Securely wiping hard disks using Windows

Posted on By Mark Wilson
This content is 15 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

My blog posts might be a bit sporadic over the next couple of weeks – I’m trying to squeeze the proverbial quart into a pint pot (in terms of my available time) and am cramming like crazy to get ready for my MCSE to MCITP upgrade exams.

I’m combining this Windows Server 2008 exam cramming with a review of John Savill’s Complete Guide to Windows Server 2008 and I hope to publish my review of that book soon afterwards.

One of the tips I picked up from the book this morning as I tried to learn as much as I could about Bitlocker drive encryption in an hour, was John’s tip for securely wiping hard drives using a couple of Windows commands:

format driveletter: /fs:ntfs /x

will force a dismount if required and reformat the drive, using NTFS.

cipher /w:driveletter:

will remove all data from the unused disk space on the chosen drive.

I don’t know how this compares with third party products that might be used for this function but I certainly thought it was a useful thing to know. This is not new to Windows Server 2008 either – it’s certainly available as far back as Windows XP and possibly further.

For more tips like this, check out the NTFAQ or John’s site at Savilltech.com.

How Microsoft and RSA plan to protect our sensitive data

Posted on By Mark Wilson
This content is 15 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Mention Microsoft and security in the same sentence and most people will scoff but these day’s it really a bit unfair… Windows security has come a long way (it still has a way to go too) but nevertheless, many of the customers that I deal with run third party solutions (often at great cost) rather than trust their data security to Microsoft.

Then there’s digital rights management (DRM) – we hear a lot about how DRM is applied to music and video downloads but little about the real practical use of this technology – making sure that only those who are entitled to see a particular item of data (for example medical records or financial details) are able to access it.  Microsoft has rights management services built into Windows as one of the many identity and access solutions but it seems to me that very few organisations use this capability.  Perhaps a few of the frequent and high profile Government data security mishaps would be mitigated if DRM was applied to their data…

Today, Microsoft and RSA – a well-respected security company, now absorbed into EMC – announced an expansion of their technology partnership.  Under the terms of this partnership, Microsoft will license the RSA Data Loss Prevention (DLP) classification engine in order to trigger policy-based controls over information.

Tom Corn, Vice President of Product Management and Marketing for RSA’s Data Security Group, explained that organisations have a requirement to share information without limiting accessibility – striking a balance between security and accessibility.  Slating existing point products as costly, complex and not addressing the problem he explained how:

  1. Protection is an end-to-end problem and the data moves around – existing products only acts at certain points in the data exchange.
  2. Infrastructure components lack visibility of the data sensitivity – context is required to classify data and take appropriate actions.
  3. Existing tools and controls lack identity awareness, making it difficult to tie protection to identity.
  4. Management – security policies often exist as binders on shelves and may be written by different groups within an organisation (e.g. security, or operations) leading to a disconnected approach.  All too often the management policies are infrastructure-centric (e.g. laptop security policy, Internet security policy) rather than information-centric (e.g. credit card data storage policy).

Meanwhile, John (JG) Chirapurath, Director of Identity and Security at Microsoft spoke about how Microsoft is licensing DLP to build it into products such as Exchange Server and Office SharePoint Server to provide content awareness, then providing identity awareness through components such as Active Directory Rights Management Services (AD RMS) to allow collaboration (which relies on knowledge of identity) whilst protecting intellectual property.  By “building in” and not “bolting on”, Microsoft believes that it can provide an end-to-end solution, supported with centralised management for information-centric policies for usage, protection and access.

Under the terms of the agreement, RSA will launch DLP v6.5 later this month with full integration to AD RMS and, as new versions of products come to market eventually the entire infrastructure will make use of the DLP technology.  Customers are able to protect their investment as the core engine and policy formats exist today and, as the core DLP technologies are adopted into the Microsoft platform, RSA will continue to develop complimentary products (e.g. advanced management consoles).

