Announcement

Collapse
No announcement yet.

Anti-Virus programs for 18.04 ?

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Originally posted by jglen490 View Post
    It's not that BleachBit is so incapable, it's that computer forensics have gotten MUCH better. A single pass deletion method is never complete. You need to have something that shifts the write heads a small amount each time a deletion/wipe program is in a multi-run deletion activity to catch all the magnetic domains in a block on a block device. Even then, it may not wipe a drive completely.

    Invite the Hulk over, give him a BFH, and ask him to go to town on the hard drive. Then mix the dust into a batch of concrete and dump it in the ocean.
    I believe you are correct about improvements in computer forensics.

    However, concerning single pass cleanings BleachBit wrote the following:
    https://bleachbit.blogspot.com/2009/...ure-erase.html
    Compared to Gutmann-35

    BleachBit's secure erase method is a single pass with zeros, so why doesn't BleachBit use the Gutmann-35 method? The Guttman secure deletion method gives some people a false sense of security. A long time ago (in the technology timeline) the 35-pass Gutmann method was designed for MFM/RLL hard disk drives. My last computer to include a MFM hard drive was purchased in 1989. Time has passed and technology has changed. Today's PATA/IDE and SATA hard drives are much more dense, and NIST, the NSA, and other experts now agree that a single pass to overwrite data is sufficient.
    However, there are two exceptions. First, erasure of individual files (by any erasure method) is not effective in some situations such as using ext3 with the non-default option data=journal. Also, modern hard drives sometimes move data transparently to the operating system. In such cases, it is necessary to either securely wipe the entire disk (in the case of the former) or physically destroy it (in case of the latter).
    That said, BleachBit's method is much quicker than Guttman-35 and generally equally effective for everyday use.
    That said, the Hulk pounding an HD into dust and then just spreading it across the surface of the ocean would, IMO, be more effective the concentrating the dust in a concrete block. LOL!

    An easier way is merely to heat the plates of the drive to the Curie point for Iron, 770C. Then drop the hot plates into a vat of real bleach as an extra measure for corroding the surfaces of the plates. Or just put the plates into a furnace and melt them into a pool of liquid iron, then pour the hot liquid Iron into a vat of water to create tiny beads of iron. As the beads drop below the Curie point they will be weakly magnetized by the Earth's magnetic field.
    Last edited by GreyGeek; Aug 02, 2019, 03:38 PM.
    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    Comment


      #17
      Originally posted by GreyGeek View Post
      Lesson: Perhaps BleachBit isn't the kind of protection from prying eyes that folks are looking for. Maybe they have a gov back door?
      In the United States, all encryption programs, and I believe, all cleansing programs, are required to be 'approved' by the Federal Government before being made available to the public. Incident to that, especially with encryption software, the Federal Government requires that the source code be provided to them so that the ability to circumvent the encryption (have access to a backdoor) is available. So, there isn't any encryption software that is 'legally' out in the public domain that the Federal Government doesn't already have the ability to circumvent.
      Windows no longer obstructs my view.
      Using Kubuntu Linux since March 23, 2007.
      "It is a capital mistake to theorize before one has data." - Sherlock Holmes

      Comment


        #18
        Originally posted by Snowhog View Post
        In the United States, all encryption programs, and I believe, all cleansing programs, are required to be 'approved' by the Federal Government before being made available to the public. Incident to that, especially with encryption software, the Federal Government requires that the source code be provided to them so that the ability to circumvent the encryption (have access to a backdoor) is available. So, there isn't any encryption software that is 'legally' out in the public domain that the Federal Government doesn't already have the ability to circumvent.
        Do you have a citation for that? They tried, but I thought that got voted down in 1996. (Talking about encryption, not cleaning). I'm not saying they don't have the ability, but I don't believe there's anything in the law that requires the turnover of source code. Matter of fact, aren't they pushing for that again, right now? (Of course software for export has it's own set of rules).
        Last edited by SpecialEd; Aug 02, 2019, 03:51 PM.
        If you think Education is expensive, try ignorance.

        The difference between genius and stupidity is genius has limits.

        Comment


          #19
          I don't think they have it, but really want it
          https://www.youtube.com/watch?v=WJ8CwBAfWAg

          Australia already has laws, and such was used in their recent raids against a journalist.
          https://www.theguardian.com/australi...ns-expert-says

          Comment


            #20
            I think GregM is just looking for a cleaner that deletes common, working files in the OS to reduce the burden of it all, maybe free up some space. Gets all crapped up. Especially things like thumbnails and such. I believe cleaners usually have the option to delete and wipe.

