kohls

Q: Secure Empty Trash missing on El Capitan

Just installed El Capitan and discovered that the Secure Empty Trash feature is missing. Anyone know how to get this back?


Posted on Sep 30, 2015 2:42 PM

Close

Q: Secure Empty Trash missing on El Capitan

  • All replies
  • Helpful answers

first Previous Page 8 of 15 last Next
  • by R C-R,

    R C-R R C-R Oct 20, 2015 4:29 PM in response to !cultOfApple
    Level 6 (17,700 points)
    Oct 20, 2015 4:29 PM in response to !cultOfApple

    !cultOfApple wrote:

    Did you read what I wrote because if you had, you'd notice that I'm not suggesting what you're claiming I am. Ditto RCR.

    If you are suggesting that Terminal commands that may or may not actually securely erase anything are the "next best thing" to actually being able to do that reliably, then I have to disagree with you about that. If data security is important, then the only sensible choice is strong data encryption, period.

  • by Whickwithy,

    Whickwithy Whickwithy Oct 20, 2015 5:54 PM in response to !cultOfApple
    Level 1 (68 points)
    Mac OS X
    Oct 20, 2015 5:54 PM in response to !cultOfApple

    Would you disagree that just encrypting the file/folder in the first place is the best solution?

  • by Big Bopper2,

    Big Bopper2 Big Bopper2 Oct 20, 2015 6:07 PM in response to Whickwithy
    Level 1 (0 points)
    Oct 20, 2015 6:07 PM in response to Whickwithy

    I agree that encryption from the beginning is the best practice but it is not always possible.  For anything sensitive that I create, I use encrypted storage. But sometimes, I receive a file that I consider to be sensitive but it wasn't encrypted when I received it. I move it into encrypted storage and would like to securely erase the unencrypted copy.

  • by John Galt,

    John Galt John Galt Oct 20, 2015 6:33 PM in response to Big Bopper2
    Level 9 (50,258 points)
    Mac OS X
    Oct 20, 2015 6:33 PM in response to Big Bopper2

    I move it into encrypted storage and would like to securely erase the unencrypted copy.

     

    ... leaving unencrypted copies of it on servers over the world.

     

    If despite the numerous limitations already explained, you remain bound and determined beyond all reason to duplicate the exact same function as "Secure Empty Trash", it remains available in El Cap. I illustrated a GUI implementation of it in the above screenshot, which you are free to use as you see fit. You can even use that nice looking translucent "shredder" icon to replace the Trash. Or perhaps a skull and crossbones is more to your liking.

     

    You can even add a clever sound effect. What would you like? Chainsaw? Toilet flush? I'm open to suggestions.

  • by Whickwithy,

    Whickwithy Whickwithy Oct 20, 2015 6:44 PM in response to Big Bopper2
    Level 1 (68 points)
    Mac OS X
    Oct 20, 2015 6:44 PM in response to Big Bopper2

    I see.  I think you may ought to investigate the Disk utility option.  If I understand it correctly, you can encrypt existing files, though I could be wrong.  Another option is that what Disk Utility does is create an encrypted folder.  If the original that you received was sent to that folder, I think you would be starting with an encrypted file.

  • by R C-R,

    R C-R R C-R Oct 21, 2015 2:55 AM in response to Whickwithy
    Level 6 (17,700 points)
    Oct 21, 2015 2:55 AM in response to Whickwithy

    Whickwithy wrote:

    I see.  I think you may ought to investigate the Disk utility option.  If I understand it correctly, you can encrypt existing files, though I could be wrong.  Another option is that what Disk Utility does is create an encrypted folder.  If the original that you received was sent to that folder, I think you would be starting with an encrypted file.

    Filevault 2 does full disk encryption. This is by far the best way to secure the data on your Mac, since there are many places where that data or information about it can be stored on the drive.

     

    Of course, as John pointed out that will only encrypt things on your drive, not anything on some remote server that is sent to you.

  • by Whickwithy,

    Whickwithy Whickwithy Oct 21, 2015 5:36 AM in response to R C-R
    Level 1 (68 points)
    Mac OS X
    Oct 21, 2015 5:36 AM in response to R C-R

    Filevault 2 does full disk encryption.

