Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security IT

Microsoft Offers New Data-Security Scheme 309

bingly_beep writes "The BBC is reporting Microsoft's new user security measure, whereby users sensitive information is stored on their PC rather then online, as in their previous offerings, such as Passport. This sounds like a good idea, but any such system would surely require that the user definitely erases the HD on any machine they sell. Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."
This discussion has been archived. No new comments can be posted.

Microsoft Offers New Data-Security Scheme

Comments Filter:
  • by account_deleted ( 4530225 ) on Wednesday March 30, 2005 @06:17PM (#12094812)
    Comment removed based on user account deletion
    • by mboverload ( 657893 ) on Wednesday March 30, 2005 @06:36PM (#12095026) Journal
      I made a guide to using eraser, which would do the same thing. http://mboverload.no-ip.org/tech/recyle.html [no-ip.org]
      • by flithm ( 756019 ) on Wednesday March 30, 2005 @07:32PM (#12095575) Homepage
        Despite what they tell you, these erasure programs do not work on drives using journalled filesystems (ie almost every drive there is these days... including you Windows users with NTFS, and Linux users with Reiser, Ext3, XFS, etc).

        For more information check out this link [infoanarchy.org].

        For the lazy, here is a summary:

        Many modern operating systems such as Windows XP (NTFS), Mac OS X ( [[HFS+]] ), and GNU/Linux with a kernel version greater than 2.4 (Ext3, JFS, ReiserFS, and XFS) have the ability to use a journaling filesystem that makes complete erasure of data unlikely.

        There are several ways to securely wipe files when using journaling filesystems:

        Store data that needs to be wiped on a partition (slice, volume, or drive) that uses a non-journaling filesystem. For example, users of Windows can use a Z: drive formatted with FAT32, and users of GNU/Linux can use a partition formatted with Ext2.

        Store data that needs to be wiped on a partition that is encrypted using Hard Disk Encryption. This eliminates the need to use a secure wiping mechanism for individual files.

        Store data on a temporary partition using any journaling or non-journaling filesystem. When it is time to wipe all files, use a tool such as Eraser or Wipe to securely wipe the entire partition.

        Physically destroy the hard drive after use by melting the hard drive. (Passing a magnet over the hard drive will not work.)

        So, basically... there is no proper way of protecting yourself from undelete data recovery methods, if you use a journalled file system, aside from keeping some thermite handy!

        If you ask me, we should all be encyrpting our data partitions by now!

        • Update on This (Score:4, Insightful)

          by flithm ( 756019 ) on Wednesday March 30, 2005 @07:43PM (#12095677) Homepage
          Just wanted to update and say that, you can safely erase an entire hard drive (even with a journalled filesystem) if you unmount it, and wipe it (ie side step the filesystem driver). This is pretty easy to do in Linux, not sure about Windows... although I know one good method would be to use the hard drive manuacturers low level formatter (running it 3 or 4 times should be enough).

          But once again, be wary of any file erasure programs like the one mentioned by the grandparent post. You need to take care that your usage of them is not in vain!
        • Ok, while all that sounds technically competant, I must disagree... and agree.

          Data stored on a hard disk (or floppy disk, or any other magnetic-based medium) uses the polarity of a tiny portion of the disk (eg. a "sector") to determine if that portion contains data equating to a one or a zero.

          When the write head of a HDD applies a magnetic charge to a portion of the disk, it has just enough strength to change the surface polarity to the intended bit value. If it uses too much, it'll spill over onto adja

          • When the write head of a HDD applies a magnetic charge to a portion of the disk, it has just enough strength to change the surface polarity to the intended bit value. If it uses too much, it'll spill over onto adjacent portions; not enough, and the polarity of the magnetically sensitive material beneath it will interfere with the intended bit value.

            What you are saying is true. If you only overwrite the data a single time, it is easy to determine what the previous value was.

            However secure erase tools will
        • by DM9290 ( 797337 ) on Thursday March 31, 2005 @03:49AM (#12098227) Journal
          Despite what they tell you, these erasure programs do not work on drives using journalled filesystems (ie almost every drive there is these days... including you Windows users with NTFS, and Linux users with Reiser, Ext3, XFS, etc).

          This is not entirely correct.

          Journaled file systems by default only use the write ahead log or "journal" for metadata changes, and not for data itself.

          This means, when you overwrite the file 35 times in place, the journal is not involved in this operation.

          When the secure delete program, then issues a DELETE, that operation is logged. Some time shortly thereafter the directory structure is updated to reflect that deletion. However, the data would have been overwritten 35 times (using the defaults in the eraser program) notwithstanding that the delete may be deferred.

          As long as the filing system allows software to bypass the write-behind disk cache this works.

          If your disk controller hardware has its own cache this may very well interfere.

          a journaling filing system makes it more difficult to hide the fact that a deleted file ever existed, but it typically will not interfere with writing data into that file.

          Additionally the article expresses concern that a journaling system may move a file to a new location on a write.

          You will want to confirm for your specific filing system, but typically this would be very very inefficient on a hard disk.

          AFAIK ext3, reiser, NTFS, BeFS (the only journaled filing systems I have much experience with) do not move files around on the partitian simply because the data within the file is modified.

          Since hard drives support random access, on a hard drive there is very little likelyhood that a superior location to store that file will be found than the original location chosen (and there is no reason to NOT use the original location). Hard drives fill up over time. The overhead in choosing a better location in very expensive.

          Someone please correct me if I am wrong.

          In fact, (with those FSs that I mentioned) unless you defragment or something, files are left in the original locations they were allocated, and any modifications occur on the same disk locations.

          Another factor to consider. The journal is typically implemented as a fixed size circular buffer, and it is overwritten frequently.

          If you want to help insure this happens soon perform the following operation.

          1: create a directoy X.
          create a 0 byte file Y inside inside directory X.
          2:
          open Y. append 1 byte.
          close Y.
          move Y to the parent directory of X.
          open Y. append 1 byte.
          move Y back inside X.
          rename Y to some random name.
          rename directory X to some random name.
          touch X
          touch Y
          copy Y to a new file Y!
          delete Y
          let Y! now be the new Y (for future iterations)
          3: repeat all steps from 2: until 3: a hundred thousand times or so.

          Do that with your disk cache turned off (or a sync operation between every step) and that will probably irradicate whatever is in the journal.

          This loop causes a ton of meta data changes which must be written into a write ahead log. Moving and renaming the file may or may not be considered a metadata change depending on the FS, it may simply be a data change to data in a directory (I believe this is the case in ext3; but if I recall, in BeFS file renaming and moving is a metadata change.

          Finally.. since the journal doesn't track data itself, the only thing it may contain are filenames, paths and perhaps filesizes. Your data is not there.

          in any event, while there is merit to the concerns expressed in the article, they are somewhat overstated.

          If you ask me, we should all be encyrpting our data partitions by now!

          I agree with you there.
          Storing plain text is absurd.

  • Aw hell... (Score:5, Insightful)

    by werewolf1031 ( 869837 ) on Wednesday March 30, 2005 @06:18PM (#12094825)
    Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."

    Yeah, like THAT won't be hacked all to fvck by virus-writers. Great suggestion!

    • Re:Aw hell... (Score:5, Insightful)

      by rbarreira ( 836272 ) on Wednesday March 30, 2005 @06:23PM (#12094874) Homepage
      Virus writers don't need that to destroy the data of a windows pc...
    • Re:Aw hell... (Score:4, Insightful)

      by nine-times ( 778537 ) <nine.times@gmail.com> on Wednesday March 30, 2005 @06:25PM (#12094907) Homepage
      You know what, I actually really like the idea. Maybe it shouldn't be too simple, but in theory, all user data SHOULD be kept in the user's profile. I hate when some application developer doesn't follow this, but it really should be kept there, and every user should have full access to their own profile anyway.

      So, if you had some user-friendly (but clearly labeled, and with warning messages) option to "secure delete" user profiles, it seems like it would be a nice security measure. It's not technically difficult, and not anything a virus/trojan couldn't do on it's own, and if all user data really is being stored in the user profile, it's not complicated.

      • Re:Aw hell... (Score:5, Insightful)

        by werewolf1031 ( 869837 ) on Wednesday March 30, 2005 @06:31PM (#12094976)
        and not anything a virus/trojan couldn't do on it's own

        Not quite. Think about it: In this particular scenario, we're keeping all our personal/important/sensitive data in one place, and more dangerously, a place that's standardized, ie. easy to find. At least with users scattering their personal stuff all over the hard drive, it's easier to "mask" from a virus/trojan looking for that data.

        But with this new setup, the data's all in one spot. In the SAME spot, regardless of the machine or the user. (Cuz you just know that MS is gonna create a standard folder for this.)

        So, by doing this, it'd actually make the malicious program writer's job easier.

        • Re:Aw hell... (Score:3, Insightful)

          by nine-times ( 778537 )
          All that sort of data should be kept in a standard place anyway. Scattering it about the hard drive only means that users need higher access levels to more directories, which INCREASES the damage a virus is able to do (assuming users aren't running as admin, which they shouldn't be, and assuming a virus isn't exploiting a security hole to elevate its privileges, which there isn't much you can do to prevent it from wreaking whatever havoc it wants at that point).
          • Re:Aw hell... (Score:3, Informative)

            assuming users aren't running as admin, which they shouldn't be

            You're absolutely right, they shouldn't be. But they are, a great many of them, because unfortunately many 3rd-party apps, especially games, require admin rights to run properly -- and who wants to exit and login as a different user every time they want to play a game? (Which in itself is a separate rant.)

            With so many users running with admin rights, it'll be a no-brainer to compromise this particular setup.

            • Re:Aw hell... (Score:4, Insightful)

              by nine-times ( 778537 ) <nine.times@gmail.com> on Wednesday March 30, 2005 @06:58PM (#12095233) Homepage
              You're absolutely right, they shouldn't be. But they are, a great many of them, because unfortunately many 3rd-party apps, especially games, require admin rights to run properly -- and who wants to exit and login as a different user every time they want to play a game? (Which in itself is a separate rant.)

              With so many users running with admin rights, it'll be a no-brainer to compromise this particular setup.

              I guess that, when Microsoft talks about their future plans for "improving security", I assume that the first assumed step is to rectify that particular problem. Perhaps I'm naive to attribute even this small measure of care and competence to Microsoft's developers. However, any other security steps are pointless until this issue is rectified. Frankly, it's obscene that Windows has been encouraging users to run as admin for so long, and failing to discourage developers from requiring administrator access to run simple applications. It's pointless and it's stupid.

              • Re:Aw hell... (Score:5, Informative)

                by sqlrob ( 173498 ) on Wednesday March 30, 2005 @07:11PM (#12095355)
                The "Designed for XP" label requires the ability to run as a lower privileged user. I don't know how much more MS can really do to enforce it.

                The problem with games is that they use low level access for copy protection tests, and need admin level to do that.

                • Re:Aw hell... (Score:3, Interesting)

                  by MoreDruid ( 584251 )
                  Why then don't the developers create something like Nero Burning Rom does? Create a separate group for gaming, with all appropriate permissions. Shouldn't be that hard.

                  On another note, I'd like Windows to have simple profile switching. No, not the user profile, but the system settings. 1 gaming profile with all the systray stuff out of the way except for AV-software and the firewall, no background services bloat etc. Another profile for strictly browsing and e-mailing with super-restricted access to the low

              • Re:Aw hell... (Score:2, Informative)

                by Anonymous Coward
                Frankly, it's obscene that Windows has been encouraging users to run as admin for so long, and failing to discourage developers from requiring administrator access to run simple applications. It's pointless and it's stupid.

                To put it bluntly, you don't know what you're talking about.
                As a software developer, I know firsthand that Microsoft is trying to get application developers to stop writing programs that require the users to be Admin level. If you know anything about .NET logo certification, you wou
    • Comment removed (Score:4, Insightful)

      by account_deleted ( 4530225 ) on Wednesday March 30, 2005 @06:39PM (#12095065)
      Comment removed based on user account deletion
      • While I don't necessarily know that this is a good idea, the answer to your problem is relatively simple. You don't need to wipe the entire disk. All you need to do is wipe the areas that contain sensitive information. And we aren't talking about any and all sensitive data; just the files assoicated with the new Passport alternative. Keep a list of dirty clusters - clusters that have been used to store sensitive information. If they're no longer being used (say, because a defrag moved the files to a ne
    • Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."

      Of course, "preparing for resale" would include erasing the OS....the seller wouldn't have rights to transfer the licence.

    • Sledgehammer followed by a bonfire or wood burning stove ought to do it. Ever wonder why there are no harddrives at government auctions?

  • by Anonymous Coward on Wednesday March 30, 2005 @06:18PM (#12094826)
    Doesn't installing windows automatically come with built in features that "destroy all data"?

    The problem with the feature right now is that it happens when you least expect it, rather than when you'd actually want it to occur.
  • Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data.
    I think they called that Windows 3.1
  • MS coverup? (Score:2, Interesting)

    by rokzy ( 687636 )
    there was a story a few minutes ago about a report that Windows security was better than Linux but then it came to light afterwards that it was MS funded but undislosed.

    it seems to have disappeared and been replaced by this advert for MS doing good things for security?
  • by 00 Agent Kid ( 833256 ) on Wednesday March 30, 2005 @06:21PM (#12094855)
    This could be good or bad. The data, stored on the computer, would not be on the Internet all the time and thus be safer. On the other hand, .Net has great security. A user with little computer knowledge would not protect his/her computer well enough from hackers, etc., which would leave the data "out there." I think that the latter is safer, however.

    And, as stated in the article, there had better be a way to destroy all sensitive data if the user wishes to sell the computer.
  • by Jailbrekr ( 73837 ) <jailbrekr@digitaladdiction.net> on Wednesday March 30, 2005 @06:21PM (#12094857) Homepage
    So you either store the information locally, and run the risk of a local exploit thanks to the latest and greatest security hole, or you store the information online, and run the risk of the central site being compromised. The first will be more common but limit the data theft to only a single person, whereas the second will be much less frequent but will limit the data theft to the entire customer base.

    In the grand scheme of things, they are both as flawed, just in differing ways.

    • If the central server is holding all the info, users have a legit gripe against the company who just compromised their data.

      If it's on the machine, it seems to be a use at your own risk proposition.

      From a companies POV, one of these options is slightly more attractive. Plus, it can be spun as letting users have controll of their own data, and not some big evil corporation.
    • Very insightful post. I think part of what turns people off about a centralized server, however, is the possibility of snooping by the very people running the server. Also, whenever you talk about storing data on a remote server, there's the question of the up-time of that server (which is something users don't have control of themselves.

      On the other side, data stored in a centralized server is more readily accessible anyway. Also, data-redundancy and backups are usually more cost/time efficient when do

    • by real_smiff ( 611054 ) on Wednesday March 30, 2005 @06:32PM (#12094991)
      ah but for any individual, the choice is real. for example, *i* may feel happier looking after my own data. someone less geeky might well feel safer letting a big corporation do it for them (and indeed may well be safer that way). and since this issue is mostly about peace of mind anyway*, and both are flawed as you say, it is a valid distinction i think. if you give people the choice and explain the pros and cons i dont see a problem. (i have not RTFAd).

      * and i would say unlikely threats, for any one individual, and compared to all the risks everyone faces in life. imho.

  • rather then (Score:5, Funny)

    by ezzzD55J ( 697465 ) <slashdot5@scum.org> on Wednesday March 30, 2005 @06:22PM (#12094867) Homepage
    rather THAN

    rather THAN damnit

    please continue

  • by account_deleted ( 4530225 ) on Wednesday March 30, 2005 @06:22PM (#12094871)
    Comment removed based on user account deletion
  • ok so i will spoof (Score:2, Interesting)

    by bird603568 ( 808629 )
    whereby users sensitive information is stored on their PC rather then online, as in their previous offerings, such as Passport.
    wouldn't that lead to easyer spoofing?
  • The assumption being (Score:5, Interesting)

    by popo ( 107611 ) on Wednesday March 30, 2005 @06:24PM (#12094900) Homepage
    MSFT's assumption is apparently that data stored on personal computers is more secure than on servers.

    I'm not sure that this is necessarily true.

    When you consider that the vast majority of computer users have no idea what a "firewall" is, and that MSFT's track record for security is poor to say the least -- its not obvious that storing sensitive data in designated locations on PC's is the safer route at all.

    Some might say this is MSFT's way of passing the buck of responsibility to the end user rather than fixing the problem. Now if data is compromised fault could arguably lie with mom and pop rather than a Microsoft server.

    • "Now if data is compromised fault could arguably lie with mom and pop rather than a Microsoft server."

      It's a classic situation of "damned if you do, damned if you don't".

      Microsoft releases Passport, "secure online identity system", onus on MS not to screw things up (legally liable). Everyone hates it.

      Microsoft releases new system, "secure offline identity system", onus on user not to screw things up (legally liable). Everyone hates it.

      I don't think there's anyway for MS (or any other company) to "win"
    • Not that I'm saying that I support the MS plan *cough* but it IS true that the information from one person's profile is worth very little. A server that holds thousands on the other hand is worth alot more and is a single point of failure. Therefore huge effort might be leveraged against a server while little effort would be leveraged against a single computer.

      It's like SSL protection - I dealt with people who were paranoid about someone building one of those single purpose cracking machines and being able
    • I think Microsoft is actually leaning toward.. "If it is on your machine, don't come b*tching to us." Putting it on individual machines does mean that a huge store of information cannot (or is far less likely) to be compromised all at once.
    • MSFT's assumption is apparently that data stored on personal computers is more secure than on servers.

      Microsoft's assumption is that people believe data stored on personal computers is more secure than data stored on servers. That is all.
  • by FlyByPC ( 841016 ) on Wednesday March 30, 2005 @06:25PM (#12094910) Homepage
    ...is there something fishy about trusting Microsoft to manage confidential data?

    Yeah, it's better than Passport, where they not only manage the data but store it too -- but for true privacy, shouldn't the relevant code be open for all to see? At least the encryption algorithm, anyway...
  • I think that Microsoft fails to see the only way to make their data secure: Disconnecting it from the internet completely.

    Just running any Windows box online is a security risk, and until Microsoft figures out that our "precious" data can only be secure by having absolutely no connection to it, will anyone have no breakins. It would make more sense for Microsoft to offer some sort of "data security lock-box" on their own machines, where their data is stored on disconnected machines, where if needed, a dir
  • Insecure Cookies (Score:5, Insightful)

    by The Amazing Fish Boy ( 863897 ) on Wednesday March 30, 2005 @06:26PM (#12094922) Homepage Journal
    Read the article. Sounds like they've made cookies, but more than one site can read them. My guess is you'd have to authorize the site to read them, but this is bad news.

    If a site can trick you into hitting "OK," they could get your info.

    Of course the site probably has to be registered with MS in some way. Maybe this is a way for Microsoft to offer a "secure browsing experience" that is also convenient. IE7 will likely view MS-approved sites as "higher security" than SSL approved sites.
    • Sounds like they've made cookies, but more than one site can read them. My guess is you'd have to authorize the site to read them, but this is bad news.

      Cookies can already be read by more than one site. Furthermore, the restrictions on cookie domains/sites that do exist can be circumvented by having a common cookie domain that manages cookies from web bugs.

      In addition to cookies, we have had auto-fill, password vaults, and client certificates. People already use auto-fill and password vaults when it ma
  • Erasing the HD? (Score:5, Informative)

    by SiO2 ( 124860 ) on Wednesday March 30, 2005 @06:27PM (#12094925) Homepage
    Erasing or otherwise formatting a hard drive doesn't do any good to eradicate personal information. I've used these guys [totalrecall.com] on numerous occasions to successfully recover data from hard drives that have been formatted, imaged, etc.

    If you're going to sell a computer, swap out the drive containing your data for a new one. They're cheap. Hold onto the drive that houses your data.

    SiO2
    • "shred -fxz -n 50 /dev/hda" is cheaper.
    • It is supposedly possible to recall the past ten or so magnetic layers on a hard drive. Researchers may well be able to recover more, with better equiptment, but there will be some sort of upper limit. (There are those who argue that very high density disks have no inter-track regions and therefore shouldn't be recoverable by looking at the magnetic layers.)


      Keeping the disk, pulverizing it completely, or throwing it into Mount Doom would seem to be the most reliable methods of ensuring security.

      • "Keeping the disk, pulverizing it completely, or throwing it into Mount Doom would seem to be the most reliable methods of ensuring security"

        Frodo tosses hard disk into volcano. Not very far away, a tower in Redmond crumbles as a giant bespectacled eye glaces around in terror. Outside the Gates of mordor, a troll-like figure is about to stomp on the penguin's head. When the hard drive melts, Ballmer lifts his mishapen head, takes his foot off the penguin, and shambles confusedly into the night.


  • Fox has designed new security measures for chickens.
  • by rewt66 ( 738525 ) on Wednesday March 30, 2005 @06:27PM (#12094928)
    If the data gets compromised in a central Microsoft server, Microsoft is the only one to blame. If the data gets compromised on your home PC, Microsoft will blame you for failing to secure it properly.
  • Their idea of a secure "prepare for resale" function would probably erase the whole OS and all other Microsoft products (like Office), so that they would need to be purchased again.

  • I like the idea of a button with this function. But at the same time, it should back-up my Outlook addresses, save my bookmarks, transfer my MP3s to my file server, and then post my used computer listing on eBay.
  • by Ars Dilbert ( 852117 ) on Wednesday March 30, 2005 @06:31PM (#12094978) Homepage
    "Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."

    They are probably afraid of getting customer support calls from people who used that option to "see what it did", or from people who changed their mind and wanted their data recovered, or folks who thought that MS didn't really mean it when they said (with a huge red bold and blinking disclaimer no less) that all data would be erased. Ahd then they'd sue MS, OEM, and CompUSA for the emotional distress caused by the loss of their data.

  • just shred it (Score:5, Interesting)

    by budgenator ( 254554 ) on Wednesday March 30, 2005 @06:32PM (#12094984) Journal
    One little linux command is all it takes, insert linux live CD and su -c"shred /dev/hda" and even the NSA would have trouble getting any data off the harddisk, windows license isn't transferable anyways. Fight software piracy, shred used Windows hard disks!
    • Think again! (Score:3, Informative)

      by flithm ( 756019 )
      From the shred manpage:

      CAUTION: Note that shred relies on a very important assumption: that
      the filesystem overwrites data in place. This is the traditional way
      to do things, but many modern filesystem designs do not satisfy this
      assumption. The following are examples of filesystems on which shred
      is not effective:

      * log-structured or journaled filesystems, such as those supplied with

      AIX and Solaris (and JFS, ReiserFS, XFS, Ext3
      • No, you Think again! (Score:3, Informative)

        by V. ( 1057 )

        Keep reading that man page. That only comes into play if you are shredding a mount point/filesystem. Just shred the device file and you are golden.
        • Oh yeah, totally... or individual files. You could, obviously do other things if you want to toast the entire file system like using the hard drive manufacturers low level formatter 3 or 4 times... You're right though, as long as you're not shredding a mount point you should be okay.

