Jan Werner wrote: > Don't know about Macs, but for PCs there are many programs that can be > booted from a CD that will allow you to wipe a hard drive to DOD and > other security standards. Among programs I use, both Acronis True > Image and Paragon Hard Disk Manager do this, and I'm sure there are > plenty of others for both Windows and Linux. > > So unless one is caching a copy of Osama Bin Laden's memoirs on their > hard drive and thinks the NSA may be on to them, I don't understand > why anyone would want to physically destroy a hard disk rather than > just wipe it securely and donate the whole computer to a good cause. > > Being a good guy and installing a clean copy of either Windows or > Linux on a wiped drive will just make it even harder for anyone to try > to recover anything from it, if such were even possible to begin with. I am all in favor of wiping and donating. In larger organizations it may not be practical to go through the labor and care required to properly assure that data has been wiped, and the security risks may be more substantial as well. I have been the recipient of several hand-me-down Sun servers from larger departments at UMass. They have all come to me without any hard drives. They have a policy of destroying the drives and then sending them to the UMass recycling center. In a way, this is good for me. The drives are the component that has experienced the most wear and are most likely to fail. By requiring me to buy new drives, I end up with hand-me-down servers that are likely to last longer without problems. I also end up with larger drives, since capacity has gone up exponentially (and price has gone down). I still end up with a total cost much less than 10% that of getting new servers. There has also been a campus policy of late that people are no longer allowed to scavenge computer equipment from the recycling center. This is a security policy based on the possibility that equipment might come through improperly sanitized, and someone might stumble on some sort of sensitive data. So security becomes a multi-stage process. The department is responsible for securing its data and not letting it get out, but the back door of the recycling center is being shut as well. I think each person/organization has to assess their own risks for data exposure and balance that against the costs, liabilities, and their own level of paranoia. For public institutions and organizations like hospitals and insurance companies, there are both federal and state laws regarding data exposure. Some organizations will blanch at that potential liability and set categorical policies that have no leeway. Smaller organizations and home businesses have more flexibility, but should still be sure to assess the risks and liabilities for their own environment. --------------- Chris Hoogendyk - O__ ---- Systems Administrator c/ /'_ --- Biology & Geology Departments (*) \(*) -- 140 Morrill Science Center ~~~~~~~~~~ - University of Massachusetts, Amherst <hoogendyk at bio.umass.edu> --------------- Erdös 4