    Exactly, who needs everything encrypted and all of the required additional, cumbersome steps?  I could also argue that it has its security limitations, also.  I wouldn't ever use filevault.



  • by NBW,

    NBW NBW Oct 21, 2015 6:22 AM in response to Whickwithy
    Level 1 (9 points)
    Mac OS X
    Oct 21, 2015 6:22 AM in response to Whickwithy

    This is just bad advice, especially if you own a laptop, do any kind of e-commerce, banking etc. You don't know where all of these apps cache files with sensitive data. Simply having a single encrypted folder will not solve this. Full disk encryption solves this, and is arguably easier to setup and use (since its transparent) then a dedicated encrypted folder that you create with disk utils. FileVault2 is very performant and easy to use even for non-techie folks and when your laptop with all your bank account statements, tax returns etc. gets stolen you will be glad you used it.

  • by JimmyCMPIT,

    JimmyCMPIT JimmyCMPIT Oct 21, 2015 6:23 AM in response to grdh20
    Level 6 (8,390 points)
    Mac OS X
    Oct 21, 2015 6:23 AM in response to grdh20

    Use of this command from the terminal is potentially disastrous to the integrity of data as well the OS installed on your hard drive as it can delete files the OS protects for a reason and will destroy them without so much as a warning.

  • by R C-R,

    R C-R R C-R Oct 21, 2015 6:27 AM in response to Whickwithy
    Level 6 (17,700 points)
    Oct 21, 2015 6:27 AM in response to Whickwithy

    Whickwithy wrote:

    Exactly, who needs everything encrypted and all of the required additional, cumbersome steps?

    There really isn't anything very cumbersome about using Filevault 2. Besides, if you really care about securing your data, you need to be using full disk encryption. If you just rely on copying files to an encrypted folder, you still have the original unencrypted version on the drive until you trash it ... which takes us right back to the problems inherent in the now MIA secure empty trash option.

     

    But even if you manage to securely overwrite the file space used by the original, there is no guarantee that some or all of its data may not be in a cache file, or that buried in the logs, databases, etc. that OS X maintains there will be nothing recoverable that someone with the right forensic tools can use.

    I could also argue that it has its security limitations, also.

    Like what? Filevault 2 uses strong XTS-AES 128 encryption with a 256 bit key, as recommended by the US National Institute of Standards and Technology (NIST). It is the same scheme used to create encrypted disk images, so whatever limits it has for full disk encryption apply equally to them.

  • by Drack69,

    Drack69 Drack69 Oct 21, 2015 8:49 AM in response to Tony Scaminaci
    Level 1 (0 points)
    Oct 21, 2015 8:49 AM in response to Tony Scaminaci

    I also noticed that under disk utilities you can no longer do a wipe of free space on the local drive.

    Maybe the NSA got after them because people could clean their disks making it difficult if not impossible to recover deleted items. lol

  • by JimmyCMPIT,

    JimmyCMPIT JimmyCMPIT Oct 21, 2015 9:45 AM in response to Drack69
    Level 6 (8,390 points)
    Mac OS X
    Oct 21, 2015 9:45 AM in response to Drack69

    from what I've read about File Vault; nothing is 100% but Apple managed to seriously P. off the FBI for including this level of security in the OS.

  • by Whickwithy,

    Whickwithy Whickwithy Oct 21, 2015 10:53 AM in response to R C-R
    Level 1 (68 points)
    Mac OS X
    Oct 21, 2015 10:53 AM in response to R C-R

    Correct me if I'm wrong (a very real possibility) but, once you have logged into your Mac with FileVault, you have access to all files.  If so, that means anytime the Mac leaves your sight, you need to log out, put it to sleep, or something.  Otherwise, your files are at risk.  That is cumbersome and less secure for certain situations, unless you are always extremely careful to log out each and every time.  That's not even to mention things like key-loggers, etc.

