Exactly what does PES 8.0 wipe?

One option under PES 8.0 is to wipe the hard disk free space. While all the FAQs and Guides talk about what algorithim to choose, none seem to indicate exactly what is being deleted. Specifically, does the program also wipe cluster tips and or directory entries? You can clean up all the free space on the drive you want with whatever algorithm, but if the offending data is located in the slack space of one of your say .doc files then it is available to anybody you send it to or who steals it, making the cleaning of the empty space on your drive superfluous. I am asking this question because I am a little upset to learn that putting a password into a True Image .tib file only keeps True Image from opening the file and does nothing to encrypt the file so others can't read it. These are the sort of things that should be proactively indicated in the literature of Acronis. We shouldn't have to artfully question Acronis to find out the true security status of our data that we clean with Acronis products. The more we dig around here the less secure I feel.

 

Hello werne,

Thank you for choosing Acronis Privacy and Security Software.

If you delete a file it still can be restored with some special software. Wiping the free space prevents you from doing it. After you wipe the free space with Acronis Privacy Expert Suite you won't be able to restore deleted files by any means. You may see the additional info concerning wiping drives here.

Thank you.
--
Ilya Toytman

 

Most people buy computers to actually do something with them. That means they need to keep a lot of files around on their computer as a result of doing something. Since these files are rarely, if ever, erased, then their needs to be a mechanism to make them more secure. It is not like this is rocket science, since many freeware utilites allow the user to wipe the slack space of files and delete directory entries (e.g. a now rather old utility called Eraser). A more complete solution is needed by Acronis to actually make our computers more secure, rather than just give the appearance of doing so. As I said you can wipe all the free space you want but if you want real security you need a total solution. The first time someone sends a file to his accountant, friend , business partner, etc., that includes proprietary or adverse information is that last time they will feel secure in your products (read buy them). Doing a good job of wiping the empty space on drives is good but will not solve these other problems. This is rather old technology so I don't see any major technological obstacles to implementing a rather complete solution to file security.

 

Privacy Expert is designed to eliminate sensitive personal information that is NOT required to be kept on your PC. This it does well and offers various algorithms for overwriting such data to make it difficult or impossible to recover. You seem to be making a point that it does nothing to protect data that you DO want to keep. Perhaps this will be a future feature but at the moment it's not what Privacy Expert is all about.

If you want to protect the data on your PC then I suggest that you think about encryption as a starting point.

 

Give me a break pkj024 "Privacy Expert is designed to eliminate sensitive personal information that is NOT required to be kept on your PC"; exactly where in the literature furnished to the public by Acronis does it state this? I think most people who buy this program buy it with the idea of eliminating extraneous data from the data they already have (not encryption except in the use of passwords). The solution by Acronis is only the 50 per cent solution as I just want all the extraneous data eliminated. It is not that complicated. There are only so many places that data could be. Anyway encryption will not solve the problem of sending a file to someone else. When the file is decrypted data can still be present that wasn't intended by the sender to be there. If you are going to do something then do it right. Right in this case means not only cleaning free space but slack space and directory entries. To be complete you should also include alternate data streams for NTFS. As I stated earlier. This isn't hard to do since many older problems manage these feats quite nicely. I'm sure the programmers at Acronis can figure it out (probably overnight if that was their desire). Like I said it's not complicated. As for eliminating data that is not on my PC I already have a program for that, i.e., it is called a match and it burns my paper files peachy keen.

 

I never mentioned Acronis literature, I was stating my opinion of what the system is designed to do. If you wish to know what Acronis literature says then this is what is said in the Users Guide --

What Acronis Privacy Expert Suite enables you to clean up.

