Using CCleaner on SSDs (please bear with me on this)

[Hacked Off]

Hi ,

I need some help with the way CC works, but in return, I might be able to clarify about the way the solid state memory works?

Firstly does anyone know if CC wipes unused space on SS Memories by first filling the spare space with garbage, and then deleting it?

I ask because after several hours, I cannot find any up to date info on this?  This is the ONLY way to "erase" anything from solid state memories.

The way SSDs work is different as you know to HDDs.  HDDs have real memory addresses - So an address will ALWAYS point to a specific point on a specific track.  SSDs have software built right into them at the chip level.  It is called "Wear Leveling" and it's only job is to try to make sure that no memory address gets written to so much that it wears out long before it should.  So memory address "x" might refer to position x+1 next time, and something completely different the next time and so on.

So no file can be "erased" on SSDs, as the wear leveling will be sending the writes to all different parts of the device and the original file will only be deleted and most likely still recoverable.

The same comes into play with MFT and also cluster tips.  Say you have 4K clusters set up.  When that is overwritten with a full 4K, then the old data is gone.  But what if only a little data was written to it?  The rest of that 4K might be marked as unused, but the old data will still be in there.  These are the cluster tips, and while not likely to contain much, could in theory at least contain passwords, medical test results, confidential financial details or whatever.  So some people like to clean them as well.  They cannot be cleaned on SSDs for the same reason that files cannot be.

The MFT is kind of like a "Contents List" of what is on the drive and where it is located.  On SSDs it also gets deleted when files are erased, but the wear leveling means it will not be overwritten for some time, potentially never  overwritten.  This is most likely if the drive was becoming full and it was written near the end of the MFT.  If things are deleted and a lot less fo the drive is used, then there can be a lot in the MFT that does not get overwritten for some time.

Defragging an SSD is pointless.  The drive reads data from wherever it is at the same speed as if the data was all in one continuous lump.  Even if you try, wear leveling will mean the data gets moved to less used parts of the device and most likely even more split up.  This will make no difference to the speed of the device, but leaves even more spaces with your potentially embarrassing old data in.

With SSDs, even a single overwrite means the data is gone for good.  On HDDs there used to be "remainance".  This was where the new track would not quite follow the old one, so an oscilloscope could often read the remaining magnetism in the old track and recover the data that way.  This was why there were standards for how often a disc should be overwritten - You had to overwrite so often, that the slight wobbles from perfectly circular tracks would statistically most like have overwritten the position of the original track at some stage.  I even wrote my own standard where every byte was overwritten by first binary 10101010, then 01010101.  That way every bit was flipped ever 2 overwrites and the rest of the overwrites was to try and make sure the natural wobble would most likely have overwritten the original track at some point.  Nice history, but not really relevant anymore.  Modern high density HDDs have the tracks so close to each other that I have not heard of any data being recovered from being overwritten this way for many years.  The tracks are so close, that the wobble has to be barely measurable and so the magnetic domains are so small, that nothing statistical remains after being overwritten AFAIK.

Sanitizing a drive for recycling or junking is another matter.  Both SSDs and HDDs over time develop "bad sectors".  The chips on the drive mark it as bad and not to be used.  But the data that was written on it will still most likely be on it.  If it is important that you do not want to take chances with even this data, then you can use Darik's Boot And Nuke (DBAN).  I think there are other programs as well that claim to do the same thing, but are not as well known.  Personally I always do a search for the manufacturer of the drive and the words "low level format".  This is because ordinary erasing software like CC or even Eraser do not clean sectors that are marked as bad, and it is complicated by translation software.  I don't want to get into that as it is horribly complicated...but basically drives have so much memory now that one of the chips on the drive has to translate the head/cylinder/track that the computer talks, to the actual head/cylinder/track of the HDD, or memory address of the SDD.  So I always low level format those drives for recycling.

