June 4th, 2008, 09:32 AM
I am afraid that is a widely held misconception.
I'm assuming that since you say you worked for the military that you obviously had a legitimate IT department and things such as network storage devices and monetary resources that could be put toward useful devices.
Actually, I worked for an arms manufacturer but my military colleagues had more or less the same story. For us, if something was not a requirement of the projects (stuff we could bill customers for) it was at the bottom of the food chain. For the military if it was not to improve "fighting efficiency" it was more or less the same. So that meant no spare servers and no spare decent computers.
Cipher would have been out of the question anyway........ they were still running NT 4.0 SP6a
Actually no. The software took a few seconds to burn to a floppy disk, so making 20 didn't take long. All you had to do was insert the floppy and turn the machine on and it would boot to it. You got a "do you really want to do this?" and gave it a "Y" then moved on to the next machine.
If you compare rebooting every machine with a special disc that you have to interact with to removing the hard drive and sticking it in a hot-swappable storage device, I think it would be faster to remove the hard drive. You wouldn't really be doing 20 at once, if you had to sit down at each machine in order to interact with the program that wipes it.
These were old PI boxes so no sata drives.
Maybe I read too much into the question. When he asked about a low level format to DoD standards I took it to mean that he wanted to securely overwrite the whole drive.
With all of this said, however, we still have to go back to the original question. He really just wanted to hear examples of software packages that could be used to make data unrecoverable.
Exactly, but that is all the manufacturers formatting tools will do. Like I said if it is just a repair job that is what I use.
The one pass you mentioned that you do earlier would hardly be considered military-level security.
Index.dat Analyzer is the free product I was suggesting you look at. It shows you some of the stuff Windows has left on your drive.
eNcase is the flagship forensics data gathering tool. It is used by police departments and accepted in courts throughout the World.
Nope, that is actually a typical set-up for a secure environment. Normally the user wouldn't even be able to directly access the local HDD, they have to work on servers, so there is no need for anything other than one drive and one partition.
Your computer only has one hard drive? Are you living in the stone ages?
Not a problem I would have thought. The software will fit on a 3.5" floppy. I only said CD/DVD because modern machines generally don't have a floppy drive.
I guess you didn't factor in getting the CD or even having to create the CD... silly...
I don't see the relevance of that. Sure you can turn off pagefile.sys What you cannot turn off is the fact that XP, 2000 and Vista are virtual memory systems. They will use it and there is nothing you can do to prevent this, they will just make their own arrangements "behind your back".
Errr I didn't say use regedit, however editing the Registry is what you actually do, however you decide to do it.
You do realize that you can just click the radio button, right, rather than telling everyone to edit their registry?
In fact, in a secure environment this setting should be part of the standard build, and users should have no access to the Registry.
Yes and Yes. Not everyone has rocket science machines particularly in commercial and institutional environments. Overwriting large files and folders can take a while and is best done in dedicated mode. Please note that I did say:
Do you honestly sit there and wait for the machine to finish, or do you use another machine?
..... in particular when you are wiping a whole disk.
Not a fantasy World, a secure World. The concept of least empowerment, and the users can only do what they absolutely need to be able to do. You have an image of the installation and if anything goes wrong you just re-image it.
I guess you're living in a fantasy world where you can only have a system drive on your computer and that drive is one big system partition...
Of course I am making the assumption that if you are interested in secure wiping you must be dealing with a system that handles sensitive data? In which case this would be the architecture I would expect to see.
Last edited by nihil; June 4th, 2008 at 09:36 AM.
June 4th, 2008, 01:36 PM
Basically you're talking about how to be secure with ancient parts. I guess that works for you, and perhaps that's why you're so against Windows also. You're still in that mindset created from long ago and just haven't moved forward with the times. That's great and all, but not really applicable anymore. Now people do have storage devices, SATA drives, and floppies are a thing of the past. I'm fairly certain that this guy was looking for a solution that fit current times, but only he could say for sure.