The suite enables you to remove the evidence of your work in any Windows section. It allows you:

to remove secretly operating spyware threats using the Spyware Removal Wizard
to protect your PC from spyware threats using Spyware Shield
to clean the Internet cache
to delete cookies
to delete downloaded components
to clean up the last visited pages and typed URLs lists
to delete forms autocomplete and password lists for Web sites that require authorization
to delete e-mail messages in Microsoft Outlook and Microsoft Outlook Express and clean up the contacts and address book lists
to remove Windows registry backups that retain evidence of a user’s work with PCs and the Internet
to delete temporary files from standard Windows folders
to delete custom folders/files from any disks connected to a PC
to clean the Windows Recycle Bin
to clean hard disk free space
to clean the Windows prefetch directory
to clean system passwords
to clean the opened/saved files history
to remove evidence from the find files list and find computers list
to block unwanted pop-up ads using Acronis Pop-up Blocker
to destroy securely all data on hard disks or partitions using Acronis Drive Cleanser, if needed
to clean up the Windows paging/swap file using Paging File Cleaner

Acronis PrivacyExpert Suite permanently removes evidence of user PC activity. To clean up a PC, it uses strict methods for guaranteed confidential data destruction that meet or exceed most national/state standards (see Appendix A «Hard Disk Wiping methods» for details).


The reference to cleaning up hard disk free space is referring to unallocated space not unused space contained within existing files. You are wanting Privacy Expert to retrospectively examine your files and clean them of data remnants from the past. I say that's not what the system is designed to do. You say that there are lots of older programs that do what you want so maybe that's what you should use. Once you have cleaned up your files then Privacy Expert will keep them in good shape in the future as all deleted files will be securely wiped by the file shredder, using your choice of data destruction algorithm, and so no data remnants can be present in new files that you allocate in the future.

By the way, I am a user not an Acronis representative and these are my opinions not necessarily endorsed by Acronis.

 

I reread your first reply to make sure I got it right, you stated "Privacy Expert is designed to eliminate sensitive personal information that is NOT required to be kept on your PC". That is an unequivocal statement which I do not believe to be true. I don't know where you got your information but your statement states a definitive fact not your opinion and the only other place you could have got this information is from Acronis sources and I merely stated that I cannot find this in the publicly available literature from Acronis. As a user you should not state as fact about what a program as written by Acronis is or is not designed to do. If you had said that it was your opinion that Acronis PES 8.0 was to designed to do this or that then that of course would be a different matter My opinion is that their program should clean a files slack space, delete unused directory entries, and include alternate data streams for NTFS partitions. You also included this statement which appears to be from Acronis (I could be wrong it could be your opinion again expressed as fact but it just isn't clear so I'm hedging my bets) "Acronis PrivacyExpert Suite permanently removes evidence of user PC activity". In either case that statement is another reason why I think this Acronis product should perform the additional functions that I stated above. I should not have to use additional older products to accomplish what I think Acronis PE 8.0 should do. I believe most users would agree with this statement. They want almost all (I won't say all since that is impossible) evidence of user activity eliminated.

 

That statement was in fact my own interpretation of what the system is designed to do. The reason I subsequently made you aware that I am a user and not affiliated to Acronis in any way is because I didn't want you to assume that I was making official claims on behalf of Acronis.

This forum is read by Acronis and I am sure that they will pay attention to what you have to say. I for one would be happy if your requirements are incorporated in a future release of the software. There can never be too much emphasis on security.

Good luck.

 

Hello werne,

Acronis Privacy Expert Suite 8.0 is designed to remove the traces of user acitvity as pjb024 stated. Also it is powerfull antispyware tool that protects you from a lot of undesirable software. You may read about all the functionalities of Acronis Privacy Expert 8.0 at our site.

Thank you.
--
Ilya Toytman

 

Thank you for that reply Ms.Toytman. I reread the articles that you referenced and neither of those articles nor your replies have directly answered my questions. A very simple two questions: (1) does PES 8.0 wipe file cluster tips and (2) does the program wipe directory entries? I need to know this (and probably others who use this product would like to know) so that I can initiate a complete privacy program on my computer. If PES 8.0 doesn't do this, then I need to use other older programs to completely eliminate extraneous unwanted data from my computer. If PES 8.0 does perform these functions then great I won't have to do worry about it anymore. A specific reply to these questions would be appreciated. Thanks.

 

Hello werne,

Apparently, you are interested in "File Shredder" tool implemented in Acronis Privacy Expert Suite 8.0. It allows you to delete any file or folder so that it cannot be recovered with any recovery software, i.e. you may safely delete your private data in case you don't need it and don't be afraid these data will be recovered. Acronis Privacy Expert allows you to delete files and folders "forever" and even if the disk will be stolen or lost all the deleted with File Shredder tool data on it will never be recovered. Hope this answers your question.