If a drive has failed and so cannot be sold, you can't sanitize it either...  Now what?  I have read some wonderful ideas, like blasting them with shotguns (TL;DR: Works with SDDs, not so much with HDDs, - Too much of the surface remains undamaged).  Also not everyone has shotguns, thermite, or neighbors that will not freak out.  So SDDs can be destroyed by electrically destroying chips.  A taser does a reasonable job, or earth one of the thicker tracks and attack the rest of the tracks with the guts of an air ionizer, neon lamp driver or any other high voltage.  BE SAFE - BE INSULATED AND PHYSICAL PROTECTION AS CHIPS CAN AND DO EXPLODE IF YOU PUT TOO MUCH CURRENT THROUGH THEM.  If you do not know how to be safe, then physically destroy them by taking out the boards and cutting them with "tinsnips" right through the middle of each chip, so that you can see the thin sliver of dark, glassy silicon in the middle of the chip has been cut through.  Use good scissors on the chips in old "smart cards" like in decoders, some travel cards, and "chip and pin" credit cards.  HDDs can have the discs taken out and melted under a torch if you have one, or the red hot embers of a dying big bonfire.  You can also scour off the surface with wire wool / Brillo pad.  Better is an angle grinder with a "flap disc" or just a plain sanding disk, or even a palm sander.  Just use "emery cloth" instead of sandpaper.  I am not sure, but you might even be able to remove a sufficient depth these days with nothing more than a polish with Brasso or similar.

I wrote this because I needed help primarily, but also because while searching for the answer (not just on the CC forum, but the internet in general), I found there was a lot of confusion and sometimes incorrect advice.  I thought I might be able to pay something forward?

Regards to all.

S.

[Augeas]

To answer your question CC will, if you absoultely force it to, fill the disk with zero-filled files, and then delete them. However CC will warn against this, and indeed it is utterly pointless, achieves nothing, and will hammer the MFT and other system files. It does not even 'fill' the device. It is not, as you imply, 'the ONLY way to "erase" anything from solid state memories'. There is no way, using O/S software. TRIM will do it all for you.

There's a lot here that is shall we say contentious, but I'm not going to get into a lengthy exposition. If you want you could read through  http://kcall.co.uk/ssd/index.html which goes into considerable detail, even though it is still being updated. You could swap ssd for ntfs in the url for even more bed time reading.

[Hacked Off]

Hi Augeas,

Well your reply troubled me, so I have been reading - Especially the interesting link you included.

Firstly, Mea culpa...I should have been more careful to point out what is peculiar to HDDs and what is to SSDs.  Like cluster tips are hard drive only.  If you understand how compressing a drive removes cluster tips on a HDD (ie, slack space), then you are part of the way to understanding how pages work in SSDs.

However, I pretty much stand by what I wrote with the proviso that some parts are applicable only to HDDs.  I do fully understand the futility of trying to write all zeros to solid state memories - But that is not what I had in mind at all.  I was thinking more of random data posing as files.  The system is not aware that it can be ignored, it just thinks the drive is filling up.  This should indeed be done after optimizing the drive in W10 to flush the pages, so that they can be used.  I am sorry to not make it plainer that my intention was that CC could literally fill every part of the drive with garbage files, and then delete them afterwards.  Just writing one file then deleting it, writing another file and deleting it, et. al. is utterly pointless as you rightly say.  Neither way is good for the MFT, but one has assume that the SSDs were built with many writes to the MFT (and so considerable redundancy) in mind.  Since it does not matter whether the data is CC garbage files, or user files.  The MFT has to be robust enough to cope with user data.

I also would have written CC to try to fill the MFT by writing many small garbage files, only switching to larger ones as the MFT fills up.  I am not sure of the practicality of that though, since I suspect that more space will be automatically allocated to the MFT as it fills up.  This was one of the things my o.p. was trying to ascertain about CC?

Truthfully, I think such a system would remove data, possibly even all of it.  But I am now more convinced than ever thanks to you and the link that you so kindly provided, that SSDs cannot be guaranteed to be sanitized and that physical destruction must be preformed on them prior to disposal where they have been used in financial businesses or any other organization that might have sensitive data on them.

Incidentally, I cannot quite agree (lets say your excellent phrase of contentious) with the link you gave me and its conclusion on the lifetime of SSDs.  There is much confusion over MTBF and its meaning(s) - Not helped by the electronics industry changing the meaning slightly after a couple of years or so. Basically is is only an average, not a guarantee.  So an MTTF/MTBF of 1Mh (mega-hour) sounds great, but your could fail within the first hour.  The same is true with HDDs of course, so I would argue it is meaningless in this context...except for this is a purely electronic device, so the more read/writes it does, the more likely it will fail sooner rather than later.  Worse is that unless you know what sort of memory is in your SSD, it could be a mere 40,000 writes in it; on average.  That was the problem with the early ones.  You might think your SDD is better, but what about a USB "thumbdrive"?  What sort of memory does that have, and yet they were recommended for the secure storage of passwords at one time.  More importantly however is his assumption that 4GB of data a day is a safe estimate.  I am not sure about that.  Windows swapfile, pagefile and hiberfil can require substantial amounts of data to be written and read.  Lets be realistic though and say that for most computer use, SSDs are reliable enough these days as users are not reporting lots of failures like they were when they were first introduced.  Keep your OS on an SSD and data on a HDD and that is pretty safe.  That is why so many better computers still come with one drive of each type.

