10

I have an old Windows 7 computer that I want to format and prepare for selling to somebody. I am using Parted Magic for disk operations and I'm wondering if "erasing the disk safely" is really necessary or if I could just delete the existing partitions using partitions manager, then reinstall Windows on it? Also for information purposes the disk is a 500GB standard drive, and I'm worried about how much time erasing the disk safely could take.

Hashim Aziz
  • 11,898
  • 35
  • 98
  • 166
William Weifenbach
  • 261
  • 1
  • 5
  • 12
  • 1
    Use dban, just let it run over night. https://dban.org/ – ivanivan Oct 27 '18 at 23:30
  • Not recommending [one over another](https://helpdeskgeek.com/free-tools-review/5-free-programs-to-completely-wipe-a-hard-drive/), wipe first install linux, wipe reinstall windows. – mic84 Oct 28 '18 at 07:44
  • 4
    If you are *really* paranoid about this, buy a new disk and keep your old one. A 500Gb internal drive isn't expensive. – alephzero Oct 28 '18 at 09:51
  • 4
    Keep in mind that on your disks are stuff like cookies for browsers. So it would be possible to regain them and access your accounts. Definitely securely erase the disk even if you don't have sensistive files. You still probably have sensitive credentials around. – Bakuriu Oct 28 '18 at 13:34

4 Answers4

11

If the disk at any point contained sensitive information, or if you ever used the computer that the disk was installed in for sensitive purposes, then yes, a proper wipe is necessary.

Due to the nature of how hard drives work, any data that you delete from within an operating system is never quite deleted, at least not immediately. Instead, the filesystem on the drive (NTFS, in the case of most Windows-formatted drives) removes all references to the data's location on the hard drive, making it inaccessible from within the operating system. The data itself stays on the hard drive until it is naturally overwritten by a newer piece of data that needs to take its place. Depending on how much free space is left on your drive, this could be anything from hours to never at all.

Likewise, cleaning partitions also does nothing to the existence of the data on the drive, and this doesn't change when you're installing Windows to the drive, unless the installation happens to take up the space of the entire drive in question (which is unlikely).

Freely-available data recovery tools like Recuva and GetDataBack are designed for this exact purpose - to recover files, folders and even entire partitions from a hard drive that hasn't been properly wiped. This means that any remaining data in the structures of your hard drive is easily recoverable to anyone technologically adept enough to know of and operate these programs, which is a very low bar.

That said, it's not necessary to use third-party utilities like Parted Magic to securely wipe a (mechanical) disk. In fact, you can do so from Windows itself provided that the disk you want to wipe is not the one you're booting from. Simply select the disk in question in My Computer and run a long format by right-clicking on the drive, selecting Format and unchecking the Quick format checkbox. Windows' long format wipes drives just as most other third-party "secure wipe tools" out there do (for those who doubt this claim, see the addendum).

If you are booting from the drive that you want to securely wipe, then your only option is to create a bootable disk containing a tool like DBAN or Parted Magic, and then boot into that to wipe the drive in question.

As for the time that the format will take, I expect for a standard HDD it will take a few hours. The question you need to ask yourself is whether that's too high a time cost to make sure that any data you once stored on the drive doesn't end up in anyone else's hands.

ADDENDUM

There are apparently a number of people who doubt the claim that Windows' long format provides any less secure a wipe than third-party secure wipe tools, or who believe that Secure Erase provides an inherently more secure wipe for HDDs. They'd be patently wrong.

Windows' long format tool works by writing binary zeroes to the raw sectors of the drive, and has done so since Windows Vista was released more than a decade ago. This is also how third-party secure wipe tools work, including the Linux go-to dd if=/dev/zero.

Secure Erase does the same, with the difference that it's a firmware-level tool built into the drive itself, and as such depends on the hard drive manufacturer's implementation of the ATA specification to zero-write the drive successfully. Considering that many hard drive manufacturers have in the past shown a failure or unwillingness to implement these standards correctly, with some drives reporting a successful wipe even while all the data on the drive was still intact, this makes Secure Erase inherently insecure unless you're willing to test your particular drive's implementation of SE and confirm it works as intended... in which event it would be exactly as secure as a Windows long format or zero-write; no more and no less.