Thank you.
--
Ilya Toytman

 

No, your answer doesn't answer my questions. A file shredder is great if you want to get rid of a file and all it's data. Unfortunately, I and most of the rest of the people on this planet have files with data that they wish to keep and not "shred". We would also like those files to be secure and without extraneous data. I don't know why this is so hard for you to understand but I will try to explain: (1) files are group of clusters on a hard disk (2) file systems depending on how you format them have a certain amount of clusters per file. Say for example 4 kb clusters (3) however, if the file only contains 2 kb of data it will still occupy a 4 kb cluster since that is the smallest allocation unit on that particular disk. Now here is the salient point: those 2 kb of extra space have a high probability of containing data not always associated with that file. Again, e.g., your firm may have a file of the total salary of all employes but the extra "unused space" in the files could contain the financial records of all employees. You could release that information to the public and then someone locates that additional data and it would be absolute disaster for that particular firm. The only way to avoid that is to wipe the "slack" space of those files. Wiping the unused space of a hard does not wipe the slack space of a file, therefore that data still remains. Many older programs recognize this danger and allow for the wiping of slace space as I think PES 8 should but probably doesn't (and I don't know the answer because you haven't answered my question on this subject so far). The other part of my question is whether PES 8.0 wipes directory entries. The reason this is important is that people can sometimes guess the nature of data from the name of the file located in the file allocation table (even if the file has been deleted the name remains unless special measures have been taken to eliminate the name). To make this easy for you, I will post the two questions and the responses that will answer them. First, the two questions: (1) Does PES 8.0 wipe the slack space of files. Please answer Yes or No. (2) Does PES 8.0 wipe directory entries for deleted files. Please answer yes or no. I realize the question two could be a little bit tricky, so it would be nice to know whether PES 8.0 has some utility to utilize after the fact (of deleting a file) to wipe directory entries. By this I mean if you delete a file in non secure manner can you go back and have the directory entry deleted. Thank you.

 

Hello werne,

If you wish brief answers then they are YES for both your questions. You may wipe unused space and you may wipe directory entries. Hope this helps.

Thank you.
--
Ilya Toytman

 

Bottom line is that PE SHOULD wipe file slack space... for complete "unused space" security

Hopefully this will be implemented in a NEAR future build

 

What exactly does PE 'hard disk free space' wipe?
To answer this for myself I downloaded DirectorySnoop 5.0 trialware here: http://www.briggsoft.com/dsnoop.htm

You can run this trialware 25 times before you have to buy it. This is NOT an endorsement of this product, I only mention it as a tool I found to look at the contents of file slack space and any deleted MFT file name entries. There are probably many other such tools available out there.

First, I ran PE to wipe 'hard disk free space' on all partitions/drives.

Results?

1. File slack was NOT 100% conclusively wiped by PE.
Examples: MS Word, Excel files, also some plain text files. I successfully used this trialware to wipe individual file slack for a selected MS doc file and confirmed that the slack had been writted over with zeros.. something PE did NOT do.

2. I found file names that were NOT wiped from the MFT by PE.
For deleted files whose clusters were not being re-used, I was able to use this trialware to successfully UNDELETE them AFTER performing a PE hard disk free space wipe.

So for me, the answers seem to be NO and NO??

 

Hi mark7,

When you wiped the free space which method did you choose?

 

I used the "fast" method, which is stated to overwrite all data with zeros using a single pass.

I looked for two results: (1) PE hard disk free space wipe would overwrite the file slack space with zeros (I was hopeful PE would handle file slack), and (2) PE would, at the very least, overwrite deleted file names in the MFT.

As per my prior post, PE disappointed me on both counts

PE left slack unchanged, and I was able to restore deleted files that were present in the MFT as "deleted" as long as their clusters had not been subsequently re-used.

(PE Suite 8.0 build 714)

 

When you wipe free space it is the unallocated space that PE wipes and that does not include file slack space. Perhaps this will be a future feature if Acronis see that it is a customer concern.

