Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: So you think your Hard drive is CLEAN

08 May 2009   #1

W7 X-64 RTM,SUSE 11.1, XP PRO SP3 as a VM, VMware ESXi
 
 
So you think your Hard drive is CLEAN

Hi all
Whilst not Windows 7 specific per se this is really important if you think you've found a Virus and are just using the "Infection Processes" supplied by your AV software.

Even a FORMAT of a hard disk doesn't erase or make old data inacessible.

Read this
BBC NEWS | Wales | Missile data found on hard drives

This efectively means a Virus could conceivably "resurrect" itself or "be resurrected" again after being "Cleansed"
(a sub virus ?? could look for the "deleted nasties" and re-activate them).

The normal "Delete" function in an OS just deletes the directory area but doesn't actually delete the DATA itself. This is only deleted or "Overwritten" when the OS decides to re-use that specific area of a disk - which for large TB drives these days could be a long long time into the future.

Most FREE AV software doesn't actually go into the sectors of the infected areas and retrieve the actual physical disk adresses to delete the data. You need to actually make some BIOS calls to "Physically address disk sectors" for data re-writing etc.

Intercepting BIOS calls will show if your AV software works intelligently or whether it just does basic first level "Windows Deletes".

Now Windows itself if it's security is working properly shouldn't allow programs to make BIOS calls directly -- should be done via the API -- so you've got another potential problem here -- your AV program will be blocked by Windows itself from effectively cleansing the disk by directlly calling the BIOS. So if the Virus has attacked the Windows API for Disk I/O you are up that proverbial street without the proverbial.


Until new data is physically re-written in the same actual disk addresses then the old data is actually "recoverable".

I've used a data recovery program like this to recover some pictures I had accidentally deleted after a photo shoot. I had actually even re-formatted the disk but was able to recover the pics.

Whilst "Binning" the disk is not a practical solution for most users you CAN protect against this type of scenario by using utilities which do a "Secure Erase".

These work by writing Binary Zeros on every data area of the disk maybe several times (in "Paranoid level"). They can also clear the MBR.

These still aren't 100% effective but for all practicable purposes where you don't have acees to Militiary grade equipment they will be MORE than sufficient to cleanse your disk.

Here's a decent FREE one from the University of San Diego.

CMRR - Secure Erase

Cheers
jimbo

My System SpecsSystem Spec
.

08 May 2009   #2

windows7 7100 x64
 
 

i use dban before installing a OS that way i know i get a good clean install nothing left on disc at all
My System SpecsSystem Spec
08 May 2009   #3

7600.20510 x86
 
 

I run without the usage of the trash bin, so when I delete something accidentally which is very rare though, I fire up R-Studio to recover it. Never fails if done immediately, without giving Windows the chance to overwrite.

A few weeks ago, I was not my normal self having a good ol' time lol and decided to install one of the 7 builds on my downstairs pc. I accidentally chose the wrong partition, temporarily lost all data on it. Used R-Studio to recover like 30 gigs of mp3s the next day. Went perfectly.

Forensics, if important enough, can recover past an overwrite which is why there's government standards for erasing, Gutmann 35 pass etc...
My System SpecsSystem Spec
.


08 May 2009   #4

Windows 7 Professional 64-bit
 
 

you need a utility that can do zero formatting.
My System SpecsSystem Spec
11 Jun 2009   #5

Windows 7 x64 Professional
 
 

Quote   Quote: Originally Posted by jimbo45 View Post
Hi all
Whilst not Windows 7 specific per se this is really important if you think you've found a Virus and are just using the "Infection Processes" supplied by your AV software.

Even a FORMAT of a hard disk doesn't erase or make old data inacessible.

Read this
BBC NEWS | Wales | Missile data found on hard drives

This efectively means a Virus could conceivably "resurrect" itself or "be resurrected" again after being "Cleansed"
(a sub virus ?? could look for the "deleted nasties" and re-activate them).

The normal "Delete" function in an OS just deletes the directory area but doesn't actually delete the DATA itself. This is only deleted or "Overwritten" when the OS decides to re-use that specific area of a disk - which for large TB drives these days could be a long long time into the future.

Most FREE AV software doesn't actually go into the sectors of the infected areas and retrieve the actual physical disk adresses to delete the data. You need to actually make some BIOS calls to "Physically address disk sectors" for data re-writing etc.

Intercepting BIOS calls will show if your AV software works intelligently or whether it just does basic first level "Windows Deletes".

Now Windows itself if it's security is working properly shouldn't allow programs to make BIOS calls directly -- should be done via the API -- so you've got another potential problem here -- your AV program will be blocked by Windows itself from effectively cleansing the disk by directlly calling the BIOS. So if the Virus has attacked the Windows API for Disk I/O you are up that proverbial street without the proverbial.


Until new data is physically re-written in the same actual disk addresses then the old data is actually "recoverable".

I've used a data recovery program like this to recover some pictures I had accidentally deleted after a photo shoot. I had actually even re-formatted the disk but was able to recover the pics.

Whilst "Binning" the disk is not a practical solution for most users you CAN protect against this type of scenario by using utilities which do a "Secure Erase".

These work by writing Binary Zeros on every data area of the disk maybe several times (in "Paranoid level"). They can also clear the MBR.

These still aren't 100% effective but for all practicable purposes where you don't have acees to Militiary grade equipment they will be MORE than sufficient to cleanse your disk.

Here's a decent FREE one from the University of San Diego.

CMRR - Secure Erase

Cheers
jimbo
very very interesting...

question: system mechanic comes with it's incinerator function... how do you rate that?...
My System SpecsSystem Spec
11 Jun 2009   #6
OEM

OS3.5
 
 

I use Drive Erase Pro. Comes with an application that gets installed for files and drives, and a boot disk.

1. File Shredder. In stead of deleting a file, use this and it will delete then write over the space the file occupied on the disk with a predetermined write sequence or just zero's and up to 10 passes.

2. Drive Erase: Just as the name implies, this will write over an entire drive/disk with different choices of write sequences. It has about 10 different standards or a custom write type and can choose how many times to write over the drive/disk. Usually I'll use the US Defense standard on the first pass, then on the second pass just have it write all zero's.

A 500gig external usb hd takes about 11 hours for 2 passes. For some reason my internal sataII drives take forever when connected to the mob sata ports. It's quicker to connect the sata drives to a sata/ide to usb adapter and run it that way.

It wasn't free, ...think it was about $30. Worth it though and is used quite a bit.
My System SpecsSystem Spec
Reply

 So you think your Hard drive is CLEAN





Thread Tools



Similar help and support threads for2: So you think your Hard drive is CLEAN
Thread Forum
Complete Clean of Hard drive General Discussion
Needing to fully clean out hard drive System Security
How can I properly clean inside of hard drive Hardware & Devices
Solved Clean Install of Win7 - Wipe Hard Drive Clean Installation & Setup
clean XP hard drive using win 7 clean commands? Hardware & Devices
Do i have to partition my hard drive for clean install? Installation & Setup
I have XP on Laptop and need to clean hard drive General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:29 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33