So thank you for trying, I appreciate the help, but I am still not sure if CC can only try to overwrite data like it does with a HDD, or whether it can now fill up an SSD with garbage files, before then deleting them all.  Either way now though, I think it is probably wise to just assume that there will always be the potential for sensitive data to be on an SSD.

Edited October 29, 2019 by Hacked Off

[Andavari]

2 hours ago, Hacked Off said:

There is much confusion over MTBF and its meaning(s)

I don't pay any attention to that and instead I'm more interested in TBW (terabytes written) that an SSD manufacturer claims. For most end-users a 5 year warranted 1TB SSD with a 500 TBW they won't come close to wearing out, and by the time that 5 years is up on the warranty the SSD would be obsolete -  kind of like how SATA SSDs seem like a no-go with affordable NVMe SSDs that can be similarly priced

 

2 hours ago, Hacked Off said:

what about a USB "thumbdrive"?  What sort of memory does that have

USB Flash Drives have NAND Flash in them too according to drive manufacturers, typically the slow variety.

[Augeas]

It would be better for both brevity and comprehension if if HDDs were left out of this thread, as the title refers to SSDs.

I said that CC will fill the disk, not write and delete files one by one. However, as described in detail in the link, zero-byte pages are maped to a default zero-byte page, the SSD doesn't write millions of zero-filled pages. Writing random data certainly will fill the addressable pages on the disk, and deleting them will return to the default zero-filled page mapping, just as you were if you hadn't bothered to do all that in the first place.

The MFT is a file just like all the others. It has no special longevity attributes and is unknown by the SSD controller. If Drive Wiper is used then the MFT is wiped as you require. It is not made larger, or for that matter made smaller, in this process.

It is not possible to access deleted pages nor the overprovisioning pages on an SSD using non-specialist software running under Windows (and I don't know of any specialist s/w either). If the chips are read in a lab the data is almost certainly encrypted or striped across blocks, and there is no link from one page of a file to another.

No financial business or organization that might have sensitive data would use a free utility with no authentication or verification for disk sanitisation, and CC, despite what some of its marketing might claim, isn't intended for that purpose.

The SSD life section is a little tongue in cheek. Of course some electronic devices will fail immediately, some will last seemingly forever. An approximation of the life of NAND flash can be made, and it is a very long time. .I have a 512 mb flash drive dating back to 2006 that has been thrashed unmercifully, and it's still good, if semi-retired now.

[Hacked Off]

Oh dear, still some confusion I see...

I understand what you say about the drive waiting to write, and when all the files are deleted, it simply does not write them to the SSD (Actually your explanation is admirably clear, I wish others could explain that bit as well as you did).  What I was thinking about was if CC could issue a "flush to disc" type command, like a removable drive perhaps?  So everything would be written to the device, before anything got deleted, when again the drive would need to be updated.

Of course the MFT has no special longevity about it (are you misinterpreting on purpose?).  You were the one saying it would thrash the MFT to write like that, I was simply pointing out that it had to deal with things similar during normal use, so it has to be robust enough.  I never said it was made of special memory or anysuch.

As for the usable life of the drive, I really do not think it is so clear cut.  Yes, a good drive will probably last now as long as a HDD, but how do you know what actual memory chips have been used in a device?  Perhaps I should make it clear that I spent a long time in the electronics industry.  Perhaps I am assuming that things that are obvious to me, might not be to others?  But one of the banes are fake chips.  They are frustratingly common.  Sometimes not as much memory as they should be, but more commonly and much, much more insidiously are out-of-spec chips.  These usually get too hot or stop working long before they should do.  This is quite sophisticated, they regrind the surface of the package and reprint them.  So just because something is NAND, does not mean it shares the same life expectancy.  Even different manufacturers have quoted different figures in the past, and these are for fully in-spec chips.  So for thumbdrives and memory cards for example, who knows what is inside?  Some cheap and/or fake USB thumbdrives, or memory cards may even use "pulls" from old and/or faulty boards.  Look, don't take my word for it, go read the 1 star reviews on Amazon for memory cards by respectable manufacturers and you will see that even they sometimes get a batch of reports of "bad" products and a lot of unfair and unwarrented criticism.  I do not believe such good manufacturers produce such poor products suddenly.  To me it is a sign of fakes getting sold as their products most likely - unless you think they are that bad at making memory products?

