Why You Can’t “Securely Delete” a File, and What to Do Instead

Hard Disk Drive Data Erase Metaphor

Some utilities have a “secure delete” option that promises to securely erase a file from your hard drive, removing all traces of it. Older versions of Mac OS X have a “Secure Empty Trash” option that tries to do something similar. Apple removed this feature recently because it just doesn’t work reliably on modern drives.

The problem with “secure delete” and “secure empty trash” is that it provides a false sense of security. Rather than relying on these sorts of bandaid file-deletion solutions, you should rely on full-disk encryption. On a fully encrypted disk, both deleted and undeleted files are protected.

Why “Secure Delete” Options Were Created

Traditionally, deleting a file from a mechanical hard drive didn’t actually delete that file’s contents. The operating system would mark the file as deleted, and the data would eventually be overwritten. But that file’s data was still sitting on the hard drive, and file-recovery tools could scan a hard disk for deleted files and recover them. This is still possible on USB flash drives and SD cards, too.

If you have sensitive data — for example, business documents, financial information, or your tax returns — you might worry about someone recovering them from a hard drive or removable storage device.

How Secure File Deletion Tools Work

“Secure delete” utilities attempt to solve this problem by not just deleting a file, but overwriting the data with either zeros or random data. This should, the theory goes, make it impossible for someone to recover the deleted file.

This is sort of like wiping a drive. But, when you wipe a drive, the enter drive is overwritten with junk data. When you securely delete a file, the tool attempts to overwrite only that file’s current location with junk data.

Tools like this are available all over the place. The popular CCleaner utility contains a “secure delete” option. Microsoft offers an “sdelete” command for download as part of the SysInternals suite of utilities. Older versions of Mac OS X offered “Secure Empty Trash”, and Mac OS X still offers an included “srm” command for securely deleting files.

Why They Don’t Work Reliably

The first problem with these tools is that they’ll only attempt to overwrite the file in its current location. The operating system may have made backup copies of this file in a number of different places. You may “securely delete” a financial document, but older versions of it may still be stored on disk as part of your operating system’s previous versions feature or other caches.

But, let’s say you can solve that problem. It’s possible. Unfortunately, there’s a bigger problem with modern drives.

With modern solid-state drives, the drive’s firmware scatters a file’s data across the drive. Deleting a file will result in a “TRIM” command being sent, and the SSD may eventually remove the data during garbage collection. A secure delete tool can tell an SSD to overwrite a file with junk data, but the SSD controls where that junk data is written to. The file will appear to be deleted, but its data may still be lurking around somewhere on the drive. Secure delete tools just don’t work reliably with solid-state drives. (The conventional wisdom is that, with TRIM enabled, the SSD will automatically delete its data when you delete the file. This isn’t necessarily true, and it’s more complicated than that.)

Even modern mechanical drives aren’t guaranteed to work properly with secure file deletion tools thanks to file-caching technology. Drives try to be “smart”, and there’s not always a way to ensure all bits of a file were overwritten instead of being scattered over the drive.

You shouldn’t try to “securely delete” a file. If you have sensitive data you want to protect, there’s no guarantee it will be erased and made unrecoverable.

What to Do Instead

Rather than using secure-file-deletion tools, you should just enable file-drive encryption. Windows 10 has Device Encryption enabled on many new PCs, and Professional versions of Windows also offer BitLocker. Mac OS X offers FileVault encryption, Linux offers similar encryption tools, and Chrome OS is encrypted by default.

When you use full-drive encryption, you don’t have to worry about someone getting access to your drive and scanning it for deleted files. They won’t have the encryption key, so even the bits of deleted files will be incomprehensible to them. Even if bits of the deleted files are left on the drive, they’ll be encrypted and just look like random nonsense unless someone has the encryption key.

Even if you have an unencrypted drive that contains sensitive files you want to get rid of, and you’re about to dispose of the drive, you’re better off wiping the entire drive rather than attempting to wipe just the sensitive files. If it’s very sensitive, you’re better off destroying the drive entirely.

As long as you use encryption, your files should be protected. Assuming your computer is powered down and the attacker doesn’t know your encryption key, they won’t be able to access your files — including the deleted ones. If you have sensitive data, just encrypt your drive and delete files normally rather than attempting to rely on secure-deletion tools. They might work in some cases, but can often offer a false sense of security. Secure file deletion just doesn’t work reliably with modern hard drives.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 11/28/15
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!