As for turning off the page file in Windows XP, you very clearly said that it couldn't be done. I showed you the method for doing so in a screen shot. That is the relevance. Also, if you shut off page file, Windows will not still use it 'behind your back' anymore than it will go over the maximum page file size if you have a maximum set. Regardless, if you boot with a Windows Operating System on one drive, you can wipe a Windows Operating System on another drive and nothing will prevent you from wiping the files.
Even if you didn't learn anything, I'm sure others did.
Last edited by itPro; June 4th, 2008 at 01:39 PM.
June 4th, 2008, 03:02 PM
Well, the original poster did say:
They don't support SATA
I have been playing around with it in class but only on older P3 dells.
would be about right, other than that he seems to be doing some sort of software testing project rather than wanting to be "secure" as such?
Basically you're talking about how to be secure with ancient parts.
If my assumption is correct, and it is an academic exercise, then I would say he wants a variety of solutions and doesn't really care if they actually work or not. Either result is OK for a project.
I'm fairly certain that this guy was looking for a solution that fit current times, but only he could say for sure.
The purpose of that feature is to allow you to remove and replace a corrupt page file. You cannot turn virtual memory off, it will merely create its own and use that. That is how Windows XP/2000 work, they are virtual memory systems. Basically it is a case of no VM, no Windows.
As for turning off the page file in Windows XP, you very clearly said that it couldn't be done. I showed you the method for doing so in a screen shot.
That is the relevance. Also, if you shut off page file, Windows will not still use it 'behind your back' anymore than it will go over the maximum page file size if you have a maximum set.
June 4th, 2008, 03:34 PM
If you read into the context of that sentence, he has been playing around with it in class, meaning that it's not serious. When he uses it the way he wants to, it will be serious, which means that it won't be on those P3's he's playing around with...
Originally Posted by nihil
It's probably for learning which one is best, as he stated, I would imagine. 0.o
Originally Posted by nihil
lol It's funny that you say you can't turn it off, yet there's that screen shot clearly showing the 'No Page File' choice... >.> Okay, so then how do you remove and replace a page file, if you can't turn it off? That's what I thought... Looks like you can turn it off... or maybe Windows will suddenly lock it down in the middle of your replacement process because you go over your RAM limit? No page file really does mean no page file, on the hard drive at least... >.> Whenever you disable the page file, the amount of page file space necessary for your apps to run will then be used in RAM. In other words, that amount of RAM will be specifically dedicated as a page file and can't be used for anything else.
Originally Posted by nihil
Look at the bottom post here:
or check out this blog here:
Can't you just admit that you are wrong?
For all intents and purposes, we've been talking about the page file on the hard drive, as that's what you're saying cannot be wiped. You have said repeatedly that the page file cannot be turned off. You imply that Windows will secretly allocate another part of your hard drive as a page file, since it needs it, but this is simply not true. The page file on the hard drive can be turned off. If you do not have enough RAM, the system will crash. Windows will not take it upon itself to use the hard drive.
Last edited by itPro; June 4th, 2008 at 03:47 PM.
June 4th, 2008, 04:07 PM
nihil is incapable of admitting he is wrong. I actually saw him apologize for mistyping once, but he went on to explain how different keyboards...
June 4th, 2008, 08:22 PM
"Strictly speaking Virtual Memory is always in operation and cannot be “turned off.” What is meant by such wording is “set the system to use no page file space at all.”
maybe there are two rights here...
--more or less
Last edited by C:\Saw; June 4th, 2008 at 08:27 PM.
"...to give correctly is to give them what they need from us, for it would not be skillful to bring gifts to anyone that are in no way needed."
*Einstein Would Be Proud*
June 4th, 2008, 10:03 PM
Glad to see that you now realize that I am right, which makes your post entirely wrong also. I bet you feel like a real idiot that stuck his nose in something it didn't belong, and now are having trouble eating your own words.
