When you stop and think about it, your home computer holds a lot of information about you — credit card numbers, bank account details, passwords, medical information, websites you've visited and those deep, dark secrets you share with your best friend via email.
There naturally comes a time when you're ready for an upgrade, whether it be a bigger hard drive or an entirely new PC. But what should you do with the old one? And what about the information on it? You need to remove this information whether you donate it, sell it or trash it.
Imagine your hard drive — including all of your personal information — falling into the wrong hands. That's what could happen if you don't do a little damage control before you dispose of your hard drive.
Why "delete" isn't enough
Many people think that clearing their history, deleting files and cookies, and emptying their computer's recycle bin is enough. Not so, according to IT specialist Tony Lum. He says that's like removing the table of contents in a book. The chapters (or your files, in this case) are still there, they're just harder to find.
What you've actually done is remove a particular file from the disk's index. The file itself still exists on your hard disk. For the average person it's harder to recover, but an experienced programmer (or hacker) could easily locate the file. Previous or temporary versions of the file might also be saved under different names.
You need to go one step further and overwrite your data. Lum recommends you back up everything you want to keep on your hard drive and then run hard-drive wiping software, which will overwrite your information with random ones and zeros. He also recommends you use a program that overwrites your data more than once. The more it's overwritten, the harder it is to recover.
Select software to wipe your hard drive clean
Is it impossible to retrieve your information afterward? Not 100 percent, but Lum says that unless the CIA is after you, you should be in the clear after using one of these disk-erasing tools that are available for download online:
- Active@ KillDisk: This free hard-drive eraser overwrites data using zeros. You can upgrade to the professional version that conforms to the U.S. Department of Defense (DOD) standards.
- Softpedia/DP Wiper: IT consultant Daniel Gresser recommends freeware programs from Softpedia, like DP Wiper, which overwrites in from one to 35 passes and has DOD-compliant wiping.
- WipeDrive: WipeDrive overwrites your data as many times as you like and runs a verification test.
"Always keep a record of where all important files are stored," says Gresser, who recommends deleting each file by dropping it into DP Wiper and selecting the kind of wipe required. Unless you take the hard drive out and keep it, to get a PC ready for sale, Gresser suggests that PC users delete the following using DP Wiper or a similar program:
- Everything in the My Documents folder.
- All temporary Internet files.
- All cookies.
- All files relating to personal and financial matters that may have been stored in folders other than My Documents.
- All email: Outlook Express users need to search for and delete .dbx files; Windows Mail users need to search for and delete .eml files; and Microsoft Office Outlook users need to search for and delete .pst files. This will send them to the recycle bin for secure deletion. Also, remember to remove all email account settings and passwords.
Reinstall your operating system to overwrite files
Your operating system's installation CD should allow you to simultaneously reinstall and clear your hard drive. Lum says this should be enough to prevent the average person from obtaining personal information from your hard drive. However, he says he's managed to salvage data from computers using third-party software even after an operating system was reinstalled.
Protect information on your work computer
You'll also want to think about personal information on your work computer when it's time to move on to a new job. You can't wipe the hard drive since the computer isn't your property, but you can make it somewhat harder to find sensitive information by deleting personal emails, clearing your web browser's cache and history, deleting any personal files on your hard drive, and emptying your trash or recycle bin.
Playing it safe
Still concerned? Don't dispose of your hard drive. "The bottom line is, if you're really concerned about identity theft, then don't give away your hard drive," says Lum.
Gresser also recommends taking some preventative measures when you set up your new computer. "One thing people can do to make disposing of PCs with sensitive data easier down the road is to encrypt their data as soon as they get a new PC or hard disk," he says. "If strong encryption is used, then you can format the drive and dispose of it with the computer. Someone who wanted to retrieve the data would first have to undelete the data and then try to break the encryption, which is not going to happen." He suggests using BestCrypt from Jetico to encrypt your documents.