From: Chris McDonald STEWS-IM-CM-S (1/28/93) To: orvis%llnl.gov@wsmr-simtel20.ar, Mail*Link¨ SMTP Product Test 29 ****************************************************************************** PT-29 March 1991 ****************************************************************************** 1. Product Description: Secure Delete is a public domain (freeware) program to overwrite files on Macintosh systems. 2. Product Acquisition: Secure Delete is available on several repositories, to include the Macintosh repository on simtel20 (pd3:sdel_ distribution.sit.1). The author of the program is Todd Gustavson, a student at Caltech (tlg@tybalt.caltech.edu). I corresponded with the author electronically in March 1991 to confirm that version 1.02 was the most current release. 3. Product Tester: Chris Mc Donald, Computer Systems Analyst, Directorate of Information Management, White Sands Missile Range, NM 88002-5030, DSN: 258- 7548, DDN: cmcdonal@wsmr-emh03.army.mil 4. Product Test: a. I obtained the program from the simtel20 Macintosh repository manager in December 1990. I conducted tests from January through March 1991 on a Macintosh IIcx running system 6.0.5 with a 80MB hard drive. I have also tested the program on a variety of formatted removable diskettes. b. When a user "drags" a file to the TRASHCAN on a Macintosh system, the data on that file is still on a disk until overwritten. Files on the Macintosh can have two forks, a data fork and a resource fork. A file can have either one or both forks. Most documents have only data forks, and most applications have only resource forks. The data fork stores data such as text for word processing or data for databases and spreadsheets. The resource fork stores information about dialog boxes, windows, icons, etc. c. Secure Delete can overwrite both data and resource forks. The user double-clicks on the Secure Delete program file and then has two menu items displayed: (1) FILE; and (2) SECURITY. d. Once you select the file delete command under the FILE menu, four options appear: eject, drive, open and cancel. Selecting a drive results in a display of those files available for overwriting. e. The SECURITY menu has three commands: (1) one time overwrite; (2) three time overwrite (0's, 1's, 0's); and (3) one time random overwrite. f. The theory of operation is that a user chooses the overwrite option and then selects a file for deletion. The user clicks to "open" the program which will rename the file to be overwritten as "SecureDeleteTemp" before performing the action. The author states that his intention was to mask the name of a file which in itself may be "sensitive". This to further protect against file recovery utilities. g. I performed over 50 different deletion actions against files with both data and resource forks stored on the 80MB nonremovable drive. I encountered 3 anomalies during these tests. All three problems occured on application type files. Although the Secure Delete program created a "SecureDeleteTemp" for three separate applications, the overwriting of the files was not 100%. With Central Point's MAC Tools Deluxe, version 1.0, I was able to retrieve the names of two of the applications overwritten, and approximately two screens worth of both narrative and hex from the third file. The total size of the third file was 19.5K; so the actual amount of the file retrieved was small. I attempted to replicate the anomalies by loading fresh copies of all three applications to the hard disk and running Secure Delete once again. For the first two files I was once again able to retrieve the file names. For the third file Secure Delete was completely successful. h. The failure to overwrite the file name in two out over 50 tests may not be of critical importance. The failure to actually overwrite the contents of a file is another matter. Though I was unable to duplicate the problem, it did occur. The Macintosh system and drive are completely new within the last two months. Another utility within MAC Tools Deluxe was negative for any bad sectors or fragmentation on the hard drive both before and after the anomalies occurred. i. Testing on various removable disks was effective but not in accordance with Secure Delete's documentation. Although Secure Delete would delete files, a "SecureDeleteTemp" was NEVER created on any of my approximately two dozen tests. MAC Tools Deluxe could retrieve the actual name of the file from the list of deleted files; but the utility could not recover any of the files. On a removable disk with a system folder no record of either a "SecureDeleteTemp" or the actual file name could be retrieved. So ironically one was even more secure to delete a file on a disk with a system folder. j. I documented all problems and variances to the documentation, and sent them to the author for his evaluation. If and when he responds, it is my intention to update this product test. 5. Product Advantages: a. Secure Delete is free and can provide increased data confidentiality. b. The user has the ability to specify the type of overwrite desired. 6. Product Disadvantages: a. Secure Delete, given the anomalies I encountered, should only be used for unclassified-sensitive operations at this time. While the program can specify an overwrite which literally meets the criteria for the declassification of classified national defense information under the National Security Agency's Magnetic Remanence Security Guideline, its operation has some type of integrity problem. b. Secure Delete will only delete files. It has no option to delete an entire disk, folder, or unallocated memory blocks. c. The program has no formal certification or endorsement from any official group. Approval of the program will probably require the 2 authorization of respective information system security officers, or whoever within an organization is responsible for data security. 7. Comments: There are several commercial programs available to overwrite Macintosh disks (i.e., MAC Tools Deluxe, SUM, and Fort Knox). The commercial programs have extensive documentation, numerous options, and support staffs. I have MAC Tools Deluxe under evaluation at the present time, with plans for the eventual testing of SUM and Fort Knox. There have also been in depth reviews of these and similar products in trade publications and magazines for those who have an immediate requirement for some type of acquisition. The reality, however, is that there is a finite amount of funds available for those of us within government to acquire commercial software. It is sometimes just as difficult, if not more so, to reuse government-developed software. The mechanism to know what software is available for reuse, or even to find out what software has been written in-house, is mysterious. Secure Delete offers every user the capability within reason to protect against "browsing" and inadvertent disclosure of unclassified-sensitive information on magnetic media. While it has some problems, it still offers a visible means of protection at an "affordable" price. [The opinions expressed in this evaluation are those of the author, and should not be taken as representing official Department of Army positions or a commercial endorsement.] 3 ------------------ RFC822 Header Follows ------------------ Received: by internetqm.llnl.gov with SMTP;28 Jan 1993 20:18:08 U Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #12441) id <01GU2CFA3G28ERWYZJ@icdc.llnl.gov>; Thu, 28 Jan 1993 20:17 PST Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #12441) id <01GU2CEV7TNKERWYZI@icdc.llnl.gov>; Thu, 28 Jan 1993 20:17 PST Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA14227; Thu, 28 Jan 93 20:17:51 PST Received: from WSMR-SIMTEL20.ARMY.MIL by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA14217; Thu, 28 Jan 93 20:17:38 PST Received: from wsmr-emh03.army.mil by WSMR-SIMTEL20.ARMY.MIL with TCP; Thu, 28 Jan 1993 21:16:42 -0700 (MST) Resent-date: Thu, 28 Jan 1993 20:17 PST Date: Thu, 28 Jan 93 21:14:25 MST From: Chris McDonald STEWS-IM-CM-S Subject: Product Test 29 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: orvis%llnl.gov@wsmr-simtel20.army.MIL Resent-message-id: <01GU2CFA3G28ERWYZJ@icdc.llnl.gov> Message-id: <9301290417.AA14217@pierce.llnl.gov> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"orvis%llnl.gov@wsmr-simtel20.army.MIL" ======================================================================