          The thing is that there's lots of these utilities out there that claim to be doing something when they're not. I just wanted to throw that out there and make sure people know.
          • You could, obviously do other things if you want to toast the entire file system like using the hard drive manufacturers low level formatter 3 or 4 times
            Hard drive companies actually have low level formatters today and don't just call "writing 0's over the entire drive" low level formatting, when that is not what low level formatting is?
      • That only applies when you're shredding individual files, as when you mount a device, there exists an abstraction layer. If you shred the device file, what it does is fill every single byte of the hard disk with garbage, overwriting everything, including the filesystem itself.
  • by Bifurcati ( 699683 ) on Wednesday March 30, 2005 @06:35PM (#12095017) Homepage
    Microsoft Windows is preparing your computer for resale. Please insert your Red Hat Linux CD now.
  • We've seen it before. Who does not remember Trusted Computing? By the way, it it still around? Do I encounter it while using a Windows box? I will be biased here...it seems trusted computing cannot be trusted after all!
  • by Webmoth ( 75878 ) on Wednesday March 30, 2005 @06:38PM (#12095054) Homepage
    You could use Autoclave [washington.edu], but since it's being end-of-lifed, you could follow the Autoclave author's recommendation and use Darik's Boot and Nuke [sourceforge.net] instead.
  • Resale? (Score:2, Funny)

    by Racter ( 804902 )
    Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."

    Or, as we like to call it, 'Prepare this computer for confiscation.'

  • It's stupid to sell a HDD without, at least, a "dd if=/dev/zero of=/dev/$HDD bs=128M" first to wipe out all data from the casual observer.

    If your data needs more protection than that, consider removing the disk drive prior to sale and either keeping it (the HDD) or destroying it.

  • Another fine idea adopted from OS X. It's like stealing candy from a baby!

    At least the candy is tasty.
  • It's a play against other systems. Don't use it. Deliberate platform incompatibility, when we're doing so well web-enabling everything. I don't want to be too tinfoil hattish, but I don't think there's a compelling reason to do it.
  • by karlandtanya ( 601084 ) on Wednesday March 30, 2005 @06:47PM (#12095149)
    is with thermite.

    You can use a 5/7/9 pass DOD overwrite. Or a 39-step Gutmann overwrite. Or the ultrasuperduperTFH method of... You get the idea. It takes a looonng time.

    HDDs are cheap, especially one you've used so long you're going to sell the computer.

    Take it apart & melt the disks. If you have a lot of them, just use a fish cooker.

  • Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."

    Maybe I'm missing something here, but doesn't the format command do this already?

    IMHO, if you're reselling a pre-built PC and have system recovery disks but don't wipe the HD and use the recovery disks to restore the system to the original condition, you're not doing it right.

    In any case, there are free tools http://www.thefreecountry.com/security/securedele t e.shtml/ [thefreecountry.com] to do the wiping.
  • And, with Microsoft DRM, "My Computer" no longer means "the operator's computer", but rather "Bill Gates' computer that you use". When your own computer is controlled by MS DRM, what difference does it make if their HDs are in Redmond, or in your living room?
  • Puff stuff (Score:2, Interesting)

    by Obstin8 ( 827030 )
    This reads like a pure piece of Microsoft fluff. Raise the spectre of 1 billion in fraud committed against 25%(!) of the UK population. Well, not really a full 25%, but they might know someone, who knew someone else, who heard about a guy once who....

    We can probably assume that Microsoft's previous "Safe ID" a.k.a. Passport can account for a portion of the high-tech (i.e. non-"other means") ripoffs. 200 million potential vulnerabilites and it's "popularity suffered". A masterful understatement.

    If they hav

  • by idlake ( 850372 ) on Wednesday March 30, 2005 @07:00PM (#12095250)
    Prior to hare-brained schemes like Passport, where exactly does Microsoft think people stored sensitive information? That's what we have had keychains, vaults, and client certificates for, supported by browsers, operating systems, and add-ons.

    Maybe this whole story is an attempt to create the false impression that this is new, breakthrough technology so that Microsoft can then patent "local disk storage of personal information"? Or maybe it's just an April's Fools joke.
  • Resale (Score:2, Interesting)

    by bourne_id ( 812415 )
    Prepare this computer for resale, which utterly destroys all data

    Which would probably wipe the harddrive so that M$ would have to sell the new schmuck a new Windows license.

    JMD


  • Haven't there been JavaScript breaches that allow web sites to gain access to local filesystems? No one can predict what security holes remain in Windows, so it's hard to say any new approaches would make personal data safer.