The exception to this is if your drive is an SSD (which the OP's is not) in which case you have no option but to resort to a Secure Erase, as software zero-writes are ineffective on an SSD. Even in this scenario, however, a Secure Erase is the least secure disk sanitisation option available to you; you should use an Enhanced Secure Erase, which writes a vendor-defined pattern to the drive, or a Block Erase, a newer (and therefore less-supported, but even more secure) option which also wipes an SSD's non-user-accessible areas such as the HPA (traditionally, these are the areas of an SSD that are the hardest to wipe and therefore most likely to contain remnant data).

Hashim Aziz
  • 11,898
  • 35
  • 98
  • 166
  • 7
    The claim that a long format is "as secure as a wipe" is simply inaccurate. Using the drive's Secure Erase function is always a better choice. – chrylis -cautiouslyoptimistic- Oct 28 '18 at 02:57
  • 8
    @chrylis "always" might be too strong. If the drive's Secure Erase function is correctly implemented, than I would tend to agree with you. Unfortunately, a few years back at least (and we don't know the age of the OP's disk), several disks had faulty Secure Erase implementations, that did sometimes did nothing but report success (https://www.usenix.org/event/fast11/tech/full_papers/Wei.pdf). I can't find a more recent study, but I wouldn't necessarily trust all manufacturers to correctly implement it even today. – user2313067 Oct 28 '18 at 06:48
  • 1
    FYI, Windows 10 has a built in feature designed to do this to prepare a computer for sale, simultaneously reinstalling and wiping, called "Reset this PC" available from Settings -> Update & Security -> Recovery. – BeowulfNode42 Oct 28 '18 at 14:11
  • @chrylis No it's not, you're just misinformed. Secure Erase is a firmware-level implementation on ATA drives to overwrite the underlying architecture of the drive with binary zeroes. This is exactly the same thing that tools like Parted Magic and Linux's `dd if=dev/zero` do, and that includes Windows' long format, as opposed to its short format which zero-writes only the MFT. Add to that the flawed implementations of Secure Erase pointed out to you above, and it's far more secure to rely on an operating system tool that definitively writes zeroes over a firmware-level one that tells you... – Hashim Aziz Oct 28 '18 at 15:22
  • ...it has but doesn't actually do anything at all. The only scenario in which Secure Erase should be preferred to zero-writing a disk from the operating system is when the drive in question is an SSD, where zero-writing can actually damage such disks due to wear-levelling. – Hashim Aziz Oct 28 '18 at 15:22
  • Although I should clarify that Windows' long format only started writing zeroes from the release of Vista, in 2006. Windows XP, which is almost two decades old at this point, doesn't write zeroes to the disk with a long format. This isn't relevant to the original question nor to the vast majority of those that will be coming across this answer, but for the handful of people still using XP, it's worth making clear. Also, stop using XP. – Hashim Aziz Oct 28 '18 at 15:51
  • 1
    Thank you for the detailled answer. I did the Windows format option like your picture shows, however the format process took only about 10-15 seconds..? I did this and then deleted partitions, created new ones and installed Windows on it – William Weifenbach Oct 28 '18 at 16:27
  • @user2313067 the drive, if I remember correctly, is samsung/seagate spinpoint that has the 2010 or 2013 date on it – William Weifenbach Oct 28 '18 at 16:28
  • @WilliamWeifenbach Interesting. If it was that quick, then it's definitely not a long format, which is odd because Windows should definitely have implemented a long format instead of a short format at that stage. It sounds like you only have the one drive, in which case your best bet to wiping the drive now would be to boot into Parted Magic or DBAN and wipe the drive properly before reinstalling Windows on it. – Hashim Aziz Oct 28 '18 at 16:34
  • @WilliamWeifenbach If, on the other hand, Windows was installed to another drive and the drive you need to wipe is installed as a secondary drive, then you can just do a long format from within Windows by right-clicking the target drive in My Computer, selecting `Format` and making sure the *Quick Format* option is unchecked. – Hashim Aziz Oct 28 '18 at 16:34
  • @Hashim i only have 1 drive and thats the one I want to format abd reinstall Windows on it(wich I did following up my previous answer) – William Weifenbach Oct 28 '18 at 16:37
  • Then you should go for the first option to securely wipe the drive. Use Parted Magic or DBAN on a bootable disk that you can boot into to wipe out the disk. – Hashim Aziz Oct 28 '18 at 16:40
  • 1
    @Hashim I did the secure erase with Parted Magic. Thank you for the detailled answer! – William Weifenbach Oct 31 '18 at 22:24
  • @WilliamWeifenbach Glad it helped! – Hashim Aziz Oct 31 '18 at 22:50
  • @Hashim - You mention that a Secure Erase results in the firmware on the disk performing an equal function to dd if=/dev/zero, can you please provide a reference? Equally, if Windows' long format provides an similar outcome, can you also provide an authoritative reference? Additionally, you may wish to consider the topics Ryk touches on in the post (https://serverfault.com/questions/147759/dd-vs-secure-erase-for-reconditiong-ssds) – Motivated Dec 27 '18 at 18:04
  • @Motivated I thought I'd made it clear in the answer that I was referring to SSDs throughout, as the OP's drive was a HDD, but I've now made this clearer and added more caveats for SSDs. Both the references you want are already in the answer: the first is in the section of the [Michael Wei paper](https://www.usenix.org/legacy/event/fast11/tech/full_papers/Wei.pdf) entitled "Built-in sanitize commands". – Hashim Aziz Dec 27 '18 at 20:25
  • @Motivated The second is in the comments of [this linked answer](https://superuser.com/questions/1046136/windows-7-does-formatting-a-disk-actually-write-zeros-to-it/1046139#1046139), though I've added it back into the answer and removed the dead link. – Hashim Aziz Dec 27 '18 at 20:25
4

