marmite

Okay. Well there's nothing quite like a practical test If there's one set of tools that I trust more than pretty much anything, it's Sysinternals. I used this piece of software to wipe my system volume free space. The accompanying article has some interesting information about how sdelete works, both for secure file deletion and free space wiping. sdelete was written by Mark Russinovich, who is a Technical Fellow at Microsoft. He's forgotten more about the internal workings of Windows operating systems than I will ever learn. Needless to say I'm still here, and so is my system partition. I analysed my volume before and after the clean with a recovery tool, and as expected sdelete had securely wiped my free space. That's with just the default single sdelete pass (sdelete uses DOD 5220.22-M, but you can specify multiple passes if you wish). Also note that sdelete is a command-line tool; don't use it if you're not comfortable with that, or with interpreting the parameter selection/syntax. Additionally, it is only for use on XP onwards. Of course, I would hope and indeed expect that ccleaner be just as well behaved. And it has the advantage of a nice user interface Please note that a lot of this thread has strayed from the OP's original concerns. I'm just talking here about the practicalities of wiping free space on the system volume.

There's always copy'n'paste I suppose another thing worth mentioning is that if you only have one big volume, or a very big system volume, then the whole fill-and-delete thing ain't gonna be quick!

Damn - I do apologise. It's a widget I've had for a couple of years and I just googled it to find the web site ... since the site was still up I didn't even check the download link. I've taken that link out to stop others getting the same problem - thanks for pointing it out. Meanwhile I'll google for a similar tool!

Alan your post has piqued my curiosity . As someone who develops Enterprise level systems on an XP / W2k3 platform, I have never even had to concern myself with most of the "super-hidden" objects mentioned above; never mind worried about them. When you use some of the tools that expose things like this, there's maybe a tendency to worry unnecessarily (but understandably) about potential issues with them. Given the correct tools, I would have though that once you get down to disk level, the principles are the same whatever OS you're looking at. But that's not an area I have any experience with, practical or otherwise; so I won't comment further on that. Since these objects do not constitute free space, this is not a free space issue. You might be concerned at what's in these objects from a privacy perspective; but that's a different question. Effectively this is the same issue. Any OS files, hidden or otherwise, should not constitute free space. Therefore, any tool that wipes free space must be able to recognise the difference between free space and used space; otherwise it's not doing it's job. And if it fails to do that on your system volume then it's potential bad news. But if your disk tool can quite happily recognise these files, why shouldn't your free space wiper? They are both reading your disk directly and dealing with the raw entries; whereas your OS view is only showing you what it wants you to see. Your free space wiper probably doesn't give a damn whether the 1s and 0s it's reading translate to the disc space behind 'C:\$Extend\$UsnJnl:$J' or 'C:\my family pic.jpg' ... all it is interested in is whether that disk space is in use. I expect any tool, ccleaner included, that claims to be able to wipe your system volume, can do so effectively and properly. There can't be worse press for a piece of software than 'a feature' that trashes your OS partition! That's not to say throw caution to the wind. I think Steff's approach is the safest (and the approach you seem to advocate with your reference to a boot disk), which is not to do this on an active system partition; i.e. do it from a start-up task outside of Windows or better still from a boot disk. But this is one scenario when I'd definitely want a current partition back-up available! And if you're still unsure I think the safest way for the nervous or untrusting is ... fill your free space with 'filler' files and then securely delete them ... it certainly works! And at the end of the day it also really comes back around to whether you need to wipe your free space. One of those issues that will run and run I think. But as I said earlier in the thread ... the only point in wiping free space is if you have files that have been insecurely deleted and you really feel the need to write all over your free space to make sure they're gone. If you have sensitive or private stuff you no longer want wipe it as you go along or keep it in an encrypted volume. If you do either of those there's no need to wipe free space.