            Wiping is another subject--Privacy. When you delete a file, it is not really deleted from the disk, it is only deleted from the user data (in the filesystem). Gutmann is, of course, the classic reference, but has been superseded by more work done in the area, and I'm sure even more work is being done (e.g., with flash drive privacy wipes).

            I think one wipe-pass is enough. Period.

            The determined reader can find all sorts of neat stuff and classic references in two of my how-to's:

            Privacy Cleanup 101
            https://www.kubuntuforums.net/showth...cy-Cleanup-101

            The dd Command
            https://www.kubuntuforums.net/showth...The-dd-Command

            In my how-to's, I show how to securely delete, for example, the free space in your /home.

            It is an interesting subject, but also full of opinions, controversy, myths, and such.

            Bleachbit or CCleaner is fine for everyday deleting purposes.

            If you really need super privacy, damn well better wipe (with dd) in all sorts of ways, and it takes time to make even one pass. Getting rid of an old hard drive: Wipe it with dd (e.g., write zeros to the whole thing), then smash the hell out of it with a heavy hammer. Some use Clorox or Hydrochloric acid dips in the process (guard your eyes and breathing in doing this).

            Good to see you swing by, GreyGeek. You oughta chime in here more often. Been pretty quiet around here lately.
            An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

            Comment


              #21
              BleachBit may be effective for "everyday use", but so is DBAN. A single pass deletion, even when writing zeroes, cannot completely erase a magnetic domain based storage media. there is too much mechanical randomness in the exact placement of the write head on a hard drive, and because of that there is no way to overwrite all the magnetically charged parts of the domain for any particular 1 or 0.

              When you type the word "cat" into a computer and save that word on the spinning hard drive, it's not written as "c" "a" "t". It's the binary equivalent (1s and 0s) of those letters that gets written to the surface of the platter. So writing a 0 over a 0, changes nothing. Writing a 0 over a 1 changes that 1 to a 0, but does not necessarily change all the magnetic domains next to it, and the 1 still exists, probabilistically. Given enough zeroes written through multiple passes, the probability of overwriting all traces of the 1 increases. Computer forensics bets on there being some remnant of that 1 still being in existence. If it does then the investigator will find that you saved the word "cat" to that hard drive.

              Solid state drives may be a different situation, but I'm thinking there may still be probabilities involved.
              The next brick house on the left
              Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



              Comment


                #22
                jglen490--I disagree re your one-pass skepticism. I can only base this on my past research into this subject and will post it here (note the fine points--which covers your "cat" worry, note the references):

                How to securely delete data

                Contents

                -- How to securely delete data: history, misconceptions, controversy
                My take on this -- A prescription for your data wiping
                (This is the current version of the topic)

                -- Archive (a previous version)
                When you delete a file, you do not delete the file
                How to Wipe Data: Logic behind a zero-fill
                Note the section titled
                See for yourself. A Deleted File is Not Deleted
                (An experiment: dd if=/dev/sdc1 bs=16065b | hexdump -C | grep 'Zmy Zfacts')

                How to securely delete data, history, misconceptions, controversy.

                How many "overwrites" are needed to safely wipe your data?
                Can you recover overwritten data?
                How should you overwrite your data?
                How about the government DoD 7-pass standard?
                and, finally,
                -> My take on this -- A prescription for your data wiping

                Answers:
                One.
                No.
                Any way you wish.
                Where did THAT come from?
                My take on this? See below.

                Here's the scoop, my logic, and I'm going to be brief because we have better things to do in this how-to.
                The references are the key.

                In 1996, Peter Gutmann Department of Computer Science, University of Auckland, wrote his now (in)famous, Secure Deletion of Data from Magnetic and Solid-State Memory. THAT is the document that is widely misquoted and misused to promote/preach all sorts of extreme overwriting strategies and rules ("voodoo incantations") for how to overwrite data to prevent recovery. You'll see them all over the Internet, secure data deletion programs that perform up to 35 passes over the data, each time overwriting the data using zeros, ones, other numbers, random numbers, and pseudo random numbers.

                Even Gutman takes issue with the mis-use, misinterpretation, of his paper. Sometime between 1996 and 2002, he wrote his Epilogue:

                "In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical
                analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, 'A good scrubbing with random data will do about as well as can be expected'. This was true in 1996, and is still true now." [Emphasis added]

                In July 2003, Daniel Feenberg, National Bureau of Economic Research, Cambridge MA, published a cogent rebuttal to the Gutman paper, "Can Intelligence Agencies Read Overwritten Data? A response to Gutmann." After working through several logical points, as well as points of evidence, Feenburg concludes, "... that Gutmann's claim belongs in the category of urban legend. Or it may be in the category of marketing hype ..." and " ... Of course it has been several years since Gutmann published. Perhaps microscopes have gotten better? Yes, but data densities have gotten higher too. An hour on the web this month looking at STM sites failed to come up with a single laboratory claiming it had an ability to read overwritten data ... Recently I was sent a fascinating piece by Wright, Kleiman and Sundhar (2008) who show actual data on the accuracy of recovered image data. While the images include some information about underlying bits, the error rate is so high that it is difficult to imagine any use for the result. While the occasional word might be recovered out of thousands, the vast majority of apparently recovered words would be spurious ... Charles Sobey has posted an informative paper "Recovering Unrecoverable Data" with some quantitative information on this point. He suggests that it would take more than a year to scan a single platter with recent MFM technology, and tens of terabytes of image data would have to be processed."