Here we go again!  I NEVER SAID financial organizations would use CC, they might use some sort of low-level S/W.  Think of it this way.  The overprovisioning memory needs to be reallocated to the main drive as is needed - That is what it is for.  So it can be reallocated dynamically, it is there for just such eventualities after all.  CC is a very flexible cleaner, but it is NOT sanitizing software by any means, nor does it try to be.  It is not even the "best" cleaner, but I do trust it.  The ones that clean more are too aggressive and can break your S/W, especially registry cleaners/compactors.  This is why I prefer CC

CC is not free S/W either, they do have paid versions (as you must surely know?)  I was unsure if any/all might be able to access such areas on SSDs.  Just as in HDDs, it is specialist S?W though and so I was not sure if any of the versions of CC incorporated it.  Maybe I am just seeing ways to make CC work with SSDs, that others have not considered.

Edited October 30, 2019 by Hacked Off
making things cleaerer I hope

[Augeas]

 

1 hour ago, Hacked Off said:

Oh dear, still some confusion I see...

I am not confused.

1 hour ago, Hacked Off said:

I understand what you say about the drive waiting to write, and when all the files are deleted, it simply does not write them to the SSD (Actually your explanation is admirably clear, I wish others could explain that bit as well as you did).  What I was thinking about was if CC could issue a "flush to disc" type command, like a removable drive perhaps?  So everything would be written to the device, before anything got deleted, when again the drive would need to be updated.

Thank you for your compliments, who knows whether CC commits to disk? I would say that it does.

1 hour ago, Hacked Off said:

Of course the MFT has no special longevity about it (are you misinterpreting on purpose?).  You were the one saying it would thrash the MFT to write like that, I was simply pointing out that it had to deal with things similar during normal use, so it has to be robust enough.  I never said it was made of special memory or anysuch.

Misinterpreting on purpose?

On 29/10/2019 at 10:30, Hacked Off said:

one has (to) assume that the SSDs were built with many writes to the MFT (and so considerable redundancy) in mind.  Since it does not matter whether the data is CC garbage files, or user files.  The MFT has to be robust enough to cope with user data.

The phrase 'SSds were built with many writes to the MFT in mind' certainly implies some constructional abilities. It's actually nonsense, as it's NAND flash that holds the MFT (and all other files) and is either robust or not. On reflection I think you may mean robust in a software sense, and that is entirely down to the file system, in this case NTFS. The SSD knows nothing of the MFT and just doesn't come into it.

1 hour ago, Hacked Off said:

As for the usable life of the drive...

I'm not going to get drawn into this discussion, and your strawman arguments about fake chips. SSDs last a long time, and that's that.

1 hour ago, Hacked Off said:

Here we go again!  I NEVER SAID financial organizations would use CC, they might use some sort of low-level S/W.

True, you didn't. But this thread is entitled Using CCleaner on SSDs, and it's in a CC forum on a Piriform Bulletin Board, so one might be forgiven for thinking such.

1 hour ago, Hacked Off said:

The overprovisioning memory needs to be reallocated to the main drive as is needed

...

I was unsure if any/all might be able to access such areas on SSDs.  Just as in HDDs, it is specialist S?W though and so I was not sure if any of the versions of CC incorporated it.  Maybe I am just seeing ways to make CC work with SSDs, that others have not considered.

You may not believe what I say, but it is frustrating repeating myself.

10 hours ago, Augeas said:

It is not possible to access deleted pages nor the overprovisioning pages on an SSD using non-specialist software running under Windows (and I don't know of any specialist s/w either). If the chips are read in a lab the data is almost certainly encrypted or striped across blocks, and there is no link from one page of a file to another.

I would suggest that you re-read this thread and perhaps also re-read some of the relevant passages in the previous link (it can be heavy going to tackle all at once). SSDs are far more complex, and different, than many users realise.

 

[Andavari]

On 30/10/2019 at 06:23, Augeas said:

 

SSDs are far more complex, and different, than many users realise.

 

Indeed. They're like little computers themselves. And the recommended variety that have DRAM if without faults will last longer than the commodity drives that don't have DRAM.

-------------

As for figuring out what type of NAND flash is inside a particular SSD use a freeware tool like SSD-Z or SSD-Z Portable where if possible lists the Controller manufacturer and NAND manufacturer.