Results 1 to 10 of 10

Thread: Secure Erase SSD

  1. #1
    Join Date
    Jul 2001
    Location
    maryland
    Posts
    564

    Confused Secure Erase SSD

    Here is a problem for wise macgurus.

    I want to secure erase free space, to remove the files which were either trashed normally or via the Secure Empty Trash command. And all that without going the FileVault route.

    Reading up on the subject, I found an Apple knowledge file which says:
    "With an SSD*drive, Secure Erase and Erasing Free Space are not available in Disk Utility. These options are not needed for an SSD*drive because a standard erase makes it difficult to recover data from an SSD. November, 2016"
    https://support.apple.com/en-us/HT201949

    Oh REALLY?? One day I secure trashed an important file before it got backed-up. So, I bought software Disk Drill, installed it on another bootable drive, and proceed to recover all files on my main drive. It recovered very many of them, including the complex excel table I just lost. And it was in perfect shape!! So, isn't Apple full of it? Ok, I understand that there is a command I could use in the Terminal to Erase Free Space, since that function is no longer available in Sierra Finder. Is there another, easier way? (Overwriting with zeros in the early operating systems took a few hours, but still I called it an easy way).

    How about creating a 100GB disk image file, encrypt it, store it on a USB flash drive, and then copy it on the main drive with 100GB+ free space. Then trash and delete normally. Won't that render the entire 100GB section unrecoverable? Even by Disk Drill? Because the encryption key is now gone?

    Finally, do any macgurus use secure free space? If not, how do you keep your trashed files private?
    Marrand

  2. #2
    Join Date
    Aug 2001
    Location
    Grangeville, ID USA
    Posts
    9,113

    Default

    Personally I never cared. Never had anything that needed secure erase.

    I used a pass of zeroes many times to test spinning drives, but the recommendation was always not to do that to SSDs since they have a finite number of writes in their lifespan. I'd do it anyway if I wanted to get rid of stuff. Even if I had to use a third party bit of software.

    Rick
    molṑn labe'
    "I am a mortal enemy to arbitrary government and unlimited power. I am naturally very jealous for the rights and liberties of my country, and the least encroachment of those invaluable privileges is apt to make my blood boil."
--Ben Franklin

  3. #3
    Join Date
    Jan 2006
    Location
    Boise
    Posts
    985

    Default

    So is this your startup drive?

    First off I've asked myself how the hacker would get into my files. Your source of internet, goes to a modem. That modem has settings and you can set those to the highest level. ALWAYS change the default password on your modem. Then there's the Mac OS. In the preference page go to Security and Privacy. Go to the top white bar and select firewall and turn it on. I haven't fiddled with it in ages but you if it exists select stealth mode. They don't see you out there in the wide world of internet. The computer doesn't respond to outside pings. Then go to General set you desktop to have a password, require the password after one minute of no use. Now if they are at your Mac they can't get in. Ultimately if you use File encryption on your Mac without having the login password you can't get in. You can set Safari to warn you of web site that are malicious, under Security in Preferences. Then lastly, never, never, ever, click links in emails that are from solicitations. I think is one other password you could set and that is "Root" and you code the thing in terminal. Rick or Uncle Mac would be on top of that.

    Now tell me how do they get in? Maybe it's not 100% but it's pretty full proof. Now tell me is this data that big of a concern? I would think that data loss has a higher likelihood and loosing all the work you have done with the data when it's all gone, that is a real major issue.

    You may know most of the stuff I wrote, but I did think that maybe someone out in the internets could use a security primer for the Mac OS. It's a big part of why I think Macs are the top dog in computers, phones too, secure.

    But what Rick said, that too.

  4. #4
    Join Date
    Jul 2001
    Location
    maryland
    Posts
    564

    Angry

    Thanks for quick reply.
    I am not worried at all about a hacker getting into my files. They never did. I use all known security measures. Nobody else uses my computers. Nobody knows the password to the computers. That's not the reason I use secure empty trash. When a drive failed in the past, I took it to the basement, disassembled it, removed the disks, sandpapered them, glued stuff to them, wrapped them, and disposed them in some public trash can. When I gave a good one away, I zeroed it multiple times.

    I must confess - I have this paranoid idea that someone will steal one or more of my external HD's, some hooked up, some spares in the basement, take it to his mac, and recover the trashed files. What are they? Mainly all documents pertaining to tax returns and current financial stuff. Most of the private mail is sitting in encrypted dmg's, but some still open for use. And no, there have been no forced entry robberies in the neighborhood (I know…rather strange for Maryland).

    So, I can't justify my need on rational basis. Maybe on shrink's couch, but that's not what macgurus advertise for.

    But still….the curious mind wants to know.
    Thanks for your time.
    marrand

  5. #5
    Join Date
    Jan 2006
    Location
    Boise
    Posts
    985

    Default

    Truth be told I still have an old deskstar PATA HD that died in my G4 tower back in 06 maybe. It didn't function physically and you can't erase a HD if it don't spin. But to just send it out into the world? Heavens no. It just sits in the drawer. I need some of those big powerful magnets and strip it. But then how do you know if the deed is done? The drawer is pretty good.

    The reality is that if someone breaks in, they'll take your computer not old drives. But you know, if you're thinking about it, you are probably good. So many people don't even think about it.

    I wonder if the insurance industry has figures on the likelihood of it happening. Some software you could get to figure probability. If it came back a 1 in 500 million chance, you could sleep well.

  6. #6
    Join Date
    Jul 2001
    Location
    maryland
    Posts
    564

    Angry

    Just talking.
    You worry about sending a broken HD into the world? Rather have it sit in drawer? Maybe ok if you have only one.
    But I had about 6 break on me since 1993. I figure it this way.

    Once the platters are removed and severely damaged, and then discarded inside random trash in a random garbage can, then what are the chances someone will fish it out? But suppose they do, and want to examine it. First they have to remove the hardened glue embedded in the thin layer of protective plastic which in turn protects the individual ferrite crystales. You can't do it physically without removing the crystals too (which contain the data). Only way is chemically, and the only way is to get a sophisticated laboratory to do it for you. And it won't be for free. You mean, that someone, who found my damaged disk at random, is willing to pay mucho bucks just to see if he can read something from it? Ok, suppose they do. Then the lab must figure out how to chemically remove one type of polymer which is sticking to another. Seems like a reasearch project - you can't just google for the procedure.

    But if you don't remove the junk, then you can't get the sensor close enough to the crystal to read the up/down magnetic orientation. Problems, problems, problems....for the poor guy who accidentally found my platter. (He may have to contact the macgurus!).

    Oh yes, just to be sure I run a magnet over it, and sandpaper it too. That won't destroy every crystal, but embed a lot of powder debris among them. That debris will also register on any magnetic sensor trying to read the platter (assuming they managed to strip the glue delicately).

    Somehow I sleep well after this procedure.
    But still..many people out there must be using secure empty trash for a reason, no? And for a good reason? So I thought I was missing something, and wanted to know
    marrand

  7. #7
    Join Date
    Aug 2001
    Location
    Grangeville, ID USA
    Posts
    9,113

    Default

    Best way to permanently kill a spinning hard drive is run a drill through the platters a couple times. No one is ever going to get any day off it. Even a big hammer is sufficient.
    molṑn labe'
    "I am a mortal enemy to arbitrary government and unlimited power. I am naturally very jealous for the rights and liberties of my country, and the least encroachment of those invaluable privileges is apt to make my blood boil."
--Ben Franklin

  8. #8
    Join Date
    May 2001
    Location
    1hr N/W of LA LA Land
    Posts
    3,317

    Default

    Quote Originally Posted by ricks View Post
    Even a big hammer is sufficient.
    My preferred method although I haven't tried our band saw yet.

  9. #9
    Join Date
    Jul 2001
    Location
    maryland
    Posts
    564

    Rolleyes

    Band saw? Hammer? Drill?

    And there I thought the macgurus are more elegant!

    My son recommended drill. Tried that once. Ruined the drill bit.

  10. #10
    Join Date
    Aug 2001
    Location
    Grangeville, ID USA
    Posts
    9,113

    Default

    Last one that failed, my son made swiss cheesy with a rifle. No need to dull a drill bit. And my son thought that was the most fun he'd all day. ... one note, we live in the sticks and this was very safe to accomplish. I took some pics, but can't figure out where I put em.

    Rick
    molṑn labe'
    "I am a mortal enemy to arbitrary government and unlimited power. I am naturally very jealous for the rights and liberties of my country, and the least encroachment of those invaluable privileges is apt to make my blood boil."
--Ben Franklin

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •