Neptun Wave Fall 2016 | September 05 - October 03

Blog

Delete Doesn’t Mean It’s Gone Part 2

Secure deletion of single files

Deleting single files in a secure and final manner is not as easy as it sounds. In most current operating systems, deleting files only means that they are moved to the recycle bin from where they can easily be restored. Even if the bin is emptied afterwards the data may still be recoverable. Therefore, we are going to detail the various options you have to delete data in Windows on HDD and SSD drives .

Side note: Mac OS X allows to choose ‘secure empty trash’ when emptying the recycle bin to safely get rid of data. This option, however, was removed with the introduction of Mac OS 10.10 Yosemite and only works on regular hard drives.

Deleting data on HDD

There are several different applications that can delete single files on HDD drives on Windows.
Eraser is an open source tool that allows for intentionally delayed deletion of files. It features a well-structured user interface and reliably deletes files. The user can choose between 13 different deletion methods. The option ‘Only first and last 16kb’ should not be selected as files are not completely overwritten. The ‘Gutmann-method’, on the other hand, goes far over what can be considered reasonable. With modern hard disks overwriting files once is generally enough, since afterwards recovery of files is almost impossible.
Eraser can also overwrite the space marked as empty on hard disks to make sure that any possible remnants of deleted files are gone as well.


BleachBit is a system cleanup tool that is able to delete temporary data created by other applications. The program is contextually aware of which temporary data is still in use and what files can safely be deleted without impacting the operation of other software or the operating system. BleachBit can not only delete cache data, but also error reports created by Windows and similar remnants. Additionally, it can overwrite free space on the hard disk and delete clipboards. BleachBit is very easy to use and a manual can be found here.


If files cannot be deleted because they are still in use by other applications, LockHunter and Unlocker may be of help. LockHunter enables the user to delete files in Windows even if they are locked by one or more processes. It shows which processes are holding on to a file and enables a circumvention of the lock they create. LockHunter can also stop processes or delete them entirely. The app integrates with the context menu and can be used from anywhere in the system with a simple right-click. Caution: The files that are deleted with LockHunter are not completely erased, but are moved to the recycle bin to allow for easy recovery.
Unlocker can also be used in case some application is blocking access to a file so it can still be deleted or moved. Similar to LockHunter, it integrates with the context menu and can be started with a right-click. This allows the user to delete a folder or a single file without having to end other processes. This free tool even deletes files that are locked by Windows because they are in use or because they need different user privileges (be careful with system data). You can find more information on the differences between Unlocker and LockHunter in this article. Using Unlocker is easy: Simply right-click a file or folder and select ‘Unlock All’.

Deleting data on SDD

Single files cannot be deleted securely on SDDs. Some drive manufacturers provide specific instructions or even a program but not all of them erase their data reliably.
Rather than using secure wiping tools, you should just enable file-drive encryption. Windows 10 has Device Encryption enabled on many new PCs, and Professional versions of Windows also offer BitLocker. Mac OS X offers FileVault encryption, Linux offers similar encryption tools, and Chrome OS is encrypted by default.

When you use full-drive encryption, you do not have to worry about someone getting access to your drive and scanning it for deleted files.
Encryption will be the main subject of our next blog post where we will explain the most important aspects of it.

Conclusion

The importance of privacy in the digital realm has only increased with the new possibilities of collecting and disseminating data, not only for companies, but also for individuals. The methods detailed in this and the previous blog post of deleting single files and entire hard drives are intended to enable users to prevent misuse of their private data. Naturally, responsible handling of information guards against unintended circulation of data and shields against prying eyes in private areas. Depending on the storage medium, however, there are certain limits to the secure deletion of data. If you are considering to completely get rid of certain data, you can always find help with the Neptun Help Points in Zurich, Basel, and Lucerne. Still, reliable backups are a key part of safe data management. You can find more information on this topic in our post ‘Backup – a basic necessity’.

17/08/2016

Delete Doesn't Mean It's Gone Part 1

Cleaning (personal) data from HDDs and SSDs

PC-users generate loads of files every day, but how can they be deleted in a safe and final manner? Delete doesn’t mean it’s gone. Even when the recycle bin on the computer is emptied, remnants of the data still remain and are, in principle, recoverable. Therefore, we are going to focus on this topic in this two-part blog post in order to show you how you can safely erase a single file, or the entire hard drive. This will enable you to reliably delete private data and to prepare your computer or hard disk for selling. In the first part, we will detail the difference between HDD and SDD technology, so you can understand how data is actually erased.

