Feeds

Datawiping doesn't work

eTesting Labs finds products wanting

  • alert
  • submit to reddit

eTesting Labs has run a series of tests of eight commercial available diskwiping products - and only one of them worked properly.

This is Redemtech Data Erasure, from the company which
contracted eTesting to run the trials. So the results should be treated with caution. The eight products were run on six variously configured PCs.

IBAS Expert Eraser failed to overwrite all of the disk sectors on one of the PCs under test. Ontrack DataEraser and Blancco Data Erasure failed to overwrite all the sectors on two PCs; East-Tec Disk Sanitizer and InfraWorks Sanitizer failed in the same task with five PCs; while NTI Diskscrub and Wipe Clean (freeware in wide circulation, according to Redemtech) failed to overwrite all the sectors on all six PCs.

Norton Wipeinfo/Wipedisk is no longer being updated, and works so differently from the others - it's very fiddly - that eTesting Labs did not feel able to include it with the rest.

The eTesting Labs report, complete with methodology, is available as a PDF here.

Of particular note is the poor showing for Infraworks Sanitizer, used by the Department of Defense in the US and the MOD on the UK. It's surprising that eTesting Labs/Redemtech found something that the US government missed.

Secondly, there are quirks in all testing tools - Norton Datawipe does not recognise NT partitions - and all hard drive technologies - software will not write over RAID for example, and why should it - RAID is designed to protect data. It's necessary is to strip out each HDD and overwrite individually. sometimes a very large HDD.

Paul McCartney's worth - how much?
Datawiping is a boring but important subject for end of life kit.

Corporates pay recycling firms to dispose of their equipment - the residual value of the kit rarely covers the cost of collection, datawiping - important for security and for data protection - and reselling. By far the cheapest option is smashing and dumping - but that's dirty and in many rich countries, illegal.

But what if the broker is not datawiping the kit, or is using the wrong datawiping software? Then there's a headache. The most famous case in recent years was Morgan Grenfell, now part of Deutsche Bank, which let loose an end-of-life PC containing the bank details of Sir Paul McCartney into the secondhand market.

But there has been a series of incidents, including details of children at risk found on a PC dumped on a skip by Lincolnshire Council, and a register of sex offenders contained on a PC used by students studying statistics furnished them by Bristol police. The machine was later sold, with the register. Then there was the doctor who returned his machine to PC World under a 21 day no-quibble swap-out. This was later sold as a shop refurb, complete with patient records.

Related stories

Windows wipe utilities fail to shift stubborn data stains
Paul McCartney account details linked on second user PC

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.