New best shredder

Discussion in 'privacy technology' started by Devil's Advocate, Dec 23, 2006.

Thread Status:
Not open for further replies.
  1. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Anyone tried Shred Agent file shredder utility at
    http://www.shredagent.com/

    It looks great, my concern has always being with the dozens of temp files created and deleted by Office Word, Excel nowhere for the shredder to get them. AKA "Any files that are deleted by program, but not by use"

    I wipe frees space of course but that is not a complete solution.

    Shred agent seems to solve that problem, but i wonder how shred agent knows what to shred?
     
  2. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    :rolleyes: I don't get it.

    True, dozens of programs create and delete temporary files by themselves, so if you delete just the file AND the temporary files that are still present it won't be enough, because the temporary files that were deleted by the application have written sensitive information on other disk areas.

    Since these disk areas were not "wiped" (securely overwritten), then they can be easily recoverable... that's a given... and that's what "wiping free disk space" is for. So what is he trying to say by:
    Is he saying that if you don't delete the temporary (ie, the Cache) files, you won't protect your privacy if you overwrite the free disk space? Well, DUH...

    I have no idea what the author is trying to say here... it sounds like marketing bull to me.
     
  3. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    I agree, my guess he is saying (badly) that you can't wipe freespace all the time (or maybe you can but not all of it at the same time, it takes me a while to do it). As such There will be a period between which you wipe the freespace and when you are vulnerable. The whole "hundreds temporary files per hour" thing i guess is referring to the fact that you need to wipe the freespace every hour or something...

    Plus sometimes when i wipe freespace despite my best efforts some sectors are locked so who knows if i really got them all.

    But the author of this app is posting here, so he can answer himself.
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Interesting topic.

    Can you explain here - by "vulnerable" do you mean someone could sit down at your computer and read files on your freespace?
     
  5. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    Another scenario would be the Fed/terrorists/enemy breaking in and grabbing your computer.

    Someone sitting down and running a undelete program could work too of course.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    While Deep Freeze is usually touted for its security (malware removed on reboot) another advantage is that you don't have to do maintenance on a frozen partition, so that if Office is installed on a frozen partition, all temp files would not remain on reboot. Naturally, you save your data files to a thawed partition.

    Same with the browser - cache files don't remain on reboot. For those who use IE, that means the Index.dat file stays empty.

    From what others say about how sand box progams work, I would think that you could set up something similar.
     
  7. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    With Iolo's Search and Recover you can find all deleted files and then "terminate all" making them irrecoverable.

    It doesn't seem to overwrite them and I don't really know how it works.

    If you use a program such as eraser that overwrites free space, Search and Recover will flag all the overwrites as deleted files and can terminate those as well.

    http://www.iolo.com/customercare/kbarticle.aspx?id=KBA-01455

    Quote :

    If you are concerned about file security on a daily basis, you should understand that deleting a file or folder, emptying the recycle bin, and defragging your hard drive, do not erase the contents of deleted files.

    To demonstrate this point, try copying some larger files to a storage device like a diskette. You will see it takes a long time to copy. However, if you then select the copied files and delete them, you will see the operation happens instantly.

    So, what accounts for this discrepancy in time?

    The answer is straightforward: the operation system did not actually erase the contents of the deleted files as the user intended. Instead, it only erased the file's index in the Master File Table, leaving this information retrievable by anyone who has access to the disk.

    This occurs because when a file or folder is stored on a computer, its data is stored in two places. Indexing details such as the file name, size and creation date are stored in a Master File Table, while the contents of the file are stored on the free space area of the disk or the file clusters.

    So, in our example, when you copy a file to a diskette, the filename is first entered into the Master File Table and then clusters are set aside for storing the actual contents of the file. The process of copying the contents of a file to clusters is the time-intensive step of the file storage procedure.

    In contrast, file deletion appears to occur almost instantaneously, because, in actuality, only a few bytes are altered in the Master File Index. This is why deleted files can easily be undeleted.
     
  8. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    I don't know enough about Deep Freeze to know if the reboot gets rid of the staff...so it cannot be recovered. Do you?

    Remember the question isn't about whether deep freeze can get ride/remove malware, but how it gets rid of them.

    For all you know it works just like a normal file delete, so can be recovered as usual. Same thing for all those VM snapshots etc.

    Well the simplest example is Sandboxie. It works to a degree, though you have to use your own secure eraser to remove the files cos the built in one
    doesn't.

    PS If you guys think it's a scam, so be it. I'm just trying to generate discussion.
     
    Last edited: Dec 24, 2006
  9. Sam Miller

    Sam Miller Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    22
    Thank you for introducing me to this forum community. I’ll be glad to answer any questions.
     
  10. Sam Miller

    Sam Miller Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    22
    The problem is not that someone will be trying to recover files every hour. The problem is that due to continuous file modifications some data will never be deleted in secure way. Because, some sectors are “locked” due to some reasons (related to another file, related to file that is in use).
     
  11. Sam Miller

    Sam Miller Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    22
    More often, someone steal your notebook computer. Assume that you were keeping you data at secure encrypted disk, but it will still be possible to undelete some important data. The biggest security issue is that these files could contain cached passwords that will give an access to your documents and internet accounts.
     
