SafeDelete

What is SafeDelete?
SafeDelete is a Macintosh application designed to securely delete files from your disk. Why do you need SafeDelete when you've already got a Wastebasket? Simple, the Wastebasket simply tells MacOS that the space occupied by the file can now be overwritten, the actual data from the file is still sitting on your hard disk! Additionally, SafeDelete can securely erase the free space on your disk... where virtual memory may have written or old files may still lurk.

System Requirements.
To run SafeDelete, you will need a computer running MacOS 7 or above, with a 68000 processor or greater (including PowerPC). To take advantage of more advanced features you will need AppleScript installed on you computer.

How do I get hold of SafeDelete?
SafeDelete is available from the usual Macintosh software sources or alternatively you can retrieve the latest version from our FTP site by clicking here.

How much does it cost?
If you want to pay for using SafeDelete then you can use the Register application or online forms to make your payment (both services are provided via Kagi). If you don't want to pay for using SafeDelete then just live with your conscience: it's up to you (just don't expect me to pay any attention to you).

How does it work?
SafeDelete works by physically overwriting the space occupied by a file. The first overwrite involves writing zeroes to the file. The next six overwrites use the output from a cryptographically secure pseudorandom number generator (This is Colin Plumb's adaptation of MD5 to a block cipher in CFB mode with it initializing itself with new keys from the previous random pool - just like in PGP - with additional random data being add to the pool by looking at mouse position and processor load: if this is all nonsense to you I suggest you investigate some of the cryptography sites on the internet including our own at http://www.users.dircon.co.uk/~pathow/crypto.html).

SafeDelete also scambles the file's name, creator and file type, creation date, modification date and backup date seven times: the idea being to leave as little information for someone to work with as possible.

The idea of using seven overwrites comes from Bruce Scheiner in his book "Applied Cryptography".

Why do I need it?
There are times, when you don't want anyone to recover a file from your hard disk. The reasons are too numerous to mention, and it doesn't take a lot of imagination to think of some. The problem is that your Mac doesn't total erase the files on your hard disk when you trash them. Symantec and others have made a lot of money from file recovery tools, and if you can use them to recover one of your files then so can anyone with access to your hard disk.

An Example.
One company was upgrading their computers and the personel manager's Mac fell into the hands of some employee's. Although sensitive files had been trashed, there was plenty of information to be found by using disk editors and file recovery tools!

Using SafeDelete in the previous example would have meant that the employee's could not have recovered anything. SafeDelete just writes random data over the top of the files then marks the file space as empty.

The same company saw the error of their ways and got SafeDelete, but didn't read this file: again the personel manager's Mac was upgraded and given to the employee's, safe in the knowledge that all the files had been securely erase using SafeDelete. Unfortunately, the personel manager had virtual memory switched on and had been writing a memo about a rival company that was short of employee's, but paid better than his. Again, after a little bit of use of file recovery and disk editors the employee's discovered this information and all left for the rival. The moral of the story is that at periodic interval you should turn virtual memory off and use SafeDelete's "Clean Disk" option to erase all the free space on your hard disk.

What do you mean by cryptographically secure pseudorandom number generator?
The best thing I can do to explain this is to quote from sci.crypt FAQs:

8.7. What does ``random'' mean in cryptography?
Cryptographic applications demand much more out of a pseudorandom number generator than most applications. For a source of bits to be cryptographically random, it must be computationally impossible to predict what the Nth random bit will be given complete knowledge of the algorithm or hardware generating the stream and the sequence of 0th through N-1st bits, for all N up to the lifetime of the source.
A software generator (also known as pseudo-random) has the function of expanding a truly random seed to a longer string of apparently random bits. This seed must be large enough not to be guessed by the opponent. Ideally, it should also be truly random (perhaps generated by a hardware random number source).
Those who have Sparcstation 1 workstations could, for example, generate random numbers using the audio input device as a source of entropy, by not connecting anything to it. For example,
cat /dev/audio | compress - >foo
gives a file of high entropy (not random but with much randomness in it). One can then encrypt that file using part of itself as a key, for example, to convert that seed entropy into a pseudo-random string.
When looking for hardware devices to provide this entropy, it is important really to measure the entropy rather than just assume that because it looks complicated to a human, it must be "random". For example, disk operation completion times sound like they might be unpredictable (to many people) but a spinning disk is much like a clock and its output completion times are relatively low in entropy.

