Daily Cup of Tech

I’m sure many of you have considered donating your old computer to a school, church, or other non-profit organization. While I encourage you to do so (tax writeoff!), you need to be aware of the potential danger to your personal security if you do so.

Preparation ends at deleting personal files? Not so much…

Of course, the first thing that comes to mind when donating or trashing an old computer is “I’d better delete my files”. While this is obviously a splendid idea, make sure that you are making every effort to protect your privacy by understanding what ‘delete’ means.

In the Windows world, when you delete a file or folder from your computer, they are essentially “marked for deletion” - think of it as taking the label off of your videocassette (ah, memories…) with your favorite episode of say, ‘Falcon Crest‘, but not actually re-recording over it until ‘TJ Hooker’ is on later during the week.

When a file is marked for deletion, it tells the operating system that “this block is available if you have anything to write here”. However, your OS may have plenty of other blocks to write to before writing something in this newly available block (in keeping with our example, you have plenty of new blank tapes to record “The Hook” on, so you decide to use those first, instead of compromising video quality on a pre-used cassette). So in essence, your data is still there on your drive, ready to be restored at any time; a number of utilities exist, free and payware, with the ability to restore your deleted data quite easily, and by computer-novices.

Case in point:

I worked for a large corporation as a desktop support agent. One of my younger colleagues forgot to back up a computer before loading a new cloned image on the PC, essentially overwriting all the data from the previous configuration.

Or, so he thought.

In an act of desperation, I ran a Norton file recovery and undelete command on the drive, and was able to restore EVERY file from the previous configuration (probably saving my young friend his job!).

Things you can do to help yourself:

• Get the help of a techno-nerd friend to securely delete your data. Entice him/her with pizza and gift certificates to NewEgg.com if necessary.
• Use an encrypting container to house your sensitive data (for example, CryptArchiver Lite or CryptainerLE, There are many others).
• Delete your files using a secure erase program (see below)
• Defrag your hard drive often, especially after you uninstall a lot of software, or delete large amounts of data. This will overwrite the empty blocks quicker (if the amount of data surpasses the point on the drive where your deleted file was located). This is not a surefire method, but it will enhance your performance in addition to latently increasing the chances you are overwriting your ‘marked’ files.
• If you are trashing your computer and no longer need the hard disk, remove and smash it with a large hammer. Seems a bit barbaric, but it is extremely satisfying. If the hard drive is sizable enough, consider buying an external USB enclosure and using it as a backup drive.

Giving can be a wonderful thing; it gives you that warm-fuzzy feeling when you’ve done something nice…don’t let one second of that familiar “oh…no…” moment (you know what I’m talking about) ruin your “feel-goodiness.”

You’ve done something nice, enjoy the feeling!

Secure file erasure:

• Eraser
• Super Shredder

File/Folder/Disk wipe:

• SDelete (command-line)
• Paragon Disk Wiper

Recommended reading:

• TechSoup.org: Ten Tips for Donating a Computer
• Findlaw.com: Responsible e-Waste Removal

If you found this post useful, why don't you buy me a cup of coffee to show your gratitude?

Trackback link - http://www.dailycupoftech.com/2007/05/17/donatedtrashed-a-computer-your-data-may-be-at-risk/trackback/

 

8 Responses to “Donated/Trashed a Computer? Your Data May be at Risk.”

1. The Fieldhouse Says:
   November 30th, 1999 at 12:00 am

   Security Is About Being UnattractiveI Think I Have A Virus: Now What?Tech Blog of the Week: Schneier on SecurityA More Secure Home WiFi DesignThe Anatomy of a VirusHigh End Router, Low End HardwareRemotely Accessing ComputersDonated/Trashed a Computer? Your Data May be at RiskWindows Update On A DiskStories of Identity TheftDCoT Helps Find Lost ChildHow Jared Was Hacked!E-Mail Request: USB AntivirusThe Vista SkipRearm DebacleMake Vista Less AnnoyingTorpark 2.0.0.2a Released

2. Christoph Says:
   May 17th, 2007 at 7:26 am

   Here’s a good secure formatter.
   
   Five different wipe choices.

   Supposedly, one could still read the data even after numerous wipes with an electron microscope. But no commercial recovery company has that ability.

3. Improbus Says:
   May 17th, 2007 at 8:43 am

   I use a program called Boot and Nuke

4. phil Says:
   May 17th, 2007 at 10:29 am

   I use and recommend Darik’s Boot and Nuke (aka DBAN), available from Sourceforge. Free, easy, effective. Zeros a drive so that no casual recovery is possible. (It’s probably not proof against NSA-level recovery techniques, but if you’re worried about that, you should already know how to destroy the disk.)

5. Rob Dunn Says:
   May 17th, 2007 at 4:32 pm

   Yeah - there are a lot of tools out there that can do this…The nice thing about posts like this is that everyone can bring their feedback as to what tool they like and why.

   The link at the end of the article entitled “Ten Tips for Donating a Computer” also has a good list of tools.

   Rob

6. My Word Says:
   May 17th, 2007 at 7:51 pm

   sure many of you have considered donating your old computer to a school, church, or other non-profit organization. While I encourage you to do so (tax writeoff!), you need to be aware of the potential danger to your personal security if you do so. Read on

7. David Williams Says:
   May 18th, 2007 at 12:59 am

   Freeware is a wonderful thing for those just looking for a little “assistance” at home, but in reality, you want to use a data erasure software that gaurantees 100% erasure. I happen to work for the market leading company Blancco Ltd. that not only provides gauranteed erasure, but provides users with a certificate report itemizing Hardware Asset Management, Existing Software (and version), and erasure details including what type of erasure was performed (ie. DOD, NSA, etc), and you can select how many times you want the drive overwritten. Furthermore, this software has been tested by over 16 forensic labs internationally, that have never been able to recover any data whatsoever. There are tons of solutions out there, but people need to make sure they get the right one before donating their computer to an org that gives it to a 12 year old prodigy that begins buying new toys with hidden credit card numbers. Do your research…My two cents.

8. Rob Dunn Says:
   May 18th, 2007 at 8:19 am

   David, thank you for your comments! If you read the recommended link (..tips for donating a computer), you’ll see that your product is at the top of the commercial offerings

   With that said, you are definitely right, you should always do your research. For most of us, if we are in doubt and are throwing away the computer, a hammer and a couple glasses of a high-fructose-filled soft drink (good project for the kids!) should be a more than adequate way of securing our data

   Usually I recommend freeware since that is what many of us can afford, but I’m glad others are commenting on what they’ve used and the success rates they’ve had…

   Thanks again for the plug on your software - After doing some reading, it seems your product is quality, with the only complaints being that people were unsure of the methods being used to overwrite the drive - - but if the end result is security, I don’t know if I care!

   I’ll be sure to “put the word out” if anyone asks me about a suggestion for commercial software.

   Best,
   Rob

9. Rex Choi Says:
   May 18th, 2007 at 12:07 pm

   Might I suggest a utility that calls the Secure Erase command built into most newer (post 2001) ATA drives which has been proven to be faster and more secure than most DoD 5220 Block data wipe/overwrite utilities?

   http://cmrr.ucsd.edu/Hughes/SecureErase.html

   You can also read a bit more on the NIST publication 800-88 “Guidelines for Media Sanitization”

10. Michael Durnack Says:
    May 18th, 2007 at 3:33 pm

    At the cost of used equipment and the concern of theft, I agree the best way is as Rob said a hammer and the kids! I wouldn’t let mine do it because they would end up in the emercency room.

    What I have done with every PC I have disposed of is removed the hard drive and safely drilled multiple holes through it. I cannot justify personally, all the hassle and worry if it worked.

    Ask yourself if it is worth the cost of any form of identity theft.

    The best defense for identity theft is self defense.

11. Confessions of a freeware junkie Says:
    October 1st, 2007 at 8:46 pm

    will end up in a new physical location on the disk, with elements of your old file still in place (otherwise known as “file fragmentation”). It isn’t hard to see that this can easily work against you. I wrote an article for Daily Cup of Tech entitled”Donated/Trashed a computer? Your data may be at risk!”, which summarizes about what you can do to protect your personal data if you throw away, sell, or donate your hard drive/computer. So, it may be in your best interest to download and use a tool like Eraser which can use a variety of methods to

Leave a Reply