  12. Sam Miller

    Sam Miller Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    22
    One more thought...
    There are a lot of ways to make your data more secure, Shred Agent is a good option as it's stays in background and doesn't ask to do anything to make deletion secure, this program just do it itself. Actually, it’s a good choice for these users who don’t know much about file security.
     
  13. Devil's Advocate

    Devil's Advocate Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    549
    exactly. Didn't I say that already? Edit: never mind it seems i didn't

    I close everything down, and there are still locked stuff. is there anyway to avoid this?

    Also you didn't answer my question in my first post.
     
  14. Sam Miller

    Sam Miller Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    22
    Yes, exactly. I've just confirmed that you are right! By the way, some shredders simply report that everything was wiped, but actually they forget to tell about data that they couldn’t access.

    This will not help much as many programs are running as so called system drivers, user you even not see them in Task Manager. Also, Windows itself (desktop) is an instance of Internet Explorer.

    There is another way - do wipe free space when Windows is not booted, I mean doing it from some DOS program at floppy disk. But some data is locked in FAT table and it will not be accessible as well as from Windows.


    And about the question that I missed first:

    Few words about how files are managed in Windows. Programs don't access hard disk directly (by sectors, clusters and so on). Most programs, such as Word or Excel send a request to Windows, something like "DeleteFile('c:\file.txt')", Windows handles the rest of the job. It shows the deletion dialog if needed, it puts file into Recycle Bin and so on.

    Shred Agent captures all requests to delete or move (actually "move" in Windows means "copy" + "delete") files in Windows. Technically, it's realized as a system driver, this gives Shred Agent the access to necessary functions.
     
  15. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    No, I don't know how it works, but this is from their web site:

    By original, I assume that nothing written before reboot will remain to be recovered. Original implies source, not a copy, so couldn't include anything else.

    I wrote Faronics a couple of years ago asking about similarities to ShadowUser, which creates a snapshot. They replied,

    That's all I know.

    -rich
     
  16. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I would be more concerned with a common thief stealing the computer. One option is to have a removeable carriage which you store elsewhere at night and when away. I replace mine with another carriage/HD that has nothing on it.

    I would hope that everyone's computer is set up to make it almost impossible for someone to just sit down and run such a program.

    -rich
     
  17. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Several businessmen/women I know keep such data on a USB stick rather than on the HD of the computer. Securing the stick presents is own problems, of course, but less likely to be targeted, as would be a laptop.

    -rich
     
  18. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    hooking API calls?
     
  19. Sam Miller

    Sam Miller Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    22
    Yes, exactly.
     
  20. Sam Miller

    Sam Miller Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    22
    Sure, this is very good idea. Also, it's a good idea to store files on-line (you will never loose such files), but people tend not to follow good ideas and we often read in news that notebook with important data was stolen…

    I think one should be concerned about data security and there is now way to protect yourself for 100%, but combining different tools will give a good result.
     
  21. true north

    true north Registered Member

    Joined:
    Dec 14, 2006
    Posts:
    159
    Sam Miller,
    what do you mean by that:

    "I think one should be concerned about data security and there is now way to protect yourself for 100%, but combining different tools will give a good result."

    Could you give us some recommendations about this different tools??

    Thanks
     
  22. Sam Miller

    Sam Miller Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    22
    As for file security:
    1) Keep your files in secure place (TrueCrypt, freeware tool is great for this purpose);
    2) Use file shredder, to make it impossible to recover your files;

    As for other security tips, I'd recommend:
    1) Use different passwords, not just one for all tasks;
    2) Use some firewall (if you are using XP, the newest versions already has a firewall);
    3) Use some popular anti-virus. Viruses is not a problem, if you don't open attached files, but some spyware that steal your passwords might be a problem.

    I think this is enough.

    P.S. And sure, don't forget backup you data regularly.
     
  23. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Here are some tools
    1.A tool for wiping index.dat files http://support.it-mate.co.uk/?mode=Products&p=index.datsuite
    2.Clean cashe 3.5 http://www.buttuglysoftware.com/
    3.Eraser http://www.heidi.ie/eraser/
    4.Truecrypt http://www.truecrypt.org/
    All freeware
     
  24. true north

    true north Registered Member

    Joined:
    Dec 14, 2006
    Posts:
    159
    Hi there,

    What about this special cleaning tool:

    R-Wipe and Clean 7.0 --- see: www.r-wipe.com o_O

    Thanks for your opinion.
     
  25. Sam Miller

    Sam Miller Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    22
    Tools like this combine file shredder and so called "system cleaner". For instance, you can clean your Internet Explorer or FireFox cache yourself, but tools like this make it quickly. We also have something similar - QuickWiper, it suggests some system clearing and file wiping. But QuickWiper (as R-Wipe and other tools in this price category) lacks important feature - to wipe a file you will need to point a program to a certain file. That’s why background mode file shredder is better.

    Cleaning recent files? - It’s a good idea, as it makes harder for possible intruder to locate important files, but there are recent files not just in Start > Recent, but in most other programs. By the way, we have released a RecentCleaner 1.2 yesterday, sure it doesn't support everything, but the most popular programs. If you download it and try to generate report, you will see what data it is possible to recover from recent files.
     
Loading...
Thread Status:
Not open for further replies.