How does this relate to the Windows 10 Preview?
That's not a very constructive reply; to be candid its quite odd. The feature is baked into Windows 10, so my query to you: Why
wouldn't it be relevant to Windows 10 Insider Preview?
The Windows reset is by no means a secure cleaning of the system. You will have to use a third party utility meeting DOD specs to accomplish a secure cleaning of any system, Windows or otherwise.
So, for sanity's sake we'll lay the cards out:
In Windows 10 under 'Settings' > 'Update & Security' > 'Recovery' exists a 'Reset this PC' option.
This option allows you to perform a reset at varying but specific levels:
- Keep my files - which "removes apps and settings, but keeps your personal files"
- Remove everything - which "removes all of your personal files, apps and settings.
When selecting the latter option, one is presented with two additional choices:
- Just remove my files - which "[..] is quicker, but less secure" and should be used "[..] if you're keeping the PC."
- Remove files and clean the drive - which "[..] might take a few hours, but will make it harder for someone to recover your removed files" and should be used "[..] if you're recycling the PC."
So, the question stands: If Microsoft is offering this as an option, and has since Windows 8, what does the latter option actually do?
- Does it do a clean all?
- Does it do a format /p n? If so, what is n?
- Does it 'detect' user data and try to write back 'random' data only to those blocks? (Perhaps leveraging something like sdelete? And if it is sdelete, how many passes?)
- Is it 'safe enough' that the above-average IT guy wouldn't be able to recover much of anything?
I don't expect that option to be bullet proof meaning impossible for:
- professional data recovery services to get anything
- some seasoned forensics team to recover the data
If one either has data of that caliber or is paranoid, and arguably rightfully so, then yes I would agree that a third-party utility, like the ones I already mentioned, would be the correct approach. (Of course your data would likely already be encrypted
to begin with so tossing the keys should be sufficient.)
But if that built-in option isn't safe or reliable to begin with, why is it included? To provide a false sense of security? Is the expectation that the machine is going from non-IT person to non-IT person and there's no concern if the recipient
trying to recover anything?
The query isn't a challenge on the feature, nor am I suggesting it provides DOD 5220.22M grade wipe functionality.
Just seeking a deeper understanding of what it does, how it works and when one, the average home user, who this feature is likely aimed at, might want to consider using something else.
Tuesday, May 26, 2015 12:08 AM