[Macworld]

Post your comments for How to securely delete files here

[linkman]

How secure is the Secure Empty Trash function compared to a single pass Zero Out Deleted Files?

[FlopTech]

Of course, if you're really truly paranoid, you won't sell your Mac until you've physically replaced its hard drive with a brand new one and installed OS X on it. And you'll keep your original hard drive, preferably in a fire-proof safe. Or you'll destroy that hard drive by disassembling it and physically destroying each platter after you've copied its contents to a new Mac (and verified the data.)

[Chris Breen]

linkman, on 28 March 2012 - 09:11 AM, said:

How secure is the Secure Empty Trash function compared to a single pass Zero Out Deleted Files?

My understanding is that Secure Empty Trash does the same thing as Zero Out -- so, one pass on the area.

[MEPace]

FlopTech, on 28 March 2012 - 09:15 AM, said:

Of course, if you're really truly paranoid, you won't sell your Mac until you've physically replaced its hard drive with a brand new one and installed OS X on it. And you'll keep your original hard drive, preferably in a fire-proof safe. Or you'll destroy that hard drive by disassembling it and physically destroying each platter after you've copied its contents to a new Mac (and verified the data.)

Best to take off and nuke the entire drive from orbit, it's the only way to be sure.

[immovableobject]

This discussion assume you have a hard disk, not a solid state (flash RAM-based) drive. I don't know the particulars, but due to wear leveling algorithms, I suspect that securely deleting data against any type of forensic recovery is more difficult with SSDs.

[MattS]

MEPace, on 28 March 2012 - 09:24 AM, said:

FlopTech, on 28 March 2012 - 09:15 AM, said:

Of course, if you're really truly paranoid, you won't sell your Mac until you've physically replaced its hard drive with a brand new one and installed OS X on it. And you'll keep your original hard drive, preferably in a fire-proof safe. Or you'll destroy that hard drive by disassembling it and physically destroying each platter after you've copied its contents to a new Mac (and verified the data.)

Best to take off and nuke the entire drive from orbit, it's the only way to be sure.

Aliens, man. Aliens.

[bastion]

Chris Breen, on 28 March 2012 - 09:17 AM, said:

linkman, on 28 March 2012 - 09:11 AM, said:

How secure is the Secure Empty Trash function compared to a single pass Zero Out Deleted Files?

My understanding is that Secure Empty Trash does the same thing as Zero Out -- so, one pass on the area.

I can't say for sure about Lion but when the Secure Empty Trash command was introduced it was using the 7-pass mode.

[Success]

I thought the only sure method was to burn the disk. Is this not so?

[bastion]

immovableobject, on 28 March 2012 - 09:54 AM, said:

This discussion assume you have a hard disk, not a solid state (flash RAM-based) drive. I don't know the particulars, but due to wear leveling algorithms, I suspect that securely deleting data against any type of forensic recovery is more difficult with SSDs.

With the proper software you can issue a command to an SSD that will wipe the entire thing. There's no reliable way to just do single files, though. Worse, I'm not aware of any Mac-native software that will issue the wipe command. You have to temporarily boot a different OS.

[bastion]

Success, on 28 March 2012 - 09:59 AM, said:

I thought the only sure method was to burn the disk. Is this not so?

Technically, yes. Practically there are very few people who need anything more than the single-pass. The 35-pass mode is intentionally overkill; when it was originally described the intention was that you would pick a subset of it.

Just to be clear: The multi-pass modes aren't just writing zeros or purely random data over and over. They're writing a sequence of bit patterns, some of which are random and some specified. The idea is to introduce sufficient confusion into the magnetic field that there's no reliable way to determine the original bit value.

[len5]

I have an MBP 4,1 that I've installed an intel 320 SSD in. Most of what i've read about using Disk Utility's Secure Erase on an SSD hasn't been good. Especially with regards to drive performance. So instead I use Lion's FileVault 2 which encrypts the entire drive. That makes both your data and the free space on the drive totally secure. That is if you've used a strong password.

[AdamS]

Chris Breen, on 28 March 2012 - 09:17 AM, said:

linkman, on 28 March 2012 - 09:11 AM, said:

How secure is the Secure Empty Trash function compared to a single pass Zero Out Deleted Files?

My understanding is that Secure Empty Trash does the same thing as Zero Out -- so, one pass on the area.

I think it uses 35 passes, which is what the Unix command srm uses by default.

[bastion]

AdamS, on 28 March 2012 - 10:30 AM, said:

Chris Breen, on 28 March 2012 - 09:17 AM, said:

linkman, on 28 March 2012 - 09:11 AM, said:

How secure is the Secure Empty Trash function compared to a single pass Zero Out Deleted Files?

My understanding is that Secure Empty Trash does the same thing as Zero Out -- so, one pass on the area.

I think it uses 35 passes, which is what the Unix command srm uses by default.

It does not use the 35-pass mode. The user base at large would be screaming their heads off if it did because almost no one has the patience for that on any substantial amount of data.

Apple also doesn't use srm for this functionality. They did originally but in, IIRC, Snow Leopard they started using their own tool that handles several different potentially high-risk disk activities. (Presumably so Finder didn't need elevated privileges.)

(Later) Actually it was Leopard, and the tool they switched to is called Locum.

This post has been edited by bastion: 28 March 2012 - 10:42 AM