## Sunday, January 15, 2012

### Donating a Computer? Wipe the Drive!

Months ago I replaced my old single-core PC  with a new quad-core machine. Being a champion procrastinator, I'm only now getting around to donating the old box to charity. The easy part is assembling all the documentation, peripherals, etc. (I'm also a bit anal-retentive about storing documents.) The hard part turns out to be wiping the drive.

It should be common knowledge that you never give away a computer without first wiping its hard drive. Over the years, your various user IDs and passwords are stored on the computer in all sorts of places, some of which (at least with Windows) are a bit arcane. Stories have been written on the subject (see, for instance, "The Dangers of Donating or Discarding Your Old Computer", or "Hard Drives Exposed"), although I was unable to find any statistics on actual instances of identity theft from discarded drives. (I found lots of general discussion of the threat, much of it shockingly coming from companies that sell disk wiping software or services.) The same caution also applies to smart phones and USB (thumb) drives, and I suspect people are even less cautious about cleaning out their phones before recycling them. Anything that still works and has ever held a password is a candidate for scrubbing before you recycle or donate it, or before you hand it off to someone that you think is going to toss it in a landfill.

There is quite a variety of software, both free and commercial, designed to delete files and wipe drives "securely" from PC disks.  I put "securely" in quotes because security is a matter of degree. The only 100% secure way to eliminate sensitive information is to physically destroy the drive (break the platters into pieces, bathe them in acid, launch the remnants into the core of the sun, ...). Runner up is to run a shredder program that overwrites each disk block with various random patterns. The least secure approach is reformatting the drive, which typically does not wipe out old contents.

I'm not worried about an identity thief going over my donated hard drive with forensic equipment, so I'm satisfied with shredding all the files. For reasons unclear to me, though, that turned out to be problematic on the old machine. In fact, just booting the bugger turned out to be problematic. In my years of fighting with PCs, thermal expansion has usually been a problem when the machine was turned on and off, not when it was serving as an unplugged doorstop. Nonetheless, it took three tries reseating memory and PC cards before the old machine would boot, and a fourth try to get it to recognize the keyboard and mouse. Whether that relates to the subsequent adventures, I'm not sure.

My plan was to wipe the lone hard drive entirely and then reinstall Windows XP. To do so, I downloaded Darik's Boot And Nuke, which seems to be a highly regarded solution. Burn it to a CD or DVD, boot from the disk, follow a few simple instructions and watch your disk get wiped. Unfortunately, it consistently failed with a sequence of error messages that did not tell me what was going on. The old computer has a bunch of media readers (which I explicitly did not select for wiping); maybe they were causing problems. Maybe not.

As at least an interim measure, I installed Linux Mint Katya, using the entire hard drive and overwriting the Windows installation. That does not wipe all the data, although I feel moderately confident that the portion of the disk containing actual Linux files is sufficiently overwritten to defeat the casual data thief. The problem is all the unused space on the disk, which still contains whatever it held before I loaded Katya. After a bit of searching, I found the Linux shred command. The suggestion was to boot from a CD or DVD (I used the Katya installation CD) and run shred -vzf /dev/sda (replacing /dev/sda with the name of the actual hard drive partition). Small problem: the hard drive was not showing up in /dev. The Katya installation disk lets you mount the existing hard drive, so I did that.  It mounted as /media/<long number>.  Okay, fine, I would just shred /media/<long number> ... except I couldn't: the shred command said it was a directory and not writable (even with the -f flag, which should force things to be writable). Running shred with administrator privileges via sudo did not help.

After more searching, I found a helpful answer by David Spillett. Booting the clunker from the hard drive (Mint Katya), I opened a terminal in /tmp and entered the following commands:
dd if=/dev/zero of=zero.small.file bs=1024 count=102400
cat /dev/zero > zero.file
rm zero.small.file
rm zero.file
The drive capacity is 165 GB, and Katya's footprint is not all that large, so the second line was quite time consuming. The second line eventually ended in an abort due to lack of free memory. I'm not sure that was an intended result, but it does not seem like a bad thing.

Overwriting with one layer of zeros is not a very secure shred, but (again) I'm not that worried about someone using forensic hardware to recover my drive. If they do, they'll find their investment of time not well rewarded.