Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:11 ADT
Simon R Knight (srk@tcp.co.uk)
Mon, 29 Jun 1998 16:51:01 0000
On 28 Jun 98 at 22:33, jcaldwel@iquest.net wrote:
> On 28-Jun-98 Simon R Knight wrote:
>
> > Examining the first 16k of my "Windows For Workgroups"
> > permanent swap file (386spart.par), I note that all the bytes
> > are set to FF hex. I have read that if the begining of this file is
> > wiped (from DOS) then an error will occur when Windows is
> > re-started.
>
> No, there is some freeware tools that are damned good at wiping that file,
> they trucate the hidden space at the end of dos file, wipe deleted files and
> wipe empty space on the drive.
>
> This is the one I remember, good stuff dos/W3xx/WFWF3xx though if '95 is using
> FAT16 or vfat they should work ok but I don't know about FArT32. The author
> does seem to have a '95 zapswap version.
Yes ... there are some good wiping utilities available;
I particularly like "zapswap.com" and "zapswp95.com" for wiping
Windows swap files from DOS. As for wiping ordinary files/clusters
from Windows, I prefer to use my own wiping utilities, so that I can
control exactly what occurs on the disk surface. The free
"bcwipe.exe" from the company providing "BestCrypt" is useful
under Win95, but it still doesn't compare to the absolute control
that can be had over the wiping process, by writing custom routines.
It's true that existing swap file wiping utilities avoid wiping the
initial bytes of the Windows swap files, and were I not programming
under Windows, then I would be happy to use these utilities alone. As
a shareware programmer with an interest in privacy enhancing tools, I
have to address the security hole that exists because sensitive data
can not be locked in RAM; the only way I can (currently) do this is
to advise users of my sofware to employ one of the popular swapfile
wiping utilities also ... and to explain why.
At present there are no wiping utilities (AFAIK) that can wipe a
Windows swapfile while Windows is running, because to do so would
cause Windows to crash. Win 95 utilities like "bcwipe.exe" simply
wipe free disk space which is a far from satisfactory, because a
single overwrite alone can easily take so long that no one would want
to do this after every Windows session where encryption is used.
Additionally, wiping free disk space while Windows is running may not
access areas of the disk paged to under a temporary swap file when
the associated application is closed, and so wiping free disk space
under Windows does not provide true security.
With a detailed understanding of the Windows paging process under
both 16 and 32 bit environments, it may be possible to monitor paging
of sensitive data, and wipe the associated disk pages while Windows
is actually running. If only a few pages need to be wiped then
routines that overwrite up to 35 times with special bit patterns can
be used, as proposed by Peter Gutmann in "Secure Deletion of Data
from Magnetic and Solid-State Memory". I have found that it is
possible to overwrite disk clusters (35 times) quite quickly if code
is optimized for this, and so wiping of Windows disk pages while
Windows is running, is route that I wish to explore. This way I can
write a .dll that can be called by my future programs, or those of
others.
Regards,
Simon
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:19:11 ADT