The difference between HDD and SSD technology

The familiar hard disk drive is a magnetic storage device. Data is stored on the surface of a spinning metal platter. When information is written, the magnetic surface of the platter is modified into patterns that reflect the data. This pattern can later be read contact-free by a sensor, which transforms it back into readable data. In this blogpost we will focus on internal hard drives, even though our methods will also work with external hard disks. For them, however, there are simpler ways to securely delete data.
In contrast to HDD drives, SSDs rely on flash storage. They are not based on magnetic storage technology, but on a purely electronic storage medium. There are no rotating disks or other moving parts in solid state disks which is why they are not really drives in the actual sense of the word. SSDs are in general more robust and less susceptible to mechanical stress than HDDs.

Methods for secure deletion

To reliably erase an HDD, it is necessary to boot into a different operating system, which does not reside on drive that is to be deleted. Which method is the simplest one? We recommend the software DBAN to completely get rid of unwanted data. It is an independent system that boots from a USB stick or from a CD. To create a bootable USB stick you can use the ‘Universal-USB-Installer’, which will do the heavy lifting for you.
The advantage of using DBAN is its ease of use: You simply have to boot the software and confirm the deletion process. There is no need to install anything. You can find an excellent how-to for DBAN for CD or USB on these linked pages.
DBAN is the right solution to delete entire hard drives, but it cannot erase single files or folder structures. This can be achieved with tools like ‘Eraser’ or ‘BleachBit’, which have to be installed on Windows.

Deleting data from SSDs is different than on HDDs: The special characteristics of SSDs (keywords over-provisioning and wear-leveling) mean that overwriting the data will not guarantee a reliable deletion. Single flash cells cannot simply be overwritten, but must actually be deleted, which is why there is additional hidden space on every SSD to provide a sufficient number of usable blocks (=over-provisioning). One could, in theory, fill up an SSD with zeroes or random values, but some data might still survive the process. The ATA specification ‘ATA Secure Erase’  and manufacturer tools like ‘Security Erase’ remedy this problem.
Since the process to securely delete SSDs is somewhat complicated, we recommend ‘Parted Magic’ (available for a fee), which features these deletion method Manual. It can be booted from CD/DVD or from USB sticks and runs from within the main memory of the computer. Parted Magic also features storage management tools to create images, recover data, and to manage partitions. Experts can use Secure Erase with the command line tool ‘hdparm’ with Linux. We recommend you try this method that should work with all modern SSDs.

Another method to ensure that remnant data cannot be easily recovered is to use strong encryption. More recent SSDs generally always store data encrypted with an internal random key. To delete the data, or at least to make future access much harder, the disk simply has to forget the current key and create a new one. This means that every single cell of the SSD is encrypted, not just single parts of the filesystem. This ensures that there are no remaining copies of any data that can be retrieved with data recovery tools.

Neptun Support

Projekt Neptun offers a ‘Complete Data Removal’ service which includes disposal of your old device at our help points. For Neptun customers the service costs a fee of CHF 25.
If you have any questions about the secure deletion of data, you can always contact us at kontakt@projektneptun.ch.

Closing remarks

In this blog entry we focused on data on hard disks. It should always be remembered, however, that there is data in many other devices like printers or routers. This has been detailed in a cover story of the magazine for computers and technology c’t at the beginning of last June. For a large survey they bought half a dozen used hard drives, three old Android smartphones, and a business printer from people in Germany and Austria. Using recovery tools like ‘Photorec’ and ‘Foremost’, they tried to retrieve data from the previously-owned devices. The authors were able to recover hundreds of thousands of files and folders with original file names, in some cases even without using any specialized software. This real-world test underlines the importance of the secure deletion of data. Even though some of the drives used by the authors in the test were formatted, they were still able to easily recover mountains of data. To explain: Formatting simply means that a hard drive is being prepared for further use as a storage device and has nothing to do with securely erasing data. Reliable and final deletion of data is more complicated and takes some time; time that should be invested for the sake of your privacy. The importance of backing up your data and securely erasing it does not only arise in case of giving away your device for repairs or when selling it, but also if you are lacking space or if your operating system is slowing down. In the next couple of days we will focus in the second part of ‘Delete doesn’t mean it’s gone’ on how you can safely erase a single file. Until then we strongly recommend to take a look at the software we listed above.

Picture by Alexei Kuznetsov, flickr 
03/08/2016

Windows 10 Upgrade

In July 2015, Microsoft has launched its latest OS, Windows 10, with the offer to move from a genuinely installed and activated Windows 7 or Windows 8.1 to the new operating system for free. The offer ends on 29 July 2016 so time is running out to get the free version of Windows 10 that will cost $199.99 resp. CHF 149.95 afterwards.