How do other programmes compare with SafeDelete?
This is a break down of other applications which do the same sort of thing as SafeDelete:

Burn: Doesn't delete locked files. Doesn't delete folders. Allows variable patterns including random (cryptographically secure?).

Complete Delete: No information known.

Flame File: Standard is probably only one overwrite (docs state DoD is slower than its own standard), allows DoD standard.

MacPGP: Amazingly, this application only uses one overwrite with zeroes.

Norton Wipe Info: Default seems to be only one overwrite, but has option to use "Government Wipe", three overwrite passes.

Obliterate: Doesn't sound to convincing at all - it calls shredding overwriting with zero's!

Current Features.

Runs on both 68k and PowerPC;

AppleScriptable and Recordable;

Pre-encrypt with DES in CFB option;

Variable write block size;

Variable number of overwrites;

Deletion and Virtual Memory warnings option;

Deletes locked files and folders;

Locks application memory into real memory to avoid virtual memory paging memory to disk;

Not fooled by "Not Virtual!" system extension into believing virtual memory is not switched on.

Future Enhancements.

More user choice in settings;

Better handling of error conditions;

Application Integrity Checks (anti-virus);

Balloon and AppleGuide Help.

Legal Stuff.
This software contains copyrighted material, trade secrets and other proprietary material. In order to protect them, and except as permitted by applicable legislation, you may not decompile, reverse engineer, disassemble or otherwise reduce the software to a human-perceivable form. You may not modify, network, rent, lease, loan, distribute or create derivative works based upon the software in part or in whole. You may distribute the software and charge for reasonable expenses, you may not charge for the software itself.

Paul Thow expressly disclaim all other warranties, express or implied, including but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Paul Thow does not warrant that the functions contained in the software will meet your requirements, or that the operation of the software will be uniterrupted or error-free, or that defects in the software will be corrected, furthermore, Paul Thow does not warrant any representations regarding the use or the results of the use of the software or related documentation in terms of their correctness, accuracy, reliability, or otherwise. No oral or written information or advice given by Paul Thow or an authorized representative shall create a warranty or in any way increase the scope of this warranty. Should the software prove defective, you (and not Paul Thow or and authorized representative) assume the entire cost of all necessary servicing, repair or correction. Some jurisdications do not allow the exclusion of implied warranties, so the above exclusion may not apply to you.

Under no circumstances including negligence, shall Paul Thow be liable for any incidental, special or consequential damages that result from the use or inability to use the software or related documentation, even if Paul Thow or an authorized representative has been advised of the possibility of such damages. Some jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential damages so the above limitation may not apply to you. In no event shall Paul Thow's total liability to you for all damages, losses, and causes of action (whether in contract, tort (including negligence) or otherwise) exceed that portion of the amount paid by you is fairly attributable to the software.

How to Contact the Author.
You can contact me in any of the following ways:

Mail Address: Paul Thow (SafeDelete)
105c Longate
Peterhead, AB42 6JU
United Kingdom

Email: pathow@dircon.co.uk
pathow@kagi.com

Web: http://www.users.dircon.co.uk/~pathow/

FTP: ftp://ftp-thow:ftp-thow@ftp.dircon.co.uk/pub/

If you encounter any problem with any of the links on these pages or have any comments, please mail me.

Paul Thow

Mail Address:	Paul Thow (SafeDelete) 105c Longate Peterhead, AB42 6JU United Kingdom
Email:	pathow@dircon.co.uk pathow@kagi.com
Web:	http://www.users.dircon.co.uk/~pathow/
FTP:	ftp://ftp-thow:ftp-thow@ftp.dircon.co.uk/pub/