Microsoft Offers New Data-Security Scheme

bingly_beep writes "The BBC is reporting Microsoft's new user security measure, whereby users sensitive information is stored on their PC rather then online, as in their previous offerings, such as Passport. This sounds like a good idea, but any such system would surely require that the user definitely erases the HD on any machine they sell. Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."

Re:this is a duplicate people

[Tony+Hoyle]

No it isn't.

Have you even looked at both links? They're entirely different.

I even believed you for a minute... it's not like dups are uncommon on slashdot, but WTF has storing data on your own hard disk got to do with a dodgy research paper?

Erasing the HD?

[SiO2]

Erasing or otherwise formatting a hard drive doesn't do any good to eradicate personal information. I've used these guys on numerous occasions to successfully recover data from hard drives that have been formatted, imaged, etc.

If you're going to sell a computer, swap out the drive containing your data for a new one. They're cheap. Hold onto the drive that houses your data.

SiO2

Re:In future headlines...

[mboverload]

I made a guide to using eraser, which would do the same thing. http://mboverload.no-ip.org/tech/recyle.html

Re:Cleaning up HD

[mike5904]

For general purposes, yeah, but if someone is intent on getting at your data, with a lot of work they can still get to it. All deleting a partition with fdisk does is destroy the partition information, so it looks like unallocated space on the drive. It never actually deletes the data.

Re:Aw hell...

[werewolf1031]

assuming users aren't running as admin, which they shouldn't be

You're absolutely right, they shouldn't be. But they are, a great many of them, because unfortunately many 3rd-party apps, especially games, require admin rights to run properly -- and who wants to exit and login as a different user every time they want to play a game? (Which in itself is a separate rant.)

With so many users running with admin rights, it'll be a no-brainer to compromise this particular setup.

Re:Permanent Data Deletion Tool

[SirTalon42]

Or you could do "shred -z /dev/hda" which is MUCH more secure. It will write over the drive 25 times w/ random data (you can change it with the
-n' switch to any number you want), and then write zeros to the disk.

Re:Aw hell...

[sqlrob]

The "Designed for XP" label requires the ability to run as a lower privileged user. I don't know how much more MS can really do to enforce it.

The problem with games is that they use low level access for copy protection tests, and need admin level to do that.

Re:Aw hell...

Frankly, it's obscene that Windows has been encouraging users to run as admin for so long, and failing to discourage developers from requiring administrator access to run simple applications. It's pointless and it's stupid.

To put it bluntly, you don't know what you're talking about.
As a software developer, I know firsthand that Microsoft is trying to get application developers to stop writing programs that require the users to be Admin level. If you know anything about .NET logo certification, you would know that in order for your application to pass the test, it has to be able to be successfully installed at all login levels (except Guest, I think).

Yes, you may have glazed over this when you mentioned "future plans for improving security" but it's no fault of Microsoft's (that I'm aware of, at least) that for a long while there were a bunch of application developers who had no idea what they were doing. That's what the whole idea of the .NET framework is about - standardization.

Think again!

[flithm]

From the shred manpage:

CAUTION: Note that shred relies on a very important assumption: that
the filesystem overwrites data in place. This is the traditional way
to do things, but many modern filesystem designs do not satisfy this
assumption. The following are examples of filesystems on which shred
is not effective:

* log-structured or journaled filesystems, such as those supplied with

AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)

Ie, shred is useless. Also of note is someone's idea to write /dev/null to /dev/hd? is also useless for this same reason.

Also of note is that this applies to Windows users (NTFS) as well!

For more information check http://http://www.infoanarchy.org/wiki/index.php/F ile_Wipe

The basic idea is summarized here:

There are several ways to securely wipe files when using journaling filesystems:

1. Store data that needs to be wiped on a partition (slice, volume, or drive) that uses a non-journaling filesystem. For example, users of Windows can use a Z: drive formatted with FAT32, and users of GNU/Linux can use a partition formatted with Ext2.
2. Store data that needs to be wiped on a partition that is encrypted using Hard Disk Encryption. This eliminates the need to use a secure wiping mechanism for individual files.
3. Store data on a temporary partition using any journaling or non-journaling filesystem. When it is time to wipe all files, use a tool such as Eraser or Wipe to securely wipe the entire partition.
4. Physically destroy the hard drive after use by melting the hard drive. (Passing a magnet over the hard drive will not work.)

