Temp files Vs Value of Secure Erase

Question

Level 4

1,915 points

Temp files Vs Value of Secure Erase

Hello,

Let's say I write a "top secret" document in Pages. During the writing process, I save it about ten times. I then print it and use secure erase to delete the Pages document.

So the absolute final version of the document was securely erased, but what about the 10 temporary files that were created during the process?

(For those that don't know, every time you save a document, the system creates a new file on the drive and erases the previous one. This goes on without the user's knowledge. But those are very real files that are erased "normally" during the saving process.)

Loa

2.8 Al iMac (24 inch 2007), MacBook (2.0), iBook dual USB, Mac OS X (10.5.6)

Posted on May 20, 2009 3:20 PM

Reply

Answer 1

Pondini

Level 8

38,863 points

May 20, 2009 3:33 PM in response to Loa

You've got at least three options:

I'm not familiar with Pages, but it's probably got an option that would let you disable auto-saving.

You could encrypt your entire Home Folder by using File Vault (System Preferences > Security > File Vault). But read up on on this thoroughly before doing it, especially if you're using Time Machine.

The third is to use Disk Utility to zero-out all the free space on the disk/partition in question.

Note that this option will temporarily put all the free space into a special folder, so the amount of space available will decrease . . . rapidly . . . to zero. But when it finishes, it all comes back.

Reply

Answer 2

Loa Author

Level 4

1,915 points

May 20, 2009 4:51 PM in response to Pondini

Hello Pondini,

Thx for the info. I already know about 2 and 3, but they only add to my point: what's the use of Secure Erase?

I only took Pages as an example: everytime you save a document in ANY application, the system deletes the old version and creates a new file. As far as I know, you cannot "modify" any file at the basic data level.

Test this by yourself usign a little lag in the display refresh:

1) Create a file using TextEdit and save it on your desktop.

2) Now, with the TextEdit window open, modify the file. (For example, add a word to the blank document.)

3) Now, while looking at the file icon on the desktop, save your TextEdit document.

Most likely you'll see it disappear then reappear, usually in an adjacent "location" (i.e. below where the old icon was).

Loa

Reply

Answer 3

Pondini

Level 8

38,863 points

May 20, 2009 5:14 PM in response to Loa

Loa wrote:
Hello Pondini,

Thx for the info. I already know about 2 and 3, but they only add to my point: what's the use of Secure Erase?

I only took Pages as an example: everytime you save a document in ANY application, the system deletes the old version and creates a new file. As far as I know, you cannot "modify" any file at the basic data level.

Not necessarily true. Some apps don't even use individual files; they use a large single file or database instead, and they're normally updated, not replaced. Entourage and Thunderbird, for example.

Most likely you'll see it disappear then reappear, usually in an adjacent "location" (i.e. below where the old icon was).

Yes, just like most Autosaves.

But I still don't understand why this is a such a big problem. If you change a file, save it with a new name, then securely-delete the old one.

Or, use FileVault (or, better, put your sensitive documents in an encrypted sparse image);

and/or Zero-out free space.

Perhaps if you told us a bit more about what you're trying to do, we can clarify things.

Reply

Answer 4

Barney-15E

Level 10

122,270 points

May 20, 2009 5:42 PM in response to Loa

Thx for the info. I already know about 2 and 3, but they only add to my point: what's the use of Secure Erase?

To wipe clean the storage location for the files that you moved to the trash. It has no idea about temp files that a program creates.

You could use srm in the Terminal:

srm -m /path/to/temp/dir/.

Type man srm in a Terminal session to see the usage.

Reply

Answer 5

Loa Author

Level 4

1,915 points

May 20, 2009 7:02 PM in response to Pondini

Hello,

I don't have a problem and I'm not trying to do anything special. I only want to point out that Secure Erase is, 90% of the time, useless, because you have left a trail of temp files lying around your HDD.

Not even a question of "changing" a file. Let's say you create a text document (regardless of the app you use), and save your file after each written paragraph. Well for each paragraph you write you're going to create a temp file.

The only way to securely erase those temp files would be to erase the free space on your drive. In other words, to make Secure Erase useful, you'd have to follow EACH secure erase with a Zero-out of the free space.

Nice! Very useful.

Loa

Reply

Answer 6

Pondini

Level 8

38,863 points

May 20, 2009 7:15 PM in response to Loa

I only want to point out that Secure Erase is, 90% of the time, useless, because you have left a trail of temp files lying around your HDD.

And they'll be overwritten sooner or later.

Most of us don't have a need for Secure Delete anyway.

I really don't know what your point is. There is no such thing as complete security. All you can do is take precautions commensurate with the genuine need for secrecy. (If the NSA or FBI wants your info badly enough, they will get it.)

There are many ways to be reasonably careful:

Don't do intermediate Saves, do intermediate SaveAs (Before Time Machine, I often did that with program source: just append .1, .2, etc., not for secrecy but for recoverability.)

Use an encrypted Sparse Image, or File Vault.

Periodically Zero-Out Free space.

Don't write super-sensitive things on your Mac.

Reply