    I don't even use Windows, have a BSD firewall, etc. but I still don't put account numbers in my finance program, for example. While I do use mailorder websites, at least my CC number is revokable. My checking account is not!
  • labelled "Secure Erase" or "Darik's Boot 'n Nuke" Hmmmm. Decisions, decisions, decisions...
  • The best 'Prepare this computer for resale' functionality would be for it to install linux.

    Apart from the obvious benefits, unless you have a full version of XP (most people only have OEM), the licence is non-transferrable.
  • I like the idea of having TOTAL CONTROL of my sensitive personal information on **MY** machine and not theirs.

    Control comes back to me. I dig that.

    I do believe that MS would find some way to screw it up, though.
  • by bloosqr ( 33593 ) on Wednesday March 30, 2005 @07:25PM (#12095503) Homepage
    Someone pointed out to me that it seems a bit odd that when berkeley got their laptop stolen w/ everyone's computer data that apparantly berkeley can't be bothered to do what nearly everyone who uses a laptop on a mac and anything vaguely "sensitive" (typically quicken data etc) takes for granted: Encrypted file system. On a mac this is as easy to do as clicking "security" from system preferences and hitting filevault on. Given the number of times Los Alamos, CIA, colleges keep losing sensitive info on laptops there's got to be an equivalent on windows? (My understanding is its something called EFS) Does anyone here use it? I am curious why this isn't enabled by default on laptops or administrators of laptops in universities, feds etc etc etc. On a mac its trivial to turn this on (its AES 128 bit). Linux has cryptfs which is blowfish 128 bit. Surely this is in place in the windows world at this point?

    -bloo
    • This sounds like a good idea, but any such system would surely require that the user definitely erases the HD on any machine they sell. Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data."

      Not to reply to myself but if people used the wonderful magic otherwise known as encrypted file systems this would not be an issue and have the obvious advantage that it would no longer matter as much if your computer got stolen as well (w/ the obvious hop
    • by TheAwfulTruth ( 325623 ) on Wednesday March 30, 2005 @08:12PM (#12095944) Homepage
      Yes and it has been for years.

      But just like Mac (now) and Linux it is off by default.

      One main reason is that in order to use it (on any OS) you have to use your brain. Basically you have to rememeber to properly handle your user data before mucking about with user accouts or you can permanetly lose everything. This problem has already been demonstrated repeatedly in the Mac user space WRT iTunes downloads which are pinned to used accounts. Destroy a user account before transferring ownership of the data and yo ulose your songs.

      Of course, this is the point. But what happens is, 99 out of 100 people that lose everything do so in situations where they didn't really want to.

      Thus, use of the systems by people that don't know how they work or what the drawbacks are are more likely to have problems with their data by using the system than by not using it. So, in all cases, the EFS remains turned off by default.
  • Perhaps Microsoft should include an option, like 'Prepare this computer for resale,' which utterly destroys all data.

    Start > Run > explorer

    Consider data loss guaranteed

  • Microsoft should consider taking this a step further and allow storing user information on removable media, like a USB drive or some sort of rewritable disk. The advantages are numerous.

    The only downside, I would imagine, would be physical loss of the device.

  • A cheap USB thumb drive provides plenty of storage for passwords, private keys and other critical data and keeps them away from the hard disk. Some USB drives use a fingerprint sensor for data protection, others use regular encryption of the whole drive or at least the file system.

    If you sell the old PC, remove the USB thumb drive and use it with the new box.

  • by dbIII ( 701233 ) on Wednesday March 30, 2005 @09:43PM (#12096508)
    I once watched a clueless accountant completely trash a not paticularly old server with a hammer in case financially sensitive information could be gleaned from its CPU, RAM, side panels, keyboard, monitor ot terminals. In hindsight, the stuff on the disks would probably be found interesting in a crimianl court, so not understanding how computers work he was destroying everything he thought could potentially be evidence.

    Either that, or he really hated the thing and wanted to destroy it, or hated the techno geeks that wanted to take it home.

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...