For an interesting security read I recommend subscribing to Bruce Schneier's monthly newsletter. You can read it or subscribe here ... http://www.schneier.com/crypto-gram.html Techie stuff, but great as a reference site and for things like improving your javascript ... http://www.w3schools.com/ Some good dos stuff here ... http://www.computerhope.com/ Can't go wrong with Sysinternals ... something for everyone ... http://technet.microsoft.com/en-us/sysinternals/default.aspx Ever tried waking-up your computer ... remotely ... http://www.depicus.com/wake-on-lan/ 10 Immutable Laws of Security http://technet.microsoft.com/en-gb/library/cc722487.aspx How many holes are there in your software ... http://secunia.com/advisories/product/ Portable applications for your USB stick ...http://portableapps.com/ If you're fairly technically savvy, the Microsoft technical resources and developer network are very useful sources of information: http://technet.microsoft.com/ http://msdn.microsoft.com/

For general and specific IT news ... http://www.theregister.co.uk ... aka 'el reg'

Brilliant - thank you. 2 minutes 10 seconds instead of 3 days and counting!!!

Good point!

'Metadata' is a generic term ... what particular metadata (what files/objects) are you referring to Alan? Edited to add ... and if we're talking files then it won't be related to free space wiping anyway; more to do with ordinary ccleaner clean-ups.

IE8 is fairly new - Dell probably just aren't shipping it yet ... or it didn't make it into Kool Cat's machine. There should not be any problem at all in upgrading to IE8. As for the cookies, there can be multipe cookies for a website. I would close the browsers, delete all cookies, then go back to the google website and go through all of the customisations to get everything a required. Then open ccleaner and view the cookies - the ones relating to gogle should be more obvious having got rid of everything else. Move all of the relevant ones to 'keep' and see how that goes.

Fleet Command, I read that as "How do I stop the CCleaner from erasing my Google home page", not "How do I stop the CCleaner from erasing 'My Google' home page". It may be that the OP did mean 'My Google' home page and this is a cookie issue. However, I don't think that the cookies' index.dat is removed by ccleaner. Although it appears to be marked for deletion like the other index.dat files, it doesn't actually seem to be re-created. That's the behaviour I've found on both an XP Home and an XP Professional installation. My cookies were preserved irrespective of the index.dat setting. And that makes sense; if checking index.dat did make a difference, that would indeed render ccleaner's cookie preservation useless unless users left index.dat unchecked ... I think there would be a large number of people screaming loudly if that were the case!

Clearing index.dat should not affect the home page setting; that's stored in the registry.

That's interesting. I'm assuming you were running under the profile that lives under your name. So we're only interested in those files (ccleaner only cleans the profile file under the profile that you are actually running ccleaner under), plus the 'C:\WINDOWS' one. Bear in mind that these files have a default creation size; they don't start off at zero kb. I think 16kb and 32kb are IE7 default kinda sizes. The only file that seems to have an odd size is 'IECompatCache' ... but from what I can see (on Google) this may not contain user (your) data anyway. The only things I can't reconcile are the file timestamps (... so maybe there are entries in there ... see the suggestions below). That leaves C:\WINDOWS\... I have no idea why there would be files there that are essentially profile files, unless the user or the system has moved them there; either way I strongly doubt that is a default ccleaner 'mop up' location. This product will tell you which files are scheduled to be removed at next reboot (e.g. after you've run ccleaner with index.dat selected). Just confirm this works on your OS - you haven't said what it is but I assume XP from the path names. Other products will allow you to view .dat file content. For example NirSoft do ones that allow you to easily browse your IE history and IE temporary files cache. This may enable you to see what's actually there after you've rebooted. I'm not expressing an opinion as to whether there's anything wrong here (not least because I don't have IE8) - just adding some background ideas and information.

Hi Fleet Command. Do you know that the extensions that ccleaner highlighted for removal actually had current file associations? It is possible to have redundant file extensions that are present in the registry and which are in use by installed applications, but do not have a file association. Just because a program names files using a certan extension doesn't necessarily mean an entry is required in the registry. Effectively what's taking place is an integrity check - ccleaner is cross-referencing items either internally - (like checking for orphaned file extensions) or externally (like that a filename a progam path in a start-up entry actually exists). All that any reg cleaner can do is report these 'inconsistencies'. I would hope that anything that ccleaner removes is based on the idea that there is, definitively, an inconsistency. However, like many of these things, there's always the possibility that an application is using the registry in an unconventional manner. However, ccleaner gives you ample opportunity to back up your registry and it also explains each and every 'inconsistency' to help the user to make a more informed decision about removing an entry. It can't really do more than that. I understand your concerns, but have you actually run ccleaner regcleaner and it has caused you a problem, or are you just reluctant to do so because you believe that it will? Edited to add ... I note that ACDSee is a photo viewer. Is it possible that another program has re-established or changed a file association previously held by ACDSee - thereby orphaning its association?