I wonder if the files that you could undelete were still readable or were they containing the zeros you had overwritten them with? If they are still readable then one of the other more secure methods of overwriting may prevent the original data being recovered. If the files can be recovered but not the data they once contained then that is still a measure of security.

 

Hello all,

First of all, please download the latest (734) build of Acronis Privacy Expert, which is available on our web site at http://www.acronis.com/homecomputing/support/updates/. To get access to updates you should register your software first at http://www.acronis.com/my/products/registration/. Please disable any download managers, internet download/connection boosters, etc. before the download.

Please note that free space includes file slack space and if something was not deleted please let us know how exactly you tried to do that and what makes you think that some data wasn't deleted after using Acronis Privacy Epxert Suite 8.0. I will certainly forward this information to our Development Team and they will fix the problem.

Thank you.
--
Ilya Toytman

 

Actually, pjb024 was partially right when he said "When you wipe free space it is the unallocated space that PE wipes and that does not include file slack space". The reason is because of the extremely ambiguous answers that Ms. Toytman has given to my questions. Even the last answers of Yes and Yes were ambiguous because the statement that followed those seemingly ambiguous answers indicated she didn't understand the questions. So one could understand why pjb024 thought as he did. However, Ms. Toytman's immediate previous comment isn't ambiguous and definitely answers the question. Of course mark7s experiment now brings into question whether what Acronis says the program is supposed to do actually does it. I guess more experimentation is in order.

 

the experiment continues...

WinXP Pro
NTFS file structure
PE 8.0 build 734 (latest) this time...

[For this test, I used *other party s/w* to erase/view unused clusters, cluster tips (file slack space), and MFT directory entries]

1. Started with a clean drive. Cluster tips and deleted file names in MFT directories were wiped with zeros (not with PE).

2. Opened IE to my default page (www.cnn.com). Closed IE after the page loaded (note: MS Internet Properties > Advanced settings set to NOT delete temp files when browser is closed).

3. Confirmed that the folder "C:\Documents and Settings\xxxxxxx\Local Settings\Temporary Internet Files" still contained files, and that these files could be opened.

4. Ran PE 8.0 build 734 Internet Cleanup using fast destruction method.

4a. Directory entries for all Temporary Internet Files remained (as deleted files).

4b. Byte level content for all Temporary Internet Files were wiped with zeros, but cluster tips were not wiped. Several files were checked. Specifically, the file "entertainment(1).gif" with a size of 661 bytes contained byte values of "00" for everything up to byte 661. Bytes 662 to 4080 (NTFS 4K cluster size) should have also contained all "00"'s if cluster tip had been wiped.... this byte range contained many non-zero values.

5. Ran PE Hard Disk Free Space Cleanup to see if this provided more cleaning than the Internet Cleanup task.

5a. Directory entries for all Temporary Internet Files remained (as deleted files).

5b. File content was wiped with zeros, AND cluster tips were wiped with zeros.

Conclusion: Cluster tip wiping worked with PE build 734 on WinXP with NTFS file structure when PE "Hard Disk Free Space Cleanup" was used, but not when PE "Internet Cleanup" was used.

However, directory entries (file names) for deleted files remained regardless of which cleanup task was used.

I think that PE "Internet Cleanup" should wipe cluster tips in the same manner as PE "Hard Disk Free Space Cleanup".

Also, I think both these tasks should wipe file names for deleted files.
PE "Internet Cleanup" should wipe the file names for deleted Internet files it wipes (cache, cookies, and history, as applicable).
PE "Hard Disk Cleanup" should of course wipe ALL deleted file names.

..whew.. restoring my clean image now...

 

You have done a lot of work testing out PE and it's interesting to see your results. I don't think it's a good idea that PE should wipe cluster tips during the internet cleanup as you suggest it should. That would significantly increase the time to complete internet cleanup and it's an unnecessary step. I think that you only need to wipe free space once, which includes cluster tips. Subsequently, provided you delete files using PE's shredder, cluster tips will never contain any data from deleted files and therefore it's not necessary to keep repeating that step. You should only need to clean free space once to get your system clean. Do you agree or am I missing something?