                Charles H. Sobey, in his white paper, "Recovering Unrecoverable Data - The Need for Drive-Independent Data Recovery," (see Section 4.2.2 Magnetic Force Microscopes (MFM)), after rather technical analysis, concludes, " ... Although such exotic methods of data recovery are theoretically possible ... I have found no evidence of commercially viable recoveries being performed. Furthermore, I have seen no public demonstrations of any of these methods that show the recovery of files or even user data--only images or raw encoded data." And like other sources, Sobey points out that the error rates inherent in the technology of trying to read any data off disks are very high.

                Starman--Daniel B. Sedory--having researched the topic to its outer limits, concludes that for most of us and almost all home or personal privacy needs, "... we believe simply 'zeroing-out' a drive AND checking that it has actually been done is more than adequate." And, further, "...NOW IN THE YEAR 2008, after 15 years of people warning others and passing along their fears of possible scenarios involving elecron (sic) microscopes, WE STILL have NEVER heard of a single case from any lab actually using a microscope to discover any useful bit patterns [emphasis added]!" And, "Personally, I'm not at all concerned about anything I 'zero-out' on a hard disk ever being seen by someone else again. If you think that any local law enforcement or government agency is going to attempt to find data on a drive with ALL zeros by taking a very long time and spending more money than they can really afford with no assurance whatsoever of finding anything(!), then you're living in a dream world that's already beyond all the fictional elements in TV shows like CSI and other such scientific forensic evidence dramas. It's much easier ... to obtain data about you using many other means!"

                Finally, you will see MANY Internet references to the US government 7-pass DoD wipe standard (as per DoD 5220.22-M). After another extensive research effort, Starman is unable to fully trace where this came from. Although it can mean many things, most references to the government 7-step wipe consider it to be " ... three cycles of alternating patterns of 0x00 and 0xFF, followed by an 0xF6 byte pattern for a total of seven passes. But as the DSS and other security organizations have pointed out, they rarely include a verification pass!" (See Starman, "DoD 5220.22-M and its relation to the so-called DoD Wipe Standard")

                -> My take on this -- A prescription for your data wiping

                For most of us, it suffices to do a simple one-pass zero-fill (zero-out) of your files/partition/drive to ensure that no one will be able to retrieve your data. That includes users who keep on their PCs personal correspondence/emails, documents, normal business, finance, and medical records, family/personal photos, and personal items downloaded from the Internet (including legal adult materials).

                Other things you can do: Now, if you wish to do a pass with random or pseudo random numbers instead of zeros, that's fine, too; or do multiple passes. Another thing some folks believe in is doing a zero-fill followed by a fill with truly random numbers; the random numbers making it less obvious that a file was wiped, and maybe making it technically more difficult to detect meaningful information from the wiped bits. Or, do a zero-fill of a file, then before deleting the file change it's name to some random characters or a nonsense name, again making the job of data recovery folks more difficult. Some sources do a wipe using random numbers, then a final wipe with zeros (the opposite of what has been said above).

                If your data is extremely sensitive for whatever reasons, my sense is that you will be able to decide what to do based on what is said here and the links (which I'm sure you will read in great detail). Having said that, (1) the evidence suggests that one zero-fill will likely do the trick; (2) some folks would probably feel better doing two or three passes, perhaps with zeros and random numbers; and (3) most folks in the category will want to secure their data and PC physically, and when done with a drive will want to physically destroy it (using standard means of physical shredding, burning, hammering it into small pieces, using a blow torch on it, etc.).

                References

                Peter Gutmann, Secure Deletion of Data from Magnetic and Solid-State Memory
                http://www.cs.auckland.ac.nz/~pgut00...ecure_del.html

                Peter Gutmann, Epilogue
                http://mirror.href.com/thestarman/as...nnEpilogue.txt
                (Credit goes to thestarman.)

