Sunday, January 15, 2012

Donating a Computer? Wipe the Drive!

Months ago I replaced my old single-core PC  with a new quad-core machine. Being a champion procrastinator, I'm only now getting around to donating the old box to charity. The easy part is assembling all the documentation, peripherals, etc. (I'm also a bit anal-retentive about storing documents.) The hard part turns out to be wiping the drive.

It should be common knowledge that you never give away a computer without first wiping its hard drive. Over the years, your various user IDs and passwords are stored on the computer in all sorts of places, some of which (at least with Windows) are a bit arcane. Stories have been written on the subject (see, for instance, "The Dangers of Donating or Discarding Your Old Computer", or "Hard Drives Exposed"), although I was unable to find any statistics on actual instances of identity theft from discarded drives. (I found lots of general discussion of the threat, much of it shockingly coming from companies that sell disk wiping software or services.) The same caution also applies to smart phones and USB (thumb) drives, and I suspect people are even less cautious about cleaning out their phones before recycling them. Anything that still works and has ever held a password is a candidate for scrubbing before you recycle or donate it, or before you hand it off to someone that you think is going to toss it in a landfill.

There is quite a variety of software, both free and commercial, designed to delete files and wipe drives "securely" from PC disks.  I put "securely" in quotes because security is a matter of degree. The only 100% secure way to eliminate sensitive information is to physically destroy the drive (break the platters into pieces, bathe them in acid, launch the remnants into the core of the sun, ...). Runner up is to run a shredder program that overwrites each disk block with various random patterns. The least secure approach is reformatting the drive, which typically does not wipe out old contents.

I'm not worried about an identity thief going over my donated hard drive with forensic equipment, so I'm satisfied with shredding all the files. For reasons unclear to me, though, that turned out to be problematic on the old machine. In fact, just booting the bugger turned out to be problematic. In my years of fighting with PCs, thermal expansion has usually been a problem when the machine was turned on and off, not when it was serving as an unplugged doorstop. Nonetheless, it took three tries reseating memory and PC cards before the old machine would boot, and a fourth try to get it to recognize the keyboard and mouse. Whether that relates to the subsequent adventures, I'm not sure.

My plan was to wipe the lone hard drive entirely and then reinstall Windows XP. To do so, I downloaded Darik's Boot And Nuke, which seems to be a highly regarded solution. Burn it to a CD or DVD, boot from the disk, follow a few simple instructions and watch your disk get wiped. Unfortunately, it consistently failed with a sequence of error messages that did not tell me what was going on. The old computer has a bunch of media readers (which I explicitly did not select for wiping); maybe they were causing problems. Maybe not.

As at least an interim measure, I installed Linux Mint Katya, using the entire hard drive and overwriting the Windows installation. That does not wipe all the data, although I feel moderately confident that the portion of the disk containing actual Linux files is sufficiently overwritten to defeat the casual data thief. The problem is all the unused space on the disk, which still contains whatever it held before I loaded Katya. After a bit of searching, I found the Linux shred command. The suggestion was to boot from a CD or DVD (I used the Katya installation CD) and run shred -vzf /dev/sda (replacing /dev/sda with the name of the actual hard drive partition). Small problem: the hard drive was not showing up in /dev. The Katya installation disk lets you mount the existing hard drive, so I did that.  It mounted as /media/<long number>.  Okay, fine, I would just shred /media/<long number> ... except I couldn't: the shred command said it was a directory and not writable (even with the -f flag, which should force things to be writable). Running shred with administrator privileges via sudo did not help.

After more searching, I found a helpful answer by David Spillett. Booting the clunker from the hard drive (Mint Katya), I opened a terminal in /tmp and entered the following commands:
dd if=/dev/zero of=zero.small.file bs=1024 count=102400
cat /dev/zero > zero.file
rm zero.small.file
rm zero.file
The drive capacity is 165 GB, and Katya's footprint is not all that large, so the second line was quite time consuming. The second line eventually ended in an abort due to lack of free memory. I'm not sure that was an intended result, but it does not seem like a bad thing.

Overwriting with one layer of zeros is not a very secure shred, but (again) I'm not that worried about someone using forensic hardware to recover my drive. If they do, they'll find their investment of time not well rewarded.

2 comments:

  1. I wiped a damaged 1TB drive before a warranty return using the Linux 'wipe' utility. It took about three days to run one pass (usually runs four by default).

    As you say, I don't worry too much about forensic recovery in that situation, but if I were donating a computer, I'd probably consider wiping the drive and then destroying it with a sledgehammer rather than including it. Drives these days are cheap.

    ReplyDelete
  2. Matt, you are a much more patient man than I am. I'd be tempted to take the drive to our campus cyclotron lab and walk around the building a few times (or find a really big, industrial size electromagnet, and walk past that a few times waving the drive around).

    I thought about working out some of my frustrations on the hard drive, but my impression is that if I donate a non-functioning PC to Goodwill (and I'm pretty sure they would consider an otherwise healthy but diskless PC non-functioning), they will turn it over to Dell (http://content.dell.com/us/en/corp/d/corp-comm/us-goodwill-reconnect), and Dell will either refurbish or recycle it. The question then becomes which option Dell will use, given that they would have to install a disk in the PC in order to tell whether it worked well enough to refurbish. If I donate the machine in working order with an OS installed, I think (not sure) that Goodwill will sell it locally through one of their thrift shops, increasing the likelihood that it goes the "reuse" rather than "recycle" route this time around.

    ReplyDelete

Due to intermittent spamming, comments are being moderated. If this is your first time commenting on the blog, please read the Ground Rules for Comments. In particular, if you want to ask an operations research-related question not relevant to this post, consider asking it on Operations Research Stack Exchange.