More on securely erasing a hard disk
More on securely erasing a hard disk
Yesterday's article on securely erasing a hard disk in preparation for system resale prompted some further discussion.
Several readers suggested using the Apple Drive Setup Utility to write zeroes to the hard drive. A command located under the Functions/Initialization Options pane. This process can take an hour or more depending on volume size and the number of files on your drive, however, and like shareware "shredding" applications, is not bullet-proof.
Our investigation also led us to an article on the Developer section of Apple's Web site entitled "Securely Erasing Accessing and Dismounting a Macintosh partition." In this comprehensive note, the ADC actually recommends never writing readable date in the first place:
"The first piece of advice I have for you is that the best way to ensure that data stays confidential is to never ever write to a disk in clear-text. The best solution is to use something like PGPdisk to encrypt information automatically before it gets written to disk."
The article goes on to re-iterate our note yesterday indicating that writing zeros cannot be viewed as totally secure.
"The other thing you need to consider is that simply writing an alternating pattern of zeros and ones to a disk is no longer sufficient to "securely erase" a drive. The recent research on the behavior of erase bands of magnetic media recording and the availability of magnetic force microscopy for the analysis of magnetic media suggests the feasibility of a recovery attack on erased data."
There are also some code examples for writing programs that will more securely erase and protect a hard drive from intrusion. These suggestions are certainly meant for the average user looking to protect his or her system from mild intruders, but are an interesting read nonetheless for the security minded.
UPDATE: MacFixIt reader Richard Dalziel-Sharpe suggests "I really think that the only way to securely delete your files is to swap out the drive. If you are moving to a G5 put your old drive into a firewire case and keep it as a backup. Put a new drive into into the G3 and you know for sure where all of your data is and who can access it. It really depends on how paranoid/sensitive you are about your files."
Feedback? Late-breakers@macfixit.com.Resources