About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » ACP » SPX


Only one way.
The recovery of at least one or two layers of overwritten data isn't too hard to perform by reading the signal from the analog head electronics with a high-quality digital sampling oscilloscope, downloading the sampled waveform to a PC, and analysing it in software to recover the previously recorded signal. What the software does is generate an 'ideal' read signal and subtract it from what was actually read, leaving as the difference the remnant of the previous signal.
 - Dr Peter Gutmann PhD, University of Auckland

A web search for 'secure delete' turns up tens of thousands of snake oil products, each promising to delete your files with high-grade 'military' or 'NISPOM' or 'DOD' or 'NSA' shredding methods.

The effort these applications go through to dazzle you with their doodads is overwhelming. The effort they go through to do any work with your files is underwhelming.

Many of them leave you more vulnerable than you already were.

The market is ripe for paranoia, and for these products. And everyone wants to get in on the game. What's truly amazing is that none of them actually care what happens to you - their efforts to 'shred' your files are token at best - dangerous at worst.

There's Only One Way (But It's Hard)

The only way to securely delete with software is the 'Gutmann' method - but it's not easy: it demands at least 35 steps flushed to disk. Even the preliminaries of Gutmann shredding are more protection than the snake oil products give you - and at that point the Gutmann shred is barely starting.

The SPX engine was written in September-October 2000 because people on the PC side were getting ripped off. The state of affairs was deteriorating rapidly. New shredders outdid the older ones in stupidity.

One such product - by what net gurus have called 'the stupidest person on the planet' - actually restored the shredded files by mistake, but left them unlinked, so the user couldn't access them, but the spooks could. That became the final straw.

SPX was written up in the October 2000 hardcopy edition of Windows 2000 Magazine. It was the first 'real' shredder for Windows.

Now it's come to OS X where it's first again.

['SPX' is a contraction of 'ShredPerfect+', the name of a revision of the original product.]

SPX shredding is no half-baked 'NISPOM' or 'DOD' or 'NSA' or 'military grade' 'RAM' shred - those so-called methods are useless and easily defeated by modern recovery techniques. The SPX engine uses the only approved method for secure file deletion.

Gutmann shredding implies both four 'front end' and four 'back end' overwrites; a staggering 27 (twenty-seven) additional overwrites are performed in between. The exact nature and order of these overwrites is not known until runtime and is never revealed. After each overwrite, the data is forcibly written out of cache and to disk.

That's the essence of complete Gutmann shredding, but SPX goes farther.

Once the first 35 steps are completed, SPX forcibly overwrites your file one final time with 'zeroes' to make it all look like so many unused, freshly formatted disk sectors - and thus almost impossible for snoopers to know where to begin looking.

As a further weapon in defending your privacy, your file name is then changed to a random value, the file size is truncated to zero, and the file is unlinked from the file system.

And still SPX is not finished: just to rub the noses of the 'secure delete' snake oil salesmen in the mud, SPX now uses the 'approved NISPOM DOD NSA' shredding technique for what it was intended - RAM, computer memory - and shreds its own stack storage data area with a random character, its complement, and all zeroes. And then it rests. Finally.

The next time you read that a program uses 'military grade', 'NISPOM', 'DOD', or 'NSA' shredding, or will 'wipe your files with all zeroes and then all ones' - run for it. Stick with products you can trust. Use SPX - it's better than perfect.

SPX also comes in a command line 'tool' version meant to be integrated into CLIX; now you can 'script' your shredding operations so they're performed regularly with a single mouse click.

See Also
The Secure Delete Hoax

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.