CCleaner is one of my utilities for periodic “tuning” of my PC, but in a
recent version upgrade, I discovered that in my haste, I had not looked at the
options in a drop box that give several choices of file deletion overwrites.
I have always used the simple overwrite (one pass), but I would be interested
to know if using CCleaner’s other pass options would significantly affect
either the time or the security of my computer. One pass, three, seven or
thirty five; is one or the other better? Or does it even matter?
For most folks, it doesn’t matter at all.
However, for a select few, it’s actually pretty important.
It all boils down to how important your data is, how likely it is that
someone else would want to access it, and how much effort (and money) they’re
willing to spend to get it.
The bottom line is that there’s deleting, and then there’s
I’ll explain what I mean.
As I hope most folks realize by now, when you delete a file, the actual data is not overwritten or erased. The space that the file’s data occupies is simply marked as “unused” and will remain until some new file overwrites it at some point in the future.
File recovery or “undelete” utilities like Recuva make use of this fact and can often piece deleted files back together as long as the area occupied by the files hasn’t yet been overwritten.
That’s what “overwrite” options in tools like CCleaner are designed to prevent.
Simple overwrite: One pass
If deleting a file doesn’t overwrite the actual data, the fairly obvious solution is to … overwrite the data.
That’s exactly what secure delete programs and utilities like CCleaner do with their “Drive Wiper” option.
The concept is extremely simple: all of the space on your hard drive that does not currently contain data is overwritten with something else (typically random data is used or a simple repeating, but otherwise useless pattern.)
The net result is that those simple data recovery tools – and even many of the advanced ones – cannot recover what was previously on the disk.
And that’s plenty for most of us.
Hard core data recovery
Hard disks are magnetic material. Each bit of data is stored by changing the magnetic polarization of some space on that magnetic material.
Envision each bit as a kind of bull’s-eye – the goal is to write the bit dead-center.
In reality when data is written, it might be a little off-center. How far and how badly depends on many, many things. Perhaps what’s most important is that it does in fact change from one write to the next.
As long as the data is reasonably on-target, reading the data works, and this little detail about hitting the bull’s-eye is something that you’d never need to know about.
When data is written, if it’s a little off-center (as most writes will almost certainly be), the “left overs” from the previous write – meaning the data previously held in that spot – might still be visible at the edges of the bull’s-eye.
Advanced data recovery tools – typically requiring that the disk drive be physically disassembled in a clean room – can examine the area around the bull’s-eye and might possibly be able to reconstruct from that left-over data what had been previously been stored there.
Multiple overwrites: 3, 7, or more passes
By overwriting the data not once but multiple times, the data on the fringes of the bull’s-eye is very likely to eventually also be overwritten.
Overwriting multiple times makes the data effectively impossible to recover by any means.
Three times is plenty, but the more times that you do it, the more secure it is – perhaps to the point of ridiculousness.
37 times seems somewhat over the top.
On the other hand, there’s no question that 37 times means that data is completely, irretrievably, and forever gone.
But then, for most of us, unless we’re international spies or under severe government observation, three passes would be plenty.
Heck, for most of us, a single pass is enough.