I read your article about CCleaner’s file deletion overwrite, which I tried
on my Windows Vista. Mine took about three hours to do. My question is how
often should I use this file deletion in general? Once per month? I am really
clueless about that. I am referring to the CCleaner’s wipe section.
Well, let me put it this way….
I never run it.
With that having been said, let’s look at why you might want to run it, and
from that, see if we can come up with some ideas for how often it might make
sense to run.
]]>
Deleted files aren’t deleted
By now, I think that most people realize that when you delete a file – even emptying the Recycle Bin, if that was used – the data that was contained in the file remains on the disk. The area that contains the data is marked as free, but the data is not actually overwritten until a new file is written in exactly the same place sometime later.
And later could be milliseconds or it could be months.
Thus, until that overwrite actually happens, we have the ability to “un-delete” a file using tools like Recuva.
Drive wiping utilities
CCleaner’s Drive Wiper is one example of a tool that is meant to remove this ability to undelete.
The concept is simple. The drive wiper just writes data of some sort in all of the spaces on your hard disk where no files are currently stored: all the space that’s marked as free. As a result, anything left in that free space that could have been used to recover or un-delete a file is removed.
If you have a lot of free space, that could take some time.
How often?
Now, to your real question: how often should you do this?
It depends.
To me, it depends on three things:
-
It depends on just how sensitive the data that could be recovered might be. In general, with browser caching and temporary files and who knows what else, it’s pretty safe to assume that there’s some sensitive data in the unused areas of your hard disk.
-
It depends on just how likely it is that your hard disk is to fall into the hands of someone else – either by loss or theft.
-
It depends on just how likely it is that someone who ends up with your hard disk will bother to see what’s in the free space.
It’s that last one that, for me, reduces the need for free space wiping to near zero for most people.
Face it, folks. We’re just not that interesting.
And, perhaps more to the point, there’s probably much more interesting stuff in the files that haven’t been deleted. If a thief wants to go spelunking for data, they’ll probably find plenty in the files and folders that already exist.
Sometimes they are after you
On the other hand, perhaps you are the target of someone’s attention. Perhaps you do have a sensitive job or work in a sensitive industry where data theft and espionage are not only possible, but even likely.
There are several additional steps (like encryption) that you should be taking, but when it comes to free-space wiping, then I’d be doing it often.
If it’s important, I’d do it nightly.
But, as I said, it’s just not that important for the vast majority of people.
Sometimes, they’re really, REALLY after you
Everything that I’ve discussed above applies to what CCleaner terms a “Simple Overwrite (1 pass)”. A simple overwrite does exactly what’s described above: it overwrites the free space and prevents common file recovery utilities from undeleting deleted files.
If someone is seriously after your data, that could potentially be not enough.
As I discussed in What difference does multiple-overwrite delete really make? there are techniques – expensive techniques – that can be used by those who are sufficiently motivated that may be able to recover some or all of the data that has been overwritten once.
The solution is to overwrite it more than once. CCleaner offers the option of overwriting 3, 7, and even 35 times.
Three’s probably plenty, but if you’re in some top-secret government agency, perhaps you’ll want to consider more.
And once again, three is overkill for the average user.
Zero’s probably just fine.
I made a video in Windows Movie Maker. I had this video saved on my computer.
I did a complete reset to factory settings and lost that video (I thought I had it on a disk – I was wrong).
Is there any way to use Recuva to recover a file following a “reset to factory settings?”
The last reset was done well over a year ago. I know I’ve used CCleaner in the past but don’t believe that I’ve used it since my last reset (it’s not installed on my computer now). I’ve done multiple resets and don’t remember where in the process of the multiple resets & use of CCleaner that the video was deleted.
Windows Vista Home Premium 64-bit Svc pk2
Thank you!
If someone works for an ultra-top secret company and possesses some super sensitive information, would not the person’s company give a seminar or tutorial on how to keep their data safe? I find it idiotic to hire someone to keep sensitive data and not teach him/her some techniques to safeguard it.
09-Mar-2012
My son works for a large aircraft company and the designs are highly secret. Their IT dept discovered that not one “wipe out” program worked 100%. They now crush all old hard drives and incinerate the debris.
I have noticed that CC Cleaner is available for Macs now!
I run CCleaner on a daily basis — before I shut down my PC for the night (possibly overkill, bit it only takes seconds to run on my machine). I have noticed that CCleaner takes differing times to run depending on the particular browser you’re running.
Firefox is around 3-5 seconds, Chrome around 20-30 seconds, and finally IE(x) anything up to 2-3 minutes! This seems to be caused by the way each browser organises its caching.
I’m guessing that were one to run CCleaner for the very first and only time on a machine, there’s a chance it could take three hours to finish its scan, particularly if you’ve been tardy with your PC’s “housework” over a lengthy period of time.
I always use CCleaner’s three-pass method as I reckon this is more than sufficient for any average home user. I agree with Leo that 37 passes, whilst not only massive overkill, is a pointless waste of time better spent doing other system housework.
—Geoff, Australia.
09-Mar-2012
Shelly :),
Why would you not simply try it? You can get a free version of Recuva (just click on the underlined ‘Recuva’ word itself in this Leo’s article which will then take you to his another article on Recuva where there’s a link to their official website with a download of a free version (yes, Leo always does (re)direct you to the official website(s) of whatever he recommends).
No harm to try… Install it and perform a recovery. Unless you don’t want to install something that you wouldn’t use often enough. But how important could that deleted file be to you? At the end of the day you can always uninstall it. Or, if you happen to have Acronis TIH installed on your machine then you can simply perform a Recuva installation and file recovery while in ‘Try&Decide’ mode.
I recall there’s also a portable version of free Recuva (not sure if still, but recall the discussions about it, – just browse the comments in Leo’s article on Recuva).
Shelly, btw, talking Recuva is slightly off the topic in this article – sorry! :) Best, search Leo’s answers first! :)
@Shelly
Unfortunately, a factory re-install overwrites everything on your hard drive. There may be a small outside chance that if the file resides on an unwritten portion of the drive, it might be recoverable shortly after the re-install. But after a year of use since the re-install, the likelihood of recovery is virtually zero.
There are additional aspects that should be addressed in an article like this, namely the free space at the tail end of the last sector of a file, the deleted entries in the file directory (which still contain nearly complete file names), and the swap file on the hard drive. Perhaps even the hibernation file on the hard drive. A program such as BCWipe will wipe all of these, except perhaps the hibernation file. From what I’ve read about CCleaner, it doesn’t address these concerns. If your hard drive had super sensitive data on it, then you will want to consider these areas, because the bad guys probably will.
I had a friend that had his house broken into and computers stolen. Because he had all his records on the computer, he had to get all new credit cards etc. etc. At that point you have no idea how sophisticated the burglar was although the likelihood is that they are not all that computer savvy. However, with the computer gone am I willing to risk it. Since then, I encrypted my data drive and run Eraser in the background at night to erase the free space.
Question: Does cleaning the free space add anything if the drive is encrypted?
17-Mar-2012
Leo, based on your reply to Nat’s 3/10/12 question, it sounds like CCleaner can wipe a free space even if that free space is encrypted (ie., no need to decrypt first) – is that correct?
Plus, you had mention in another article that using a file shredder causes accelerated wear on a flash/thumb drive. Does wiping the free space on a flash/thumb drive also cause the flash drive to wear out faster?
Thanks…
@Yeppers
It would not be possible to wipe the free space inside an encrypted file with out first opening it. Since the free space is encrypted, the free space cleaner would have no way of determining what is free space or not. In any case, there is no need to wipe the free space on encrypted data as this free space would be inaccessible due to the encryption.