Do file Shredders work on SSD's?

I have an SSD in my m11x. Does the file shredder from CCleaner with 7 or 34 passes securely wipe files from Windows 7?

 

No. SSDs have another layer of indirection on them, and all that will end up doing is wearing out your SSD.

On the plus side, the garbage collection/TRIM of modern SSDs will generally end up effectively shredding those files

 

As pitabred said... running those programs will possibly lower the lifespan of your SSD.

 

That is good to know. However if you did have sensitive information on your computer such as medical records what would be the best way to resell a PC that had this on it?

Or would the best way to do it is just destroy the SSD?

 

Uh, I'd suggest simply deleting the file. After using the drive for a bit everything deleted will be pretty much unrecoverable.

 

Isn't TRIM suppose to manage the SSD in a way that data gets eliminated very fast and efficiently without using traditional hard drive shredder methods?

 

due to wear leveling and over-provisionning the only way to secure erase your ssd is a low level erase of your whole ssd and a reinstall of your data
in short, back up your drive, erase it then reinstall
another solution is to encrypt your drive

 

Depending on the model of the SSD, something like the following might be worth a shot:
Guide Secure Erase With bootable CD/USB Linux.. Point and Click Method

 

Would I lose much performance by having window 7 encrypt the drive? Or would trucrypt be a better option?

 

up to 7% or not much more depending on your cryptographic power choice. You should rather go for truecrypt as bitlocker has already been bypassed and is much more attacked than truecrypt like most programs coming with windows

 

I've heard truecrypt has a larger performance hit. How has bitlocker been bypassed?

 

just google it, you can find several ways
here are a few:
First Commercial Tool to Bypass BitLocker Released - Techgage
Images: How to bypass FileVault, BitLocker security | TechRepublic
I didn't noticed a big drop in perf with truecrypt myself but it doesn't mean it won't

 

I would recommend picking one of these:

Hard Disk Shredders | Hard Drive Shredders | E-Scrap Shredders | E-Waste Shredders |E-Scrap Metal Recycling | Computer Recycling

Good quality, and should have no issues getting the job done.

 

I suppose that will shred your files, but it's overkill for what the OP was asking for.

 

I have a private practice and just need to keep files secured. I use my iPad when I'm with a client, mobile, and have a software program which is made more medical use that keeps files encrypted and the backup is encrypted on my computer (dr Chrono). Files are sent to be printed and I access the files, pictures, videos on the windows 7 computer. That's my current setup that I'm using. I'm still switching over from the filing cabinet though. Thankfully I'm new to the field and don't have hundreds of paper files yet!

 

No. In addition to the fact that the operating system can't be sure that it actually knows a particular file is located on an SSD, and thus software running on the operating system can't know how to shred files, SSDs typically have a so-called "spare area" of flash memory that is inaccessible to the user. This spare area is being used for management purposes such as wear leveling and may contain files that had already been deleted. Even if you completely overwrite your SSD, old files may persist in the spare area, which would be accessible by taking apart the SSD, reading out the NAND chips and potentially reconstructing files (though reconstruction may not be necessary for some files). (There are some additional considerations, such as potential data that has been stored in blocks which have since been marked as "bad" and thus wouldn't get overwritten.)

Normally, there's the ATA Secure Erase command that can be sent to an HDD or SSD, which will then securely erase its contents (including the spare area on SSDs). However, currently the implementation of secure erase is flawed on many of those SSDs that support it.


-----

The techniques used to bypass BitLocker that are being used in the reports you linked to all derive from the same base problem, which is inherent to the design of low-level encryption software and also can be used to bypass TrueCrypt.

This problem is that the information that is needed to decrypt the drive on-the-fly is stored in RAM.

Unlike many people believe, the RAM won't be erased instantly as soon as you turn off a system, but rather the data will persist, typically for some seconds to minutes. Thus, the following attacks (there may be more) become possible:

• An attacker could plug in a USB stick, so when you restart the computer it may (depending on its configuration) boot from the stick and into a system which could dump the contents of the RAM to the stick and then restart the computer. By breaking into your system via other vulnerabilities later and reading the stick out via software (which would mean that the attacker already got access at that point), or by retrieving the USB stick, the attacker could get the information needed to decrypt the disk.
• An attacker could steal your system while it is running, open it up and literally freeze the RAM (which would increase the time span in which the data persists). By taking out the RAM modules and putting them into a system that would dump the RAM contents on boot, the attacker could get the information needed to decrypt the disk.

Furthermore, the contents of the RAM can be read and modified via some ports such as Firewire, Cardbus, PCMCIA and ExpressCard while the system is running, so:

• An attacker could connect to your system via Firewire, Cardbus, PCMCIA or ExpressCard to read out the RAM contents. Thereby, the attacker could compromise the system and/or get the information needed to decrypt the disk.

-----

In conclusion, there currently is no generally reliable way to erase SSDs. If you are storing really sensitive data on your SSD, you should physically destroy the disk if you don't need it any longer. Also, if possible you should put the sensitive information on a system that has no access to the internet and update the system manually. Furthermore, encrypting the disk(s) of that system is a very good idea because the system might get stolen, which is probably the biggest risk of all in your case.

 

Stolen data would probably be the largest risk. I do of course follow all HIPAA guidelines which doesn't even include encryption, but I'd rather not take the risk to my clients or have a civil suit brought upon me.

It sounds like I will encrypt the drive with trucrypt, but destroy the SSD before selling/disposing of the computer. I do have the original HDD that came with it and could easily just swap it out.

 

Does anyone know if this problem can be fixed in the future? I can't imagine I am the only person concerned about this in this day of age.

 

What counts as sufficient implementation of data security measures is between you and your malpractice insurer. Chances are, your current methods are probably above and beyond the industry standard. Loss of sensitive data is more likely to occur as a result of leaving your office door unlocked than having data copied and decrypted off a drive you threw out.

To the best of my knowledge, the issue of data ghosts remaining after wipes has never really been entirely solved - hence, physical destruction by most financial and medical data IT security departments.