One thing you won't find on here is lack of an opinion Personally, I don't think it matters whether these controls are buttons or not. Their behaviour has clearly (and I think quite effectively) been manipulated to be similar to tabs. That they are buttons is neither here nor there to me. If they were traditionally styled buttons, then I could see your point; but I don't see any usability or style problems around what's been done here.

Glad you're sorted ... by whatever means FWIW I've never had a problem with Eraser, and at some point I've probably done a system partition free space wipe, though I've no idea at what version. I can say that I will continue to confidently use context menu 5.8.7 for secure file deletion. Just as a result of a couple of recent threads on these forums I've done quite a bit of messing around with deletion / recovery and I still find Eraser to be the most performant and the best at it what it does ... this includes a comparison with the PGP shredder. I'll be the first to post if my partition disappears Also note I'm not knocking ccleaner here either ... in this context I'm more interested in ad hoc file wiping; not something done as part of a wider-scoped and periodic 'cclean' for which I will still use a ccleaner 3-pass.

Andavari and abu aufa thanks for the links. I use quite a bit of NirSoft stuff but that one passed me by. And the Auslogics tool is neat too.

Really? Must try that one

Or to corrupt a line from 'Aliens' ... "I say we take off and nuke the whole HD from orbit - it's the only way to be sure"

It's more likely to be gmail. Some sites play with the browser history mechanism to 'discourage' the user going back to a page outside of their site. How effective that is may be browser dependent. I get mixed results with gmail on IE. You should still be able to use the drop-down history button next to the browser back/forward buttons.

Thanks Steff; strong words. Though you wonder how many of those issues are personal. Also, I wouldn't expect a complete rewrite of the 'core' to be a minor point release. There are currently 13 open defects on Eraser - none look particularly serious. I'm not 'defending' the product - I'm following up to look after my own interests because I don't want to be using something that will break my system. And I don't use it to wipe free space ... which may be safer

@ Steff: What was his justification for that statement? @ AssChin: What version of Eraser were you using (quite successfully, by the sound of it)? Just a comment on free space wiping in general. IMHO habitually wiping free-space is a time-consuming and unnecessary exercise. If you create a lot of material that you subsequently don't want to leave visible or recoverable then it's better (and easier) to securely delete these files as you go along. I tend just wipe stuff on a point of principle ... privacy! If someone breaks into the house and nicks my PC I don't want bank details or family photos available to all and sundry. Anything non-transient just goes into a TrueCrypt volume.

Absolutely ... and a useless exercise As per my first post, IMHO Gutmann is a pointless overkill in any scenario. But I wasn't thinking about Gutmann - I just wondered if the OP was expecting three passes and actually got just one.

Interesting points. I've used Eraser for years. Wiping is all that it does and it does it very well. I can't comment on the accuracy of the OP's findings, but if any product offers 'secure deletion' as ccleaner does, then it should do what it claims to do. I'm betting (it's not mentioned explicitly) that when the OP ran Eraser (and Encase [a leading commercial forensic investigative tool] found the drive wiped clean) it was also done with just a 3-pass. I would call that to all intents and purposes 'forensically clean'. Even with electromagnetic scanning tools what might be recovered is still moot . So when something like ccleaner offers a 35-pass Gutmann (or as Augeas said t'other day "My post count would be halved if Gutmann had kept his mouth shut.") then I would certainly not expect to be able to retrieve the file content! If the OP is correct, why not get ccleaner to wipe 3 times properly, rather than 35 times 'not very well'? Probably wouldn't help the sales pitch ... the causual user would say "huh, this only does a 3 pass erase" I would like to see the devs' comments too. I would expect a 3-pass (or logically, a one-pass, but I'm the nervy type) to leave file content unrecoverable by any software. Also interesting that the other product does (apparently) erase file names on a free-space wipe - wonder why ccleaner (apparently) doesn't? Edited to add: Augeas I've just read here that you think 'wipe free space' doesn't perform multiple passes. I can't find that in the documentation - have you a reference to that please?

Avira Antivir free. I used to use AVG but that got very naggy. I love Antivir's interface and its configurability. My update is scheduled every two hours ... I know ... overkill And if I hadn't suppressed the nag screen that would probably annoy the hell out of me.