the drive, because when linux installed it created files with size < 1block, or larger files with the last block not taking up the whole block, and the remainder of the block was left over from the previous install. Linux considers those blocks claimed space and will not include it in garbage_file. This is called "slack space" in forensics and is where a good deal of ancient data is found.
posted by robokevin at 3:33 PM on April 9, 2011 [1 favorite]
PS. I am a data forensic analyst, to the extent that i testify in court as an expert witness on criminal cases, and I am unaware of any technology that can recover from a full single pass wipe (such as in the dd above, or dban) of a modern hard drive. The guttman paper was written at a time where disks were as big as turkey serving platters and had 1/10000th of the space that they do today. What this means is that the bits on a hard disk are MUCH closer together and less discernable. Even at that time, the guttman paper was very theoretical. The technological advances in electron microscopes have not nearly kept up at the same rate as that of bit density in hard disks.
But this:
cp /dev/zero garbage_file ; rm garbage_file
Does not wipe the drive, because when linux installed it created files with size < 1block, or larger files with the last block not taking up the whole block, and the remainder of the block was left over from the previous install. Linux considers those blocks claimed space and will not include it in garbage_file. This is called "slack space" in forensics and is where a good deal of ancient data is found.
posted by robokevin at 3:33 PM on April 9, 2011 [1 favorite]
This thread is closed to new comments.
posted by Oktober at 9:57 AM on April 8, 2011