     

    In the case somebody has one or two files (my case exactly) that they want to have secure and the files are seldom (if ever) accessed, then just encrypting those specific files means I don't have to worry about always having to use a password on my computer.  The likelihood that my computer gets stolen are slim to none and, even so, it wouldn't really matter except for a couple of files.  So, yes, in my case, Filevault is extremely burdensome.  I would have to log out any time I left the computer's presence.  I leave the thing running 24/7 because it consumes so very little power and I can turn on the display in a heartbeat and go right to work.  No need for logging in or inputting a password because the files at risk are not open.  Therefore, they are secure.

     

    And, again, the way I read the disk Utility option, you can place those files, as they arrive on your computer, directly into the secured folder.  Again, I could be wrong but, if it works that way, it seems the simplest option to  completely secure specific files.  Or, in my case, where I create the files, I'm pretty certain, I can create them directly in the secured folder.  If I am wrong about this, than all bets are off.

     

    Filevault seems complete overkill except in extreme cases where every bit of info on the computer is sensitive.  If you need complete and ultimate security (involved in espionage?) and can take no chances then, great, you may need Filevault.

  • by R C-R,

    R C-R R C-R Oct 21, 2015 1:13 PM in response to Whickwithy
    Level 6 (17,700 points)
    Oct 21, 2015 1:13 PM in response to Whickwithy

    Whickwithy wrote:

    Correct me if I'm wrong (a very real possibility) but, once you have logged into your Mac with FileVault, you have access to all files.  If so, that means anytime the Mac leaves your sight, you need to log out, put it to sleep, or something.

    If you aren't doing that now, then you leave yourself wide open for all kinds of security issues, including someone installing key-loggers & various kinds of malware. If you are normally logged into an admin account they could even quite easily create a new one & delete your entire home folder & everything on it, or turn on Filevault 2, set a password you know nothing about, or do any of several other things to deny you access to your own computer.

     

    There is nothing cumbersome about using this minimal level of security. Just go to System Preferences > Security & Privacy > General tab & click the "Require password" box, & set a convenient interval to require entering a password after the screen saver or system sleep kicks in, then go to the Energy Saver preference & set it to something other than keeping the system from never sleeping.

     

    Actually, you don't even have to do that last step if you are using a laptop & set it to sleep automatically when you close the lid. For almost any Mac you can also use the keyboard shortcut to sleep the system immediately (command + option + eject) or set up a 'hot corner" to put the display to sleep or start the screensaver. At least one of these things should not be too cumbersome for anyone even minimally concerned about security to use.

    And, again, the way I read the disk Utility option, you can place those files, as they arrive on your computer, directly into the secured folder.  Again, I could be wrong but, if it works that way, it seems the simplest option to  completely secure specific files.  Or, in my case, where I create the files, I'm pretty certain, I can create them directly in the secured folder.  If I am wrong about this, than all bets are off.

    As already has been explained more than once by more than one person in this long thread, there is more to it than that. I'm not going to repeat any of it again, other than to say it is a bet, one that is by no means a sure thing.

  • by t0m@s0j1mb0t,

    t0m@s0j1mb0t t0m@s0j1mb0t Oct 21, 2015 1:36 PM in response to kohls
    Level 1 (0 points)
    Oct 21, 2015 1:36 PM in response to kohls

    use cmd + space

    type in terminal

     

    terminal window will open, wrote:

     

    man srm

     

    mac:~ mac$ man srm | cat | head -40

    SRM(1)                                                                  SRM(1)

     

     

     

    NAME

           srm - securely remove files or directories

     

    SYNOPSIS

           srm [OPTION]... FILE...

     

    DESCRIPTION

           srm  removes each specified file by overwriting, renaming, and truncat-

           ing it before unlinking. This prevents other people from undeleting  or

           recovering any information about the file from the command line.

     

           srm,  like  every  program  that  uses the getopt function to parse its

           arguments, lets you use the -- option to indicate  that  all  following

           arguments are non-options.  To remove a file called '-f' in the current

           directory, you could type either "srm -- -f" or "srm ./-f".

     

    OPTIONS

           -d, --directory

                  ignored (for compatibility with rm(1))

     

           -f, --force

                  ignore nonexistent files, never prompt

     

           -i, --interactive

                  prompt before any removal

     

           -r, -R, --recursive

                  remove the contents of directories recursively

     

           -s, --simple

first Previous Page 8 of 15 last Next