Microsoft were unwilling to disclose any further details of their roadmap for integrating the DLP product into their products but did comment that the claims-based identity platform codenamed Geneva (formerly Zermatt) is a key part of Microsoft’s identity strategy and that there would be clear advantages in using Windows CardSpace to unlock business to consumer (B2C) scenarios for data exchange.  There was also a hint that management would be possible from RSA’s products and from the Forefront integrated security system product (codenamed Stirling).

All in all, this is a positive step on the part of Microsoft and EMC/RSA.  What remains to be seen is how willing business and Government customers are to invest in protecting their data.  Right now we have a business problem and a technology solution but it seems to me there is an apparent lack of desire to implement the technology and supporting processes.  Let’s hope that by integrating technologies like DLP into the core IT infrastructure, our personal details can remain confidential as we increasingly collaborate online.

Windows Vista and Server 2008 SP2 is opened up to the public, target release date announced

Posted on By Mark Wilson
This content is 15 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

After the storm of announcements from Microsoft at PDC, WinHEC and TechEd EMEA it’s been a quiet few weeks but, for those who haven’t seen, Microsoft announced that the Windows Vista and Server 2008 Service Pack 2 beta will be opened up to a wider audience, starting with TechNet and MSDN subscribers at 14:00 tomorrow (I guess that’s Redmond time, so 22:00 here in the UK) and then via a broader customer preview programme (CPP) on Thursday (4 December).

This release is intended for technology enthusiasts, developers, and administrators who would like to test SP2 in their environments and with their applications prior to final release and, for most customers, Microsoft’s advice is to wait until the final release prior to installing this update.

Full details of the changes in the SP2 beta may be found in Microsoft’s Windows Server TechCenter.

Microsoft also announced the date that they are aiming for (not a firm commitment) – SP2 should be expected in the first half of 2009.

NetBooks, solid state drives and file systems

Posted on By Mark Wilson
This content is 15 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Yesterday, I wrote about the new NetBook PC that I’ve ordered (a Lenovo IdeaPad S10). In that post I mentioned that I had some concerns about running Windows 7 on a PC with a solid state drive (SSD) and I wanted to clarify something: it’s not that Windows 7 (or any other version of Windows) is inherently bad on SSD, it’s just that there are considerations to take into account when making sure that you get the most out of a solid state drive.

Reading around various forums it’s apparent that SSDs vary tremendously in quality and performance. As a consequence, buying a cheap NetBook with a Linux distro on it and upgrading the SSD to a larger device (the Linux models generally ship with lower capacity SSDs than their more expensive Windows XP brethren) is not necessarily straightforward. Then there’s the issue of form factor – not all SSDs use the same size board.

Another commonly reported issue is that NTFS performance on an SSD is terrible and that FAT32 should be used instead. That rings alarm bells with me because FAT32: does not include any file-level access control lists; has a maximum file size of 4GB (so no good for storing DVD ISOs – not that you’ll get many of those on the current generation of SSDs – anyway, most NetBooks do not ship with an optical drive).

The reason for poor NTFS performance on SSDs may be found in a slide deck from the 2008 Windows Hardware Engineering Conference (WinHEC), where Frank Shu, a Senior Program Manager at Microsoft, highlights:

  • The alignment of NTFS partition to SSD geometry is important for SSD performance in [Windows]
    • The first Windows XP partition starts at sector #63; the middle of [an] SSD page.
    • [A] misaligned partition can degrade [the] device’s performance […] to 50% caused by read-modify-write.

It sounds to me as if those who are experiencing poor performance on otherwise good SSDs (whilst SSDs come in a smaller package, are resistant to shocks and vibration, use less power and generate less heat than mechanical hard drives SSD life and performance varies wildly) may have an issue with the partition alignment on their drives. Windows 7 implements some technologies to make best use of SSD technology (read more about how Windows 7 will, and won’t, work better with SSDs in Eric Lai’s article on the subject).

