From: Chris McDonald STEWS-IM-CM-S (1/28/93) To: orvis%llnl.gov@wsmr-simtel20.ar, Mail*Link¨ SMTP Product Test 37 ****************************************************************************** PT-37 August 1991 ****************************************************************************** 1. Product Description: Viper is a commercial program to overwrite information on Macintosh compatible floppy or hard disks. The current version at the date of this report is 1.0.4. 2. Product Acquisition: Viper is available from SCS, 3206 Harvard Blvd, Dayton, OH 45406. The telephone number is 513-275-2937. The cost is $49.95 plus shipping. 3. Product Tester: Chris Mc Donald, Computer Systems Analyst, Directorate of Information Management, White Sands Missile Range, NM 88002-5030, DSN: 258-7548, DDN: cmcdonal@wsmr-emh03.army.mil or cmcdonald@wsmr-simtel20.army. 4. Product Test: a. I obtained the product directly from SCS in May 1991. The version received was 1.0. I subsequently received free upgrades to 1.0.1B and then to 1.0.4 in July 1991. I conducted tests from May through August 1991 on a Macintosh IIcx running system 6.0.5 with a 80MB hard drive. I have also tested the program on a variety of formatted removable diskettes. b. Version 1.0.4 "positively requests system 6.0.4, a Mac512Ke, 128K ROMS, 512 of application heap or larger". The Viper manual, which addresses version 1.0, states that the program is compatible with Macintosh Plus, SE; Macintosh II (SE/30, II, IIcx, IIci, IIx, IIfx); and Macintosh Classic, SI, LC. Viper will overwrite an 800K, 1,440K high density disk, or Apple HFS compatible disk (both SCSI and non-SCSI). The program will not overwrite a 400K (MFS) floppy disk. c. When a user "drags" a file to the TRASHCAN on a Macintosh system, the data on that file is still on a disk until overwritten. Files on the Macintosh can have two forks, a data fork and a resource fork. A file can have either one or both forks. Most documents have only data forks, and most applications have only resource forks. The data fork stores data such as text for word processing or data for databases and spreadsheets. The resource fork stores information about dialog boxes, windows, icons, etc. d. A user must understand the distinction between certain terms to properly appreciate and to use Viper menu options. The DoD Magnetic Remanence Security Guideline (CSC-STD-005-85) provides these definitions: (1) Clear = a procedure used to erase data stored on media, but lacking the totality of a declassification procedure. (2) Declassify = a procedure to totally remove all classified or sensitive information stored on magnetic media followed by a review of the procedure performed. (3) Overwrite = a procedure to remove or destroy data recorded on magnetic media by recording patterns of unclassified data over or on top of the data stored on the media. (4) Sanitize = a procedure to erase or overwrite data stored on magnetic media for the purpose of declassifying the media. For the declassification or sanitization of classified national defense information a user must invoke a specific overwrite pattern should he or she choose this method of declassification. A user may have an option, however, in the declassification or sanitization of unclassified sensitive information. In fact, agency standards could vary on the specific clearing or overwriting requirements for unclassified magnetic media. e. Viper provides the capability to overwrite media in accordance with the stated definitions. Overwrite is actually a two step process. A user first verifies that information on a disk can be read. Then a user specifies the overwrite sequence to saturate each location on the disk. f. When one opens the program by double-clicking on the icon, the Viper Window displays icons representing the active disks in the system and offers two active buttons: Help and Setup. The manual instructs the user to select Setup. The Setup Window has three available functions: checkboxes, arrows and buttons. At version 1.0.4 the checkbox function defaults to Verify. The user then Saves this function which results in a return to the Viper Window. g. The Viper Window now displays four active buttons: Help, Setup, Info and Go. The users clicks on the target disk to be verified and then selects Go. The Info button may be used to show information on the disk selected; however, it is not mandatory for program execution. h. The Verify operation begins with a bar gauge and a spinning watch cursor tracking the progress of the operation. If there is an error, Viper will attempt to continue the Verify. If too many errors occur, the program will abort and return to the Viper Window. i. When the Verify operation has completed, the user receives a message at the bottom of the Viper Window "Print Now for a Report". The user has the option to only preview the report; to preview and then print it; or to simply print the report. Were Viper to report significant Verify errors, the manual suggests that the user utilize a disk utility to "manually inspect the blocks causing the problem". j. If Verify runs successfully, then the user is ready for the overwrite step. From the Viper Window the user chooses the Setup button. The user then has three operations to perform. First, one must select Overwrite checkbox. Second, one must select the overwrite repetitions which are controlled by arrows. The default is 2 repetitions. The user may set the program for as many as 9 repetitions. Third, one can select the overwrite pattern in binary, or accept the default. One saves these operations by clicking the Save button. This closes the Setup Window and returns the user to the Viper Window. One clicks on the target disk, selects the Go button, and the overwrite begins. The user does receive a request for confirmation of the operation. A 2 successful Overwrite Run results in the bar gauge turning completely dark, and then it disappears. At this point the overwritten disk will be formatted and will be assigned the name "Scrubbed Disk". The user has the option to preview the Overwrite Report; to preview and print; or to print without review. k. I tested all options with no significant problems. I used Fedit, MacSnoop and MacTools Deluxe to verify the correct operation of Viper's overwrite and sanitization routines. I was unable to recover any data subjected to an overwrite or sanitization procedure. It is beyond my technical capabilities and assigned job responsibilities to perform any type of magnetic remanence examination of storage media. I can only observe that Viper appeared to successfully implement the DoD guideline procedures. l. I did have questions on how many verify errors Viper will tolerate before aborting and what certain error messages mean. I sent an Internet message to the address indicated in the manual and received a telephone call as well as an electronic confirmation. The answer to the first question was that approximately 20 errors might be tolerated. That number is not fixed in concrete. Obviously verify errors point to potential problems in overwriting specific blocks. So any number should generate concern. The discussion on error messages was very basic. There are over 35 different error listings used. m. The Disk Scrubber Report and the Disk Overwrite Report record disk information, user options, overwrite errors, verify errors, and run time. The Disk Overwrite Report has additional blocks which, if completed, could serve as an official record of sanitization for those organizations which require a written certification. 5. Product Advantages: a. Viper performed as documented. b. The declassification and sanitization of storage media is a critical concern for most government agencies. Even the private sector has shown an increased interest in this issue. Viper addresses this concern at a reasonable price. 6. Product Disadvantages: a. Viper has no formal certification or endorsement from the National Security Agency or from the Department of Defense. Sometime ago NSA announced that it would no longer certify software declassification or sanitization programs. Therefore, approval of the program will probably require the authorization of respective information system security officers, or whoever within an organization is responsible for data security. Different agencies will logically have different approval policies and procedures. b. Viper has no option for the sanitization of individual files or folders. Its operation is all or nothing. For the sanitization of unclassified sensitive information this approach may be inconvenient for 3 certain environments. c. Version 1.0.4 causes problems if a user has an HP Deskwriter. SCS is aware of the problem and is working with HP to eliminate it. In my own case printing a report results in the crash of the system upon the completion of printing. The good news is that one gets a report; the bad news is that one must then restart. If one has no requirement to print a report, then users of HP Deskwriters have no problem. 7. Comments: There are several commercial programs available to overwrite Macintosh disks (i.e., MAC Tools Deluxe, SUM, VIPER, and Ft. Knox). I am working my way through these and potentially other programs. Viper in my limited tests performed well. Reference: Product Test PT-20 March 1991 SecureDelete Product Test PT-33 April 1991 Ft. Knox [The opinions expressed in this evaluation are those of the author, and should not be taken as representing official Department of Army positions or a commercial endorsement.] 4 ------------------ RFC822 Header Follows ------------------ Received: by internetqm.llnl.gov with SMTP;28 Jan 1993 20:38:57 U Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #12441) id <01GU2D55XAIOERWW45@icdc.llnl.gov>; Thu, 28 Jan 1993 20:38 PST Received: from pierce.llnl.gov by icdc.llnl.gov (PMDF #12441) id <01GU2D4LLE4WERWZ0P@icdc.llnl.gov>; Thu, 28 Jan 1993 20:38 PST Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA14389; Thu, 28 Jan 93 20:38:32 PST Received: from WSMR-SIMTEL20.ARMY.MIL by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA14380; Thu, 28 Jan 93 20:38:07 PST Received: from wsmr-emh03.army.mil by WSMR-SIMTEL20.ARMY.MIL with TCP; Thu, 28 Jan 1993 21:37:15 -0700 (MST) Resent-date: Thu, 28 Jan 1993 20:38 PST Date: Thu, 28 Jan 93 21:33:11 MST From: Chris McDonald STEWS-IM-CM-S Subject: Product Test 37 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: orvis%llnl.gov@wsmr-simtel20.army.MIL Resent-message-id: <01GU2D55XAIOERWW45@icdc.llnl.gov> Message-id: <9301290438.AA14380@pierce.llnl.gov> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"orvis%llnl.gov@wsmr-simtel20.army.MIL" ======================================================================