From: Chris McDonald (8/24/93) To: reviewslist:;@WSMR-SIMTEL20.ARM, Mail*Link¨ SMTP Product Test # 63, TrashGua ****************************************************************************** PT-63 August 1993 ****************************************************************************** 1. Product Description: TrashGuard is a commercial program which "shreds" any file placed into the Trash on a Macintosh system. This product test addresses version 1.0.2. 2. Product Acquisition: TrashGuard is available from ASD Software, Inc., 4650 Arrow Highway, E-6, Montclair, CA 91763. The ASD telephone is (714) 624- 2594; the FAX number is (714) 624-9574. Site licenses and multiple copy discounts are available. Third party mail order firms offer a single copy for under $50.00. 3. Product Tester: Chris Mc Donald, Computer Systems Analyst, Directorate of Information Management, White Sands Missile Range, NM 88002-5006, DSN: 258-7548, DDN: cmcdonal@wsmr-emh34.army.mil. 4. Product Test: a. I obtained the product from MacWarehouse for $49.00 in April 1993. The product arrived on a single 3 1/2" disk with a 22 page manual. I installed the program on a Macintosh IIcx with System 7. The manual indicates that one must have system 6.0.7 or higher installed. Tests occurred from July 20 through August 20, 1993. b. When a user "drags" a file to the TRASH on a Macintosh system, the data on that file is still on a disk until overwritten. Files on the Macintosh can have two forks, a data fork and a resource fork. A file can have either one or both forks. Most documents have only data forks, and most applications have only resource forks. The data fork stores data such as text for word processing or data for databases and spreadsheets. The resource fork stores information about dialog boxes, windows, icons, etc. c. A user must understand the distinction between certain terms to evaluate TrashGuard's performance. The DoD Magnetic Remanence Security Guideline (CSC-STD-005-85) provides these definitions: (1) Clear = a procedure used to erase data stored on media, but lacking the totality of a declassification procedure. (2) Declassify = a procedure to totally remove all classified or sensitive information stored on magnetic media followed by a review of the procedure performed. (3) Overwrite = a procedure to remove or destroy data recorded on magnetic media by recording patterns of unclassified data over or on top of the data stored on the media. (4) Sanitize = a procedure to erase or overwrite data stored on magnetic media for the purpose of declassifying the media. For the declassification or sanitization of classified national defense information a user must invoke a specific overwrite pattern should he or she choose this method of declassification. A user may have an option, however, in the declassification or sanitization of unclassified sensitive information. In fact, agency standards could vary on the specific clearing or overwriting requirements for unclassified magnetic media. d. TrashGuard documentation states that it can overwrite files which a user places into the Trash utilizing a "custom pattern" or the "U.S. DoD specifications". Unfortunately neither the documentation nor the on-line help provide an adequate description of the overwriting mechanism to determine if TrashGuard actually implements DoD specifications described in the Magnetic Remanence Security Guideline. Therefore, I am unable to independently confirm the vendor's claim regarding "sanitization". I was able to confirm that the program does "clear" and "overwrite" files. e. Installation of the program followed the documentation instructions. One drags the TrashGuard installer icon onto the hard disk. Double-clicking on the icon places TrashGuard in the Control Panel folder of the System folder for System 7 users. One then restarts the system to complete installation. f. One selects the Control Panels from the Apple menu to configure the program. When one opens TrashGuard, the Control Panel displays these selections: (1) On Off (2) Set Password (3) Options (4) Exceptions (5) About (6) Help The first selection allows one to turn the program on and off. The second permits one to set a password from 4-15 characters in length to control access to the TrashGuard Control Panel. The third selection provides the actual overwrite options. The "Exceptions" selection allows an experienced user to establish "exceptions" to the default settings as well as to simplify file disposal in general. The "About" selection displays the name of the program author (i.e., Mahrez Berchouchi), the version number, and the serial number. Finally, the "Help" selection provides essentially a condensed version of the printed manual. g. It is the third selection, Options, which is the essential component. These selections are the important settings in my opinion. (1) One can choose to have TrashGuard invoked for several volume types (i.e., Network, Floppy or Removable). 2 (2) One can have every file placed in the Trash "shredded by default". (3) One can choose between a "custom pattern" or "U.S. DoD specifications" for shredding. (4) One can activate TrashGuard under "Finder Only" which will prevent the program from interrupting you when an application discards a temporary file. h. I performed dozens of operations in which I dragged files and folders from the hard disk and from disks inserted in the floppy drive into the Trash. In every case TrashGuard performed as indicated in the documentation. I utilized both the custom pattern and the DoD specification shredding patterns. Once a file or folder had been overwritten I attempted to verify the correct operation of the program. I used Fedit, MacSnoop and MacTools to attempt the recovery of information. I was unable to recover any data subjected to either one of the overwriting patterns. As stated earlier, however, I cannot state the program does or does not implement DoD specifications for sanitization. i. I verified the functionality of the "Exceptions" selection and of the "Set Password" feature to protect the TrashGuard Control Panel. 5. Product Advantages: a. TrashGuard appears to clean and overwrite files dragged into the Trash. b. Since the program installs as a Control Panel, and since one can password protect the Control Panel to ensure shredding by default, one can implement mandatory shredding without user intervention. 6. Product Disadvantages: a. TrashGuard has no formal certification or endorsement from the National Security Agency or from the Department of Defense. Sometime ago NSA announced that it would no longer certify software declassification or sanitization programs. Therefore, approval of the program will probably require the authorization of respective information system security officers, or whoever within an organization is responsible for data security. Different agencies will logically have different approval policies and procedures. b. The program only works on those files/folders dragged into the Trash. One does not have the flexibility to clean an entire hard disk, diskette, or removable drive in an easy manner. c. The lack of information on the program's implementation of DoD specifications for sanitization is a major curiosity. The vendor states with "emphatic assertion" that TrashGuard does implement the specifications, but really needs to provide a concrete description of the program's operation. 7. Comments: There is an inordinate amount of controversy over the use of software 3 to clean and to sanitize media. Clearly there is a major difference between removing any trace of classified national defense information versus removing any trace of unclassified sensitive data. It seems appropriate to employ a mix of programs, supplemented by hardware degaussers, to address the overall risk associated with magnetic remanence. For certain media and depending upon the sensitivity level of the data, one may still face the physical destruction of media as the only alternative. [The opinions expressed in this evaluation are those of the author, and should not be taken as representing official Department of Army positions or a commercial endorsement.] FOR FURTHER REFERENCE: PT-29 SECURE DELETE PT-32 MACTOOLS PT-33 FT. KNOX PT-37 VIPER PT-57 NORTON UTILITIES FOR MACINTOSH 4 ------- ------------------ RFC822 Header Follows ------------------ Received: by internetqm.llnl.gov with SMTP;24 Aug 1993 09:20:26 -0800 Return-path: CMCDONALD@WSMR-SIMTEL20.ARMY.MIL Received: from icdc.llnl.gov by icdc.llnl.gov (PMDF #3384 ) id <01H245RJB7JKAW4802@icdc.llnl.gov>; Tue, 24 Aug 1993 07:17:16 PDT Received: from pierce.llnl.gov (128.115.18.253) by icdc.llnl.gov (PMDF #3384 ) id <01H245QSLX28AW45LZ@icdc.llnl.gov>; Tue, 24 Aug 1993 07:16:43 PDT Received: by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA12779; Tue, 24 Aug 93 07:16:36 PDT Received: from WSMR-SIMTEL20.ARMY.MIL by pierce.llnl.gov (4.1/LLNL-1.18/llnl.gov-05.92) id AA12770; Tue, 24 Aug 93 07:16:25 PDT Date: 24 Aug 1993 07:58:45 -0700 (MDT) From: Chris McDonald Subject: Product Test # 63, TrashGuard, version 1.0.2 Resent-to: BILL_ORVIS@QUICKMAIL.llnl.GOV To: reviewslist:;@WSMR-SIMTEL20.ARMY.MIL Resent-message-id: <01H245RJFRIAAW4802@icdc.llnl.gov> Message-id: <12903666803.12.CMCDONALD@WSMR-SIMTEL20.ARMY.MIL> X-Envelope-to: BILL_ORVIS@QUICKMAIL.llnl.gov X-VMS-To: IN%"reviewslist:;@WSMR-SIMTEL20.ARMY.MIL" Content-transfer-encoding: 7BIT ======================================================================