We recommend our customers to upgrade for free before the deadline of 29 July 2016th (do not forget to create a complete backup of your user data before the upgrade). Even users who do not want to upgrade in the near future are advised to migrate to Windows 10 (and then downgrade again) in order to obtain the free Windows 10 license. That way your PC receives a “digital entitlement.”, i.e., your particular PC’s hardware is identified as eligible for Windows 10 going forward and the upgrade can be executed at a later point of time. To activate Windows 10 in the future, just download the Windows 10 installer files from Microsoft and create a bootable USB drive. You can then install Windows 10 and it will activate automatically thanks to that digital entitlement.

Keeping an Eye on the Settings

Windows 10 has been mostly well received by users with the exception of the “recommended” privacy settings that have been a trigger for many discussions between prospective Windows 10 users. The express settings of Windows 10 allow user data to be collected automatically by the operating system. These include voice commands, calendar entries, contacts, location or browsing history. Inexperienced users or those who are in a hurry and do not read carefully often choose the default settings and share so unknowingly their privacy with Microsoft. This can be avoided to a large extent by disabling the corresponding settings right after installing Windows 10. If one has already taken over the express settings, a tool like "DoNotSpy10", which is available for free, can facilitate the access to all relevant AntiSpy settings so that you can change them to let the operating system to learn as little as possible about you. You can find alternatives to “DoNotSpy10” here.

Another point of criticism is that Microsoft collects application data on user behavior or App Store activities to improve their ads, which are then displayed on the lock screen. This is another preset option for Windows 10, which can be switched off in the personal settings menu.
We therefore recommend that all users read the official Microsoft Privacy Statement carefully.

Support from Laptop Manufacturers

HP and Lenovo offer Windows 10 support on their own support pages. The upgrade process is described in detail and can be followed step by step.
First of all, please be aware that the upgrade program will prevent the installation of Windows 10 if your hard drive is encrypted with manufacturer-specific security applications such as HP ProtectTools. According to HP support, you must decrypt it before moving to Windows 10 and can encrypt it again after upgrade. Since the HP Client Security Manager/HP ProtectTools may block the upgrade process, it is recommended to deinstall the Client Security Manager prior to the upgrade in order to prevent error messages. It can be reinstalled after the upgrade again. Detailed instructions for the Windows 10 Upgrade can be found right here. Similar obstacles are not known to us with Lenovo ThinkPad models. The instructions and guidance for an update to Windows 10 can also be found on the support page of the manufacturer. Microsoft’s own devices, Surface 3, Surface Pro 3 and Surface Pro 4 should not cause any problems as far as we know. Here also some helpful guidance can be found on the manufacturers website.

Forever on Windows 7 or Windows 8.1?

As already mentioned, users who are not satisfied with the new operating system, may downgrade it again after the upgrade to Windows 10 (in the first month via automatic downgrade or simply by restoring it from a system image / system backup). Instructions can be found on the official Microsoft website. If you do not want to give Windows 10 a chance at all and would like to remain on one of the previously launched operating systems “forever”, it is not enough to simply close the upgrade reminder. Some users of Windows 7 and 8.1 mistakenly believe that the upgrade to Windows 10 can be refused simply by clicking on the red "X”. Again, it is recommended to read the content of the advertising window carefully and to act accordingly. You can also download a registry patch "NoWin10.reg" which suppresses the upgrade reliably.

If problems occur during the upgrade process, we recommend to contact the manufacturer support or Microsoft support directly. Our support is of course also available for assistance, either at our walk-in Help Points or by e-mail.

 

28/06/2016

iPad Pro Review

The iPad Pro with its proud 12.9-inch screen size and the corresponding Apple Pencil has been around for half a year now. In my opinion, the launch was a step in the right direction, but its size and weight is not suitable for students who are looking for a portable replacement of pen and paper.

This spring Apple introduced the newest member of the Pro-family, an 'small' 9.7 -inch iPad Pro that looks very much the same as its predecessors of the iPad Air series. Weighing only 437 g and paired with the smaller display size, it becomes attractive again for the modern student.

As an advocate of the paperless study and self-proclaimed lecture notes scatterbrain I have already tested several devices (Lenovo ThinkPad Yoga, Microsoft Surface Pro 3, Wacom Cintiq 13HD, HP Pro Slate 8) and in the end I chose the Galaxy Note 10.1 / 2014 for its weight and ease of use that has served me well for a long time now. Due to hardware and technical problems the time has come to replace my loyal companion. With the 12.9-inch iPad my curiosity was already piqued, but as mentioned before, I chose not to buy it because of its size. The recent introduction of the 9.7-inch iPad was now the opportunity to take the plunge and to check whether my prejudices against iPads are still justified.