If you have any Linux in hand, this is very simple and easy:

sudo dd if=/dev/zero of=/dev/sdX

where sdX should be replaced by the actual device of the disk you want to wipe.

Quick estimation about timing. I used this way to wipe a 3.5" hard drive (1 TB). The write speed started off at 220 MB/s and near the end it's 100 MB, so I assume 150 MB on average. Then it'd take less than 2 hours for a complete wipe, if everything does well.

You can also try the built-in functionality, DiskPart.exe to wipe. You can open up a Command Prompt window with Administrator privileges (use Task Manager to achieve this), then run in Command Prompt:

DiskPart

SELECT DISK 2  (where you should replace 2 with your actual disk number)
CLEAN ALL

Then DiskPart will clean the whole disk, identical to the Linux dd method.

Optionally in Linux, you can dd if=/dev/urandom so the disk is overwritten with random data, but it is considerably slow depending on your computer configuration.

iBug
  • 10,304
  • 7
  • 37
  • 70
1

Do it more securely with pseudo random numbers from /dev/urandom instead of zeros from /dev/zero. As root or as normal user with sudo:

sudo dd if=/dev/urandom of=/dev/sdX bs=1M

With

bs= blocksize, how many bytes to write at once,
urandom = pseudo random numbers, pretty secure. 
sdX = the hard drive you want to overwrite (be careful to choose the right one)

Urandom uses data from /dev/random/ to start its random number generator seed and uses as much real random number as possible. But if runs out of random numbers, it won't stop but generate pseudo random numbers with real random numbers as seeds.

Dont use /dev/random it uses "real" random numbers from packet counters or mouse movement etc. When there are no random numbers left, it will just stop and wait for new ones. This takes ages to complete.

urandom means unblocking random, because it continues with pseudo random numbers and does not block the system by waiting for new real random numbers.

This is a bit slower but more secure.

stupidstudent
  • 121
  • 5
  • *"Alternatively, plain dm-crypt can be used for a very fast wipe with crypto-grade randomness, see [Item 2.19](https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions)"* – Xen2050 Oct 28 '18 at 13:08
  • 2
    using random data for a 'more secure wipe' is a common misconception. Simply zeroing a drive with 1 pass is enough. See https://askubuntu.com/questions/21501/possibility-of-recovering-files-from-a-dd-zero-filled-hard-disk or https://skeptics.stackexchange.com/questions/13674/is-it-possible-to-recover-data-on-a-zeroed-hard-drive – BeowulfNode42 Oct 28 '18 at 13:59
0

In particularly case you can just use CMD to fill erased places on disk with, for example, large movie file. 

C:>\...\for /L %a in (1,1,999) Do copy YOUR_MOVIE_FILE %a

Where 9999 - your count of copies. Then quick format for clean.

user1855805
  • 147
  • 1
  • 2
  • 8