Thank you for giving me the fuel I needed to prove that I am right beyond any shadow of a doubt. I'm always up for a battle of wits. I don't lose. Even when I'm wrong, my logical thought process is far more advanced than the average person that just takes someone else's word for it.
Btw, there are multiple forum posts in the Microsoft site that mentions specifically not shutting off the page file. If they are telling people not to, that means that you can... Just FYI. Yes, the OS will still use memory as its page file, but now we're just arguing semantics. The fact is that I was right in the context we were discussing. Out of context, I guess you can say he was technically right also. Then again, there will always be ways to twist words around so that they make you look more favorable. I'm an expert in many areas.
Last edited by itPro; June 4th, 2008 at 10:11 PM.
June 4th, 2008, 11:33 PM
I admit i am not an expert. But I ask you a simple question: when you use internet explorer, browse and then clear your history, can you tell me the additional number of places in Windows that you will have to manually clean to REALLY get rid of the history?
An article on securityfocus said that at least 13 additional places are where your history will be saved. In addition to that I had found some other location in registry where the history was trying hard to remain in the present.
I think eNcase is something worth a watch. please do reserach on the thing.
And I do not know why would one try to completely remove data using any OS which is installed on to the disk. There are enough live OSes (most from the Linux stable) that will just run off the RAM and clean the disk without leaving any hint on the computer itself. The whole idea of using an installed OS for that thing is something I do not understand.
EDIT: In addition to what I have said, i too think that nihil is unable to admit that he was wrong at a point. I am not sure about the enterprise setup and all such things.... I am still a student in a college. but then as far as I know about the virtual memory thing is: Page file and RAM are both a part of the VM systems. If you disable the page file, there is no harm. The fact is that after disabling, followed by a reboot, you can just delete the pagefile just as you would delete any other (hidden+system+secure) file.
I am not here to cross upon you two guys (even though the IE history thing does sound like I am trying to cross off itPro). I am just telling you an idea (which I am actually not sure about, due to the zero experince) is that why not use a Live OS rather than the installed ones. Afterall all you needfor a wipe off are the starting and ending sector nos of the partition.
Last edited by jockey0109; June 4th, 2008 at 11:46 PM.
"Everything should be made as simple as possible, but not simpler."
- Albert Einstein
June 5th, 2008, 12:10 AM
As a programmer, I can tell you that it doesn't matter whether the program is stored on a hard drive, a CD, or a floppy. It will still run in memory, regardless of whether or not the OS is running. The real point is that what is necessary to perform the cleanup is already available in Windows. If you feel as though your utility is more special because it isn't copyrighted by Windows, then more power to you. Personally, I'll pick convenient, easy, professional, and supported software every time. Windows just happens to offer something that fits well within all of those categories.
We're talking about removing data in a way that it can not be traced. If you want to get down to real security, we'd be talking about what sort of hammer we would use to destroy the platters with and then what oven we would use to melt down the scrap with, but then we couldn't reuse the disk.
If enWatch is used in forensics, then isn't it trying to recreate lost data, rather than to destroy it?
June 5th, 2008, 12:57 AM
see the running of the tool was not my point. Of course I too know that nothing runs from disk it runs from memory. But by the rukles of an Os, you cannot remove the OS itself when it is running (at least Windows wont allow you!). So Why not leve the OS and run ONLY from memory (wihout having any concern with whether the OS is ther r not on the DISK!)!
"Everything should be made as simple as possible, but not simpler."
- Albert Einstein
By cheyenne1212 in forum Miscellaneous Security Discussions
Last Post: February 1st, 2012, 02:51 PM
By helloworid in forum Newbie Security Questions
Last Post: April 30th, 2004, 09:27 PM
By Death_Knight in forum Hardware
Last Post: January 2nd, 2004, 04:00 AM
By hexadecimal in forum AntiOnline's General Chit Chat
Last Post: June 14th, 2003, 08:51 PM
By Badassatchu in forum Non-Security Archives
Last Post: November 23rd, 2001, 11:13 PM