Ie... There is no method for proper undelete protection of journalled drives. Better have your thermite ready!!

No, you Think again!

[V.]

Keep reading that man page. That only comes into play if you are shredding a mount point/filesystem. Just shred the device file and you are golden.

This Does Not Work on Modern Computers!

[flithm]

Despite what they tell you, these erasure programs do not work on drives using journalled filesystems (ie almost every drive there is these days... including you Windows users with NTFS, and Linux users with Reiser, Ext3, XFS, etc).

For more information check out this link.

For the lazy, here is a summary:

Many modern operating systems such as Windows XP (NTFS), Mac OS X ( [[HFS+]] ), and GNU/Linux with a kernel version greater than 2.4 (Ext3, JFS, ReiserFS, and XFS) have the ability to use a journaling filesystem that makes complete erasure of data unlikely.

There are several ways to securely wipe files when using journaling filesystems:

Store data that needs to be wiped on a partition (slice, volume, or drive) that uses a non-journaling filesystem. For example, users of Windows can use a Z: drive formatted with FAT32, and users of GNU/Linux can use a partition formatted with Ext2.

Store data that needs to be wiped on a partition that is encrypted using Hard Disk Encryption. This eliminates the need to use a secure wiping mechanism for individual files.

Store data on a temporary partition using any journaling or non-journaling filesystem. When it is time to wipe all files, use a tool such as Eraser or Wipe to securely wipe the entire partition.

Physically destroy the hard drive after use by melting the hard drive. (Passing a magnet over the hard drive will not work.)

So, basically... there is no proper way of protecting yourself from undelete data recovery methods, if you use a journalled file system, aside from keeping some thermite handy!

If you ask me, we should all be encyrpting our data partitions by now!

Re:This Does Not Work on Modern Computers!

[werewolf1031]

Ok, while all that sounds technically competant, I must disagree... and agree.

Data stored on a hard disk (or floppy disk, or any other magnetic-based medium) uses the polarity of a tiny portion of the disk (eg. a "sector") to determine if that portion contains data equating to a one or a zero.

When the write head of a HDD applies a magnetic charge to a portion of the disk, it has just enough strength to change the surface polarity to the intended bit value. If it uses too much, it'll spill over onto adjacent portions; not enough, and the polarity of the magnetically sensitive material beneath it will interfere with the intended bit value.

This is how professional-grade data recovery labs retrieve "lost" data, because the polarity of the material "underneath" the exterior portion may be different, and thus allow retrieval of erased data.

On the OTHER hand... it does make it really damn difficult to truly erase disk data. As the above implies, just writing over it with the HDD's normal write head, even while formatting, may not be enough to conceal what was previously written by "professional" grade retrieval methods.

So basically: Regardless of the file format used (which doesn't affect how the HDD's read/write heads interact with the platters), use a bit of common sense and forethought when storing sensitive personal data.

Geez, talk about the long way around. :)

Re:windows XP filevault equivalent?

[TheAwfulTruth]

Yes and it has been for years.

But just like Mac (now) and Linux it is off by default.

One main reason is that in order to use it (on any OS) you have to use your brain. Basically you have to rememeber to properly handle your user data before mucking about with user accouts or you can permanetly lose everything. This problem has already been demonstrated repeatedly in the Mac user space WRT iTunes downloads which are pinned to used accounts. Destroy a user account before transferring ownership of the data and yo ulose your songs.

Of course, this is the point. But what happens is, 99 out of 100 people that lose everything do so in situations where they didn't really want to.

Thus, use of the systems by people that don't know how they work or what the drawbacks are are more likely to have problems with their data by using the system than by not using it. So, in all cases, the EFS remains turned off by default.