 

I am not an "expert" in hard disk security, only somewhere between novice (read: inherently dangerous) and intermediate, so if I toss out a curve, feel free to straighten me out . I remember the days of Win95 when BCwipe v1.something and Norton diskedit were sufficient to wipe and verify w/FAT16 volumes

Here is what I would consider to be "free disk space":

1. Unallocated disk clusters
2. Cluster tip area for allocated file clusters
3. Deleted file names and directory entries, including MFT records
4. Alternate Data Streams (ADS) on NTFS volumes
5. Anything else the Experts can think of

I was reading last night that wiping ADS was identified as unsupported a while ago (sorry I don't recall the timeline.. I think it was an older article from 2002?) when it was noticed that no consumer s/w products wiped ADS on NTFS volumes. Developers then responded by implementing ADS wiping, with varying degrees of success.

Personally, I don't mind if PE Internet Cleanup task only deletes files without wiping anything, saving the intensive wiping for the Hard Disk Free Space task.

(edit/) Wait... I am backing off from what I said in my previous post (LOL)! Not fully wiping Internet files (incl. cluster tips and directory/MFT entries) would not be the best way to approach it IMO, but I could "live with it".

I would still prefer a FULL wipe of Internet files, and would not mind the extra time it took. With 4K clusters on NTFS, I don't see how this extra time would be significant (/edit)

At the very least I would like to wipe all "free disk space" (see above) with PE's Hard Disk Free Space task before imaging my disk (with TI, of course ).

 

I'm a little concerned that this issue still hasn't been addressed. Mainly the issue with Master File Table (MFT) records and Alternate Data Streams (ADS).

I just tested this myself using O&O UnErase and indeed, no matter which method is used in Privacy Expert Suite, MFT records are not wiped.

Can you please respond to this Ilya Toytman? I'd just like to know if the program is working as intended, and if so, are there plans to include this in a future build?

Acronis has a very good reputation with True Image and Disk Director. I hope they do not tarnish their image with Acronis Privacy Expert Suite by neglecting this very important area of properly destroying data.

 

Well, it's been a few s/w builds since I last tested this (734), so I decided to experiment again and see if PE 8.0 would now "clean" MFT entries for deleted files.

Here again are the details:

WinXP Pro SP2 (all critical updates)
NTFS file structure
PE 8.0 build 748

Started with a clean drive. Unused clusters and cluster tips wiped with zeros. Also, all deleted file names in "C:\Documents and Settings\xxxxxxx\Local Settings\Temporary Internet Files" folder's MFT were wiped with zeros using *other software*.

QUESTION: Does PE 8.0 build 748 "Internet Cleanup" clean MFT entries?
ANSWER: No

1. Opened IE to www.cnn.com and then closed IE after the page loaded (note: MS Internet Properties > Advanced settings set to NOT delete temp files when browser is closed).
2. Confirmed in Windows explorer that the folder "C:\Documents and Settings\xxxxxxx\Local Settings\Temporary Internet Files" still contained files, and that these files could be opened.
3. Ran PE 8.0 build 748 Internet Cleanup using fast destruction method.
4. Directory entries for all Temporary Internet Files remained in MFT (as deleted files).
5. I could "restore" these files, retaining name and "size" information, but at least to PE's credit all byte values in the file cluster(s) were zero.

- - - - - - - - - - -

QUESTION: Does PE 8.0 build 748 "Hard Disk Free Space Cleanup" clean MFT entries?
ANSWER: No

1. Ran PE Hard Disk Free Space Cleanup to see if this provided more cleaning of deleted MFT entires than the Internet Cleanup task.
2. Directory entries for all Temporary Internet Files remained in MFT (as deleted files). Again, I could "restore" these files, retaining name and "size" information (but again, all byte values in the file cluster(s) were zero).

- - - - - - - - - - -

CONCLUSION: MFT entries for deleted files still remain regardless of whether "Internet Cleanup" or "Hard Disk Free Space Cleanup" was executed.

This is like cleaning out your refrigerator, but leaving the labeled, empty jars still in it. Hey, I can see what brand of orange juice you buy

PE "Internet Cleanup" should wipe the MFT file names for deleted Internet files it wipes (cache, cookies, and history, as applicable).

PE "Hard Disk Cleanup" should of course wipe ALL deleted file names.