                RE: Peter Gutmann data deletion theaory (sic) ?
                http://seclists.org/bugtraq/2005/Jul/464

                Daniel Feenberg, "Can Intelligence Agencies Read Overwritten Data? A response to Gutmann."
                http://www.nber.org/sys-admin/overwr...a-gutmann.html

                Charles H. Sobey, "Recovering Unrecoverable Data - The Need for Drive-Independent Data Recovery,"
                527KB PDF. Published April 14, 2004.
                http://www.actionfront.com/ts_whitepaper.aspx

                Daniel B. Sedory (starman), "How To Permanently Erase Data from a Hard Disk"
                Copyright©2003-2008 by Daniel B. Sedory (starman)
                http://mirror.href.com/thestarman/asm/mbr/WIPE.html

                Daniel B. Sedory (starman), "An overwriting standard: there was some truth to it in the past"
                http://en.wikipedia.org/wiki/Talk:Na...ting_standard:
                _there_was_some_truth_to_it_in_the_past

                Daniel B. Sedory (starman), "DoD 5220.22-M and its relation to the so-called DoD Wipe Standard"
                http://mirror.href.com/thestarman/asm/5220/index.html
                Compiled by Daniel B. Sedory
                All Original Research is Copyright©2008 by Daniel B. Sedory
                (re Where did the so-called 7-pass DoD 5220.22-M Wipe Standard originate?)
                Link to my post:

                https://www.kubuntuforums.net/showth...l=1#post107356
                An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

                Comment


                  #23
                  I don't disagree, but I do understand the probabilistic nature of writing to a moving magnetic platter with a mechanical write arm.

                  If you use dd, or DBAN, or BleachBit in a single pass write method, it's good enough. The rest of it is if the owner of the data has no concerns about the legality or morality of the data being wiped, and that has nothing to do with the mechanics of wiping the drive.

                  I still like the Hulk method of destroying data
                  The next brick house on the left
                  Intel i7 11th Gen | 16GB | 1TB | KDE Plasma 5.27.11​| Kubuntu 24.04 | 6.8.0-31-generic



                  Comment


                    #24
                    Originally posted by jglen490 View Post
                    BleachBit may be effective for "everyday use", but so is DBAN. A single pass deletion, even when writing zeroes, cannot completely erase a magnetic domain based storage media. there is too much mechanical randomness in the exact placement of the write head on a hard drive, and because of that there is no way to overwrite all the magnetically charged parts of the domain for any particular 1 or 0.

                    When you type the word "cat" into a computer and save that word on the spinning hard drive, it's not written as "c" "a" "t". It's the binary equivalent (1s and 0s) of those letters that gets written to the surface of the platter. So writing a 0 over a 0, changes nothing. Writing a 0 over a 1 changes that 1 to a 0, but does not necessarily change all the magnetic domains next to it, and the 1 still exists, probabilistically. Given enough zeroes written through multiple passes, the probability of overwriting all traces of the 1 increases. Computer forensics bets on there being some remnant of that 1 still being in existence. If it does then the investigator will find that you saved the word "cat" to that hard drive.

                    Solid state drives may be a different situation, but I'm thinking there may still be probabilities involved.
                    And thus, the FBI was able to get *ALL* of Hillary's 62,320 emails off of the Platte River Network drives on which clintonemails.com resided, EVEN THOUGH the PRN admin used BleachBit on them. Real bleach would probably have done better, Or a hammer, or a blow torch. So, Joe and Sally Sixpack don't have a prayer of a chance of keeping their data out of the hands of *gov agents* simply using BleachBit or what ever other digital cleaner they they believed the marketing hype about.

                    Aside from totally destroying my storage medium in a fire I hold no illusions about even my 4096 byte RSA key keeping the gov agents out of my data. Joe and Sally? Of course, but they could never access my home account anyway even if I gave them my computer. But, the government cracked the RSA 4096 key in 2013 by merely listening to a computer's microphone as it encrypted and decrypted files. When true quantum computers arrive, IF they ever do, then all digital keys are vulnerable, regardless of the byte size. Even a quantum key won't be safe, but at least one would be able to tell if the data was eaves dropped on because entanglement would be lost.
                    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                    – John F. Kennedy, February 26, 1962.

                    Comment


                      #25
                      jglen490: I do understand the probabilistic nature of writing to a moving magnetic platter with a mechanical write arm.
                      Oh, yes, I do agree that you do! In fact, check me on this, I believe there's another related issue: bits. They are also a bit shaky at times, right? In the sense that a bit represents an electric charge, and that charge may be strong enough to clearly indicate the bit; or that charge may be weaker than usual, but "borderline" in strength and may or may not correctly indicate the bit value. I think you encounter this when there is possible damage to your system--the monitor, the BIOS, the mobo. Subtle, problematic hardware issue.
                      An intellectual says a simple thing in a hard way. An artist says a hard thing in a simple way. Charles Bukowski

                      Comment

                      Working...
                      X