First impressions

First things first: the price. The iPad Pro 9.7-inch is available in three versions with 32/128/256 GB of storage respectively and cost from CHF 689.- to CHF 1049.-. I opted for the version with 128 GB of storage space for CHF 869.- because I wanted to have the possibility to store and edit images while on the go. Add another CHF 109.- for the Apple Pencil that is sold separately. Additionally, since it is advisable to get a protective case to cover and protect the screen, I picked one from Apple, always demonstrating brand loyalty, which added a further CHF 118.- up to a total sum of CHF 1096.- for the package.

Such a sum has a non-negligible impact on an average student’s expenses. Nevertheless, the iPadPro’s price is within the range of other tablets (see Microsoft Surface Pro 4, the Lenovo IdeaPad Miix or the HP Elite x2). Although it must be said that most other tablets with a pen run a full version of Windows so the comparison might not hold too much water.

The first impression of the packaging is as you would expect it from Apple: white, plain and high quality. A charger and a very short instruction manual are included. The iPad Pro itself looks externally very much the same as the iPad Air 2 series, except for the protruding rear camera (more on that later) and the four speakers that are characteristic for the Pro series. The Apple Pencil also comes in a sleek, white cardboard. A spare tip and an adapter for charging the pen on the iPad charger are included.

What strikes me is the weight – it is the lightest device so far according to my experience with other tablet brands. Otherwise, the device makes a very solid impression. Starting and setting up the iPad Pro is very simple. After I logged into the home WLAN and followed the step by step instructions, I got the option to disable the "true tone" feature of the screen and compare the colors. Since the image without "true tone" had an unpleasant blue tint, I suppose that the color settings were not configured yet and not that this was the standard calibration of an iPad Air.

The iPad Pro as a daily driver

According to Apple the iPad Pro can replace a laptop. In my opinion, the biggest disadvantage compared to Windows tablets is the installed iOS, because it can only be used with applications that are available in the App Store. For technology or natural sciences students who often use complex tools, the iPad Pro is unable to completely replace the laptop.
However, as a small, mobile companion for simple tasks like reading and writing e-mails, office work, or photo editing, the iPad Pro is in the lead. The handful of preinstalled apps cover e-mailing and taking notes, for everything else the motto is "there is an app for that". The Microsoft Office Suite, for example, can be downloaded in the AppStore (free download, an existing Office license is required).
Using the device proves to be very pleasant, as it easily fits into your bag or on one of these narrow tables in the lecture halls.
Apple promises the same 10-hour battery life of every iPad that has come before. After several weeks of usage, I can confirm this statement.
One complaint would the design of the camera lens, which protrudes from the back of the iPad and therefore always runs the risk of being scratched on an uneven surface. Using a protection case solves the issue, but makes the device slightly thicker.

The Apple Pencil

For note-taking in lectures I use, like on my prior device, the OneNote app from Microsoft. The use of the Apple Pencil during lectures proves to be very comfortable, it has a good size and a pleasant weight. My concern that it would just roll off the table turns out to be unjustified. The weights inside the Pencil are positioned in such a manner that one side of the Pencil is heavier and it therefore it remains stationary on a level and even on slightly inclined surfaces if they are not too steep.
Writing or drawing is very accurate, the pencil slides with little resistance over the display. Somewhat unusual is the fact that there is no cursor displayed in the place where the pen would hit the screen. The laminated display and the high accuracy of the Apple Pencil create the illusion of writing on paper. Also worth mentioning is the fact that the pen is very exact in each area of the screen. With most other devices the pen behaves differently on the edges of the display, making it either noticeably inaccurate or completely useless for writing.

Conclusion

The iPad Pro proves to be a very useful device in the life of a typical student and is hereby awarded sole lead in terms of pen and display. Unfortunately, it loses a lot of points because of the lack of a fully featured operating system and the dependence on the App Store. According to the slogan "Faster than a speeding laptop.", the installation of an fully funcional OS X instead of the iOS should not be impossible.
Therefore, I can recommend the iPad Pro as a loyal companion throughout the studies, but not as a substitute for a "real" laptop.

 

About the author: Matthias Leutenegger is a master student in the Compotational Biology and Bioinformatics programme at ETH Zürich. He is a longtime Projekt Neptun webmaster, passionate webdevelopper and gamer.

20/06/2016