Not sure I understood your answers properly, but are you people sure that secure delete doesn't just secure delete all spots marked empty, compared to just the spot that file occupied last? In other words secure erase free space. Wouldn't that be quite secure? I do realize that professionals can find magnetic traces on even already writen over spaces, but wouldn't that still give proper enough security for normal use?
You're confusing "secure erase free space" with "secure delete file".
Yes, I totally did confuse things, and I apologise, but I try again, why do they have secure delete file, if "Empty free space" is what they should do in the first place? Doesn't "Empty free space" secure clear all unused sectors? So it erases these remains of auto defrag?
Also bit off topic, doesn't auto defrag really touch any files that are bigger than 20megs? In todays world almost anything is bigger than 20megs. Is it possible to manually force defrag?
The reason there's two separate options is that secure erase empty space takes half an eternity. When all you want to do is securely get rid of a file or a folder, secure remove (srm) is a lot, lot faster (even if it isn't quite as safe, as demonstrated in this thread).
And yes, defragmentation is limited to files below 20 MBs. Above that threshold, it would take long enough to actually negatively impact working performance.
When I travel with my iBook I have my passport and stuff saved in an encrypted disk image with a 20+ character password. I think turn file vault on and have a big long password with it.
I don't want some terroists stealing my computer and using that crap for evil.
Any free apps out there that wipe clean your hdd?
This seems like a complicated problem, I never thought about the spotlight pointers.
Quote:
Originally posted by Brian Green
The question I have about this is, is Apple aware of this, and can they fix secure delete to address all of the security problems discussed so far in this thread?
Seems to me that it's a very useful feature that ought to be toughened up to really be secure. I don't have enough knowledge on this topic to write to Apple and ask for this feature to be looked at and improved. Has anyone contacted Apple with their concerns on this security matter?
When I travel with my iBook I have my passport and stuff saved in an encrypted disk image with a 20+ character password. I think turn file vault on and have a big long password with it.
I don't want some terroists stealing my computer and using that crap for evil.
Any free apps out there that wipe clean your hdd?
This seems like a complicated problem, I never thought about the spotlight pointers.
Wouldn't partial solution be turning spotlight indexing off for the directory, and then re-building spotlight index?
I think turn file vault on and have a big long password with it.
And there is a problem with that also. When *first* encrypting a home directory, the unencrypted version is deleted normally, so it is not really secure. This was certainly a problem with 10.4.0 I think an update later fixed this problem, not sure.
When I travel with my iBook I have my passport and stuff saved in an encrypted disk image with a 20+ character password. I think turn file vault on and have a big long password with it.
I don't want some terroists stealing my computer and using that crap for evil.
Any free apps out there that wipe clean your hdd?
This seems like a complicated problem, I never thought about the spotlight pointers.
Disk Utility does the job by erasing your free space. You just have to think about where your data is or how it got to where it is.
1. download a file or save a file form a program to your normal HD space then that file is unencrypted
2. if this file is under 20MB, it will be defragged on the fly and parts copied over your HD
3. if this file is saved to a directory spotlight indexes, some or all of the file will be indexed
If you then decide to encrypt this file and secure delete, parts 2 and 3 mean recoverable elements may still exist. Cleaning your free space should remove those, although filename fragments may be recoverable in the drive database.
As long as the file remains on the encrypted disk, it won't be indexed and only the encrypted image will be defragged if under 20MB. If it defragged the contents of the image, it would do so in the encrypted space.
To avoid having to erase, you can save files directly to encrypted disks.
BTW, I wouldn't use filevault. It uses a sparse image which can get corrupted after a crash.
Comments
Originally posted by Chucker
You're confusing "secure erase free space" with "secure delete file".
Yes, I totally did confuse things, and I apologise, but I try again, why do they have secure delete file, if "Empty free space" is what they should do in the first place? Doesn't "Empty free space" secure clear all unused sectors? So it erases these remains of auto defrag?
Also bit off topic, doesn't auto defrag really touch any files that are bigger than 20megs? In todays world almost anything is bigger than 20megs. Is it possible to manually force defrag?
And yes, defragmentation is limited to files below 20 MBs. Above that threshold, it would take long enough to actually negatively impact working performance.
I don't want some terroists stealing my computer and using that crap for evil.
Any free apps out there that wipe clean your hdd?
This seems like a complicated problem, I never thought about the spotlight pointers.
Originally posted by Brian Green
The question I have about this is, is Apple aware of this, and can they fix secure delete to address all of the security problems discussed so far in this thread?
Seems to me that it's a very useful feature that ought to be toughened up to really be secure. I don't have enough knowledge on this topic to write to Apple and ask for this feature to be looked at and improved. Has anyone contacted Apple with their concerns on this security matter?
Originally posted by aplnub
When I travel with my iBook I have my passport and stuff saved in an encrypted disk image with a 20+ character password. I think turn file vault on and have a big long password with it.
I don't want some terroists stealing my computer and using that crap for evil.
Any free apps out there that wipe clean your hdd?
This seems like a complicated problem, I never thought about the spotlight pointers.
Wouldn't partial solution be turning spotlight indexing off for the directory, and then re-building spotlight index?
Originally posted by aplnub
I think turn file vault on and have a big long password with it.
And there is a problem with that also. When *first* encrypting a home directory, the unencrypted version is deleted normally, so it is not really secure. This was certainly a problem with 10.4.0 I think an update later fixed this problem, not sure.
Originally posted by aplnub
When I travel with my iBook I have my passport and stuff saved in an encrypted disk image with a 20+ character password. I think turn file vault on and have a big long password with it.
I don't want some terroists stealing my computer and using that crap for evil.
Any free apps out there that wipe clean your hdd?
This seems like a complicated problem, I never thought about the spotlight pointers.
Disk Utility does the job by erasing your free space. You just have to think about where your data is or how it got to where it is.
1. download a file or save a file form a program to your normal HD space then that file is unencrypted
2. if this file is under 20MB, it will be defragged on the fly and parts copied over your HD
3. if this file is saved to a directory spotlight indexes, some or all of the file will be indexed
If you then decide to encrypt this file and secure delete, parts 2 and 3 mean recoverable elements may still exist. Cleaning your free space should remove those, although filename fragments may be recoverable in the drive database.
As long as the file remains on the encrypted disk, it won't be indexed and only the encrypted image will be defragged if under 20MB. If it defragged the contents of the image, it would do so in the encrypted space.
To avoid having to erase, you can save files directly to encrypted disks.
BTW, I wouldn't use filevault. It uses a sparse image which can get corrupted after a crash.