Protecting Deleted Files
By Miguel Guhlin
Listen to this podcast
Over the last 6 months, I've had to explain to several folks that simply because you delete files on your computer, it does not mean that they are "safe" and "unrecoverable." In fact, it is a relatively simple manner to undelete files off your computer. This is especially true when undeleting files from hard drives on computers sent out for disposal, especially when little has been done to remove the data. Often, reimaging a hard drive just is not enough. With the real threat of identity theft, it is much too dangerous to not establish a regular pattern of wiping your hard drive's "free space" to get rid of deleted files.
In previous columns, I recommended using Pretty Good Privacy (PGP) or Cryptainer LE to encrypt sensitive files. Yet, everything you do leaves traces of information on your computer that others can access. You should consider using programs like those mentioned below to ensure your privacy after using a computer. One such free utility is Eraser 5.7. It allows you to permanently erase files, just like the free PGP software, so that they are unrecoverable, even by "forensic" methods used by government and the FBI (ok, ok...but isn't it nice to know that it's that high a quality program?). While this may seem a bit extreme, even paranoid, remember that at some time, we all deal with confidential information on our computers. Would you want that data accessible to someone should your computer be stolen or accessed inappropriately?

Eraser has a free hard drive reformatting utility that can remove asset tracking programs like Absolute Software's CompuTrace. I always have a laugh at the way school districts seek to use software to protect against theft...with this software, a Linux Boot CD, this protection is nullified. It is protection only for those computers that aren't stolen. This is important to know, especially for organizations who might choose to use this expensive software in lieu of other security methods (e.g. cables to secure computer equipment).

NOTE: Please be aware that the preceeding paragraph in italics is contested. As such, I've posted a revised version that reflects Absolute Software's perspective. I encourage you to read the relevant blog entry--and comments--so that you will be aware of users' experiences with CompuTrace. It is revised to be inclusive of Absolute Software's point of view, and does not negate--nor seek to correct--the essence of the first paragraph. The REVISED VERSION follows below:

Eraser has a free hard drive reformatting utility that can temporarily remove asset tracking programs like Absolute Software's CompuTrace. The removal is temporary because newer versions of CompuTrace--installed to the BIOS--can reinstall themselves ONLY IF a thief installs the Windows Operating System. Note that loading Linux onto the hard drive--and wiping out the Windows OS installation--will nullify the protection offered by CompuTrace. This is important to know, especially for organizations who might choose to use this expensive software in lieu of other security methods (e.g. cables to secure computer equipment). CompuTrace will NOT work if the computer is formatted with a utility like Darik's Boot-n-Nuke, and loaded with another operating system besides Windows. While CompuTrace will protect against the casual thief, as computer criminals become more technology proficient and learn to load Linux on stolen machines, this sytem of protection will be even less effective.

Absolute Software's Chief Executive Officer, John Livingston, shares, "Most of our customers run Windows or a Mac OS. These are the OS’s we support today. Linux, while a great OS, only has one percent of the install base, and we don’t support it at this time. Also please keep in mind than the people who steal these computers from schools are not as computer capable...they are probably not running Linux. Computer thieves are often fencing the stolen equipment for $100 to get their next fix. They will typically sell the PC - as is - to a local pawn shop or re-install Windows and use the PC themselves or sell the PC on eBay. In these scenarios’, Windows typically gets loaded, we locate the computer and break the theft ring that’s been plaguing the school."

In addition to protecting your email privacy, you may also want to consider the following free utilities available from JavaCool Software, the same folks that made SpywareBlaster.
  • MRU Blaster: Protect your privacy - find and remove over 30,000 most recently used lists and other stores of hidden information.
  • ID-Blaster: Destroy tracking tactics by randomizing GUID/Unique ID numbers found on your computer.
  • DocScrubber: Removes critical information that you might be inadvertently revealing through your Microsoft Word documents.
And, what's the new software I found recently? Well, it's called Win-Privacy Tools (WinPT). "Windows Privacy Tools (WinPT) is a collection of multilingual applications for easy digital encryption and signing of content. It's GnuPG-based, compatible with OpenPGP compliant software (like PGP) and free for commercial and personal use under the GPL. " ().

I also put together a quick tutorial on how to use Eraser to wipe data off your hard drive. It's very simple and can fit on a floppy disk. I hope these are useful to you as you protect your privacy. I also encourage you to read the following:

Tool Link(s):