In addition, at the 2007 WinHEC, Frank Shu presented three common issues with SSDs:

  • Longer setup time for command execution.
  • SSD write performance.
  • Limited write cycles for NAND flash memory (100,000 write cycles for single layer cell devices and 10,000 write cycles for multi layer cell devices).

(He also mentioned cost – although this is dropping as SSDs become more prevalent in NetBooks and other PC devices aimed at highly-mobile users).

In short, SSD technology is still very new and there are a lot of factors to consider (I’ve just scraped the surface here). I’m sure that in the coming years I’ll be putting SSDs in my PCs but, as things stand at the end of 2008, it’s a little too soon to make that jump – even for a geek like me.

Incidentally, Frank Shu’s slide decks on Solid State Drives – Next Generation Storage (WinHEC 2007: WNS-T432) and Windows 7 Enhancements for Solid-State Drives (WinHEC 2008: COR-T558) are both available on the ‘net and worth a look for anyone considering running Windows on a system with an SSD installed.

Why Lenovo’s S10 seemed like a good idea(pad) to me

Posted on By Mark Wilson
This content is 15 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

I try to keep my work and home life on different computers. It doesn’t always work, but that’s the idea anyway. The problem I find is that, every time I’m away from home (which is when I get most of my blogging done), I find myself carrying around two laptops and, even without any peripherals (power adapters, etc.), that’s 4.5kg of luggage. Any sensible person would use an external hard disk for one of the workloads but… there you go…

Lenovo IdeaPad S10I’ve been watching developments with small form-factor PCs (so called “NetBooks”) for a while now and over the weekend I took the plunge. Tomorrow morning I’m expecting a delivery of a Lenovo IdeaPad S10 to slip in my bag alongside the Fujitsu-Siemens S7210 that I use for work.

So why did I choose the Lenovo?

  • In terms of build quality, my IBM ThinkPad is by far and away the best notebook PC I’ve ever had (better than the various Toshiba, Compaq, Dell and Fujitsu-Siemens units I’ve used – and certainly better than my Apple MacBook) – I’m hoping that Lenovo have continued that quality as they’ve taken on the former IBM PC business (the reviews I’ve read certainly indicate that they have).
  • I want to use this NetBook with Windows 7 – and I know it can work (this is the model that Steven Sinofsky showed in a keynote at Microsoft’s 2008 Professional Developers Conference).
  • I was impressed with Windows 7 running on Paul Foster’s Acer Aspire One, but the keyboard is just too small for my fat fingers.
  • The Lenovo S10 has a PC Express Card slot (so it should work with my Vodafone 3G card – and yes, I know I can get a USB version but I’d need to convince my employers of the need for an upgrade, which would not be an easy sell when they give me a perfectly good laptop with a PC Express Card slot to use…).
  • I also seriously considered the Dell Mini 9 (especially when they mis-priced it on their website for £99 last week – incidentally, the resulting orders were not fulfilled) but I’m not convinced that using a pre-release operating system on a solid state hard drive is really a good idea – I could easily kill the drive within a few months. Meanwhile, the Lenovo has a traditional 160GB hard disk and the 10.2″ screen (rather than 9″) translates into more space for a larger keyboard without noticeably increasing the size of the computer (for those who still want a 9″ model, Lenovo have announced an S9 but I’ve seen no sign of it in the UK yet). Another option that I discounted was the Samsung NC10 – which has a better battery and one more USB port but no PC Express Card slot.
  • The equivalent Asus and Acer models may be less expensive but the big names (IBM, Dell, HP as well as Samsung and Toshiba) are all reducing their prices – and by waiting for the reduction in the UK’s VAT rate to take effect the price was £292.25 for the S10 at eBuyer with free shipping (although I paid another tenner for next-day delivery).

I’m sure my sons will be amused when yet another computer appears on my desk (my wife may be slightly less so…) but I’m thinking of this as an early Christmas present to myself…

Further reading

Here are some of the posts that I found useful before deciding to buy this PC: