Is 'secure empty trash' really secure?

[Bitzomondo]

I always wondered if "Secure Empty Thrash" really killed definetly the information. Can the documents be retrieved again by a special software?

I mostly have xcel and word docs with sesitive financial data on and our office space has a full glass window facing the street - so the contents of the office is visible from outside. We have an alarm installed, but burglary always happens.

Should I feel safe with the thrash or can you advise me a good 'digital shredder'.

Thanks.

[tbsingleton73]

Could you not use "Secure Empty Trash" then use Disk Utility to do either a 7-pass or 35-pass to securly empty free space using the "Erase Free Space" option?

Are your user login protected by password as well? Do you shut-down the computers at night so if anyone who would steal them would be required to login?

[ldrury]

The question begging to be asked is - how secure is the data you haven't deleted yet??? I believe secure empty trash is pretty good...

[Bitzomondo]

How do I use disk utility to do a 7-pass or 35-pass?

Our data is sensitive & we want it 'definetely' erased when we empty the thrash. We have 2 G4s and a 1 G5.

For the moment we rely on secure empty thrash, but if this is not secure we have to adopt a different method.

[cwtnospam]

I doubt anyone can demonstrate a way to recover files that have been secure erased without sending the drive off to recovery clean labs. Even then, I doubt they'd get the info off. Write over the info once and it's going to be a tough job recovering it. Write over it as many times as secure erase and it's pretty well gone.

[voldenuit]

Spook agency-like enemies would probably break into your home/office without you ever knowing rather than go to the trouble of reconstructing once overwritten data on a disk they'd have to get their hands on anyway.

Unless you've got a pretty well thought out overall security system, preferably independantly audited, anything more than secure delete is fooling yourself into an illusion of security you don't really have.

[hayne]

I have no personal experience with "secure empty trash" or with 'srm' (the low-level program used by "secure empty trash") nor any particular knowledge about it more than what can be gained by reading 'man srm'.

However, there are a couple of things that I noticed when investigating a bit in response to this thread that make me slightly unsure about how secure it really is:

1) In the README file that is part of the source code available from Apple ( http://www.opensource.apple.com/darw...ce/10.4.5.ppc/ ), I see that it says:

Quote: All users, but especially Linux users, should be aware that srm will only work on file systems that overwrite blocks in place. In particular, it will _NOT_ work on resiserfs or the vast majority of journaled file systems.

That is a concern since most OS X systems now use a journaled file system. I find it hard to believe that Apple would have this as a feature in Finder if it really didn't work - so this is probably a documentation bug. I.e. I suspect that the above comment in the README does not apply to the journalling used in OS X's HFS+

2) On the 'srm' sourceforge page (http://sourceforge.net/projects/srm), I see that there is a Feature Request for support for resource forks. The comments in that feature request make it seem that resource forks are not subject to secure delete. This might be a concern for some type of files.

In spite of the above concerns, I suspect that "secure empty trash" will be more than sufficient for your needs.
I agree with the above posters that you ought to worry more about other aspects of data security.
For example, you ought to be keeping all sensitive documents on encrypted disk images that are only mounted as needed and whose passwords are not stored in the keychain.

[edit]The README file that I referred to above does not show up on Apple's web page listing the individual components of the 'srm-3' project. But it is part of what you get when you download the srm-3.tar.gz tarball
[/edit]

[giskard22]

I think Secure Empty Trash does the same thing as the 'srm' command, but there's no way to configure it. srm lets you do any of 1, 7 or 35 passes. I have no idea what the Finder's command is actually doing. You'd have to do some time trials against a fixed-size file to figure it out.

[hayne]

Quote: Originally Posted by giskard22 srm lets you do any of 1, 7 or 35 passes. I have no idea what the Finder's command is actually doing. You'd have to do some time trials against a fixed-size file to figure it out.

If you do "Secure Empty Trash" while running the following command in a Terminal window:

Code:

while ((1)); do  ps -axww | grep '[s]rm'; done

you will see that Finder apparently uses 'srm -m'
I.e. it uses the 7 pass version.

[DarrellGreenwood]

Quote: Originally Posted by Bitzomondo For the moment we rely on secure empty trash, but if this is not secure we have to adopt a different method.

As noted above Secure Empty Trash uses the open source utility srm (enter 'man srm' in Terminal for details) to accomplish its file deletion. It is secure.

From http://tinyurl.com/kl3me

"Mac OS X 10.3 and later actually provide the ability to securely delete files. Simply move the files in question to the Trash, and then choose Finder -> Secure Empty Trash. Not only will the files currently in the Trash be removed from your hard drive’s directory but the blocks on your drive on which those files resided will also be overwritten seven times with random ones and zeros in order to prevent them from being recovered. (According to Apple’s Mac OS X Product Manager, “This method follows the U.S. Department of Defense standard for the sanitization of magnetic media in ‘DoD 5220- 22-M: National Security Program Operating Manual.’” In other words, it should be good enough for you and me.)"

Note that copies of the file written to Virtual Memory during editing can exist independently of the file you wish deleted so System Preference -> Security -> 'Use Secure Virtual Memory' checkbox should be checked if you are concerned about security.

Cheers,

Darrell

[Bitzomondo]

Thanks for the numerous replies.

Quote: Note that copies of the file written to Virtual Memory during editing can exist independently of the file you wish deleted so System Preference -> Security -> 'Use Secure Virtual Memory' checkbox should be checked if you are concerned about security.

In 10.3.9: System Preference -> Security: takes me to File Vault and there is no check box for Use Secure Virtual Memory.

What system are you on?

[hayne]

Quote: Originally Posted by Bitzomondo there is no check box for Use Secure Virtual Memory.

That's a Tiger (10.4) feature.

[Old Toad]

I use SafeShred for sensitive documents. It has several options one of which is the DOD standard 5220.22M (use a character, it's complement, then a random character). YOu can also set the shredding level from 1 to 20. I have an alias of that on my desktop and drag any file I what to shred onto it. It's pretty much automatic from there.