Serious Tools for Serious Situations
There are times when a very specific kind of security utility is needed. Perhaps your operating system, through negligence or stupidity (it happens to the best of us) becomes so hopelessly infected with viruses or malware that it won't even boot to allow you the opportunity to clean it, or you need to ensure all personal and private identifying data is removed before giving it to the Goodwill, or you accidentally deleted your daughter's piano recital from your cell phone's SD memory card, or your want to see if the passwords stored on your computer are really secure, or you need to dig out a rootkit that has corrupted your registry or file system API.
These tools are generally for more advanced users, but not always. Anyone could (and everyone should) make a rescue disk "just in case" the Dark Side of the Force visits your computer. Being able to securely delete files, folders and directories containing personal information or identity-specific data is a capability everyone should possess.
Take a look at the following and see if there isn't a serious tool in there for you. You just might be surprised.
AVG Rescue CD
The AVG Rescue CD is a last ditch measure to salvage an unbootable or desperately infected PC. It is a standalone set of tools that can be started from CD or USB flash drive. The whole CD or USB flash drive is alive CDwith Linuxoperating system and AVG preinstalled on it.
The AVG Rescue CD is two files you download -- an ISO file and RAR/ZIP archive. The ISO image can be used to burn a CD or DVD. The archive can be extracted onto a USB device (flash drive). Each is bootable and either can then be used to perform a rescue boot of your PC.
There are precise steps one must take to make the bootable CD (you cannot use the Windows resident CD burner to do this). You also must take precise steps to modify the startup process (either by designating on the fly the CD dive as a bootable drive or by intercepting and modifying the BIOS to designate the CD drive or USB flash drive as the bootable option. The web site below tells you exactly how to do this.
This is an insurance policy you'll probably never have to cash in, but it you ever need it you need to already have it handy and the instructions printed out for your use. We suggest you download the files and burn both a CD and USB flash drive, print out the instructions, and file the three items in a safe place but hope you never need them.
Systems: Any Windows system
There are a number of NT and higher disk defraggers, but while most files are defragmented on drives processed by these utilities, some files may not be. In addition, it is difficult to ensure that particular files that are frequently used are defragmented; they may remain fragmented for reasons that are specific to the defragmentation algorithms used by the defragging product that has been applied. Finally, even if all files have been defragmented, subsequent changes to critical files could cause them to become fragmented. Only by running an entire defrag operation can one hope that they might be defragmented again.
Contig is a single-file defragmenter that attempts to make files contiguous on disk. Its perfect for quickly optimizing files that are continuously becoming fragmented, or that you want to ensure are in as few fragments as possible.
Contigcan be used to defrag an existing file, or to create a new file of a specified size and name, optimizing its placement on disk. Contig uses standard Windows defragmentation APIs so it won't cause disk corruption, even if you terminate it while its running.
Systems: Windows XP and higher, Server 2003 and higher
DBAN (Darik's Boot and Nuke)
If you ever need to dispose of (sell, give away or throw out) your PC, you need to ensure all of your personal information is gone, totally. Anything less is begging for identity theft. The only way to be sure every bit of it is gone is to wipe the entire hard drive "forensically clean." DBAN is the answer.
DBAN downloads as an ISO file, which you then burn to a CD or DVD, insert in the media's drive, and reboot the machine (from the drive). It does the rest.
Besides having to later wipe a computer for disposal, DBAN is a perfect utility for bulk or emergency data destruction.
System: Any Windows system.
DiskDigger is a pretty nifty utility for digging up those files you accidentally deleted from your hard drive, those photos on your camera's SD memory card you reformatted, that old WordPerfect document you wiped from that floppy, or that audio file of your daughter playing her first piano recital you accidentally deleted from that memory stick.
This isn't an undelete utility, although it can certainly be used as one. This is for scanning file system (FAT12, FAT16, FAT32, exFAT, and NTFS) and the disk surface itself, well below the file system's domain. You can preview most of what DiskDigger finds without having to save it elsewhere, allowing you to choose what to save and what not to save. And if you ever wipe your hard drive and want to scan it, DiskDigger does everything from memory, meaning it will never plant itself on top of the stuff you might be trying to recover.
DiskDigger is a completely self-contained program. It leaves no trace of having been on the computer where it was run. It doesn't save any settings to the registry, nothing is “installed,” and the entire program is a single executable file. You can download it and burn it to a CD in case you ever need it.
DiskDigger is free, but becoming shareware. If you find a lost file and try to save it, it will ask you to buy a license key before saving, but if you just wait a minute or so, it will let you save it anyway.
Systems: Windows XP, Vista and 7
When you delete a file, it is not really removed from your hard drive; only the pointer to it is removed from the file system table. The file remains on the disk until another file overwrites it or the disk is defragmented or reformatted. Except when a disk is reformatted, it might still be possible to recover data overwritten. And before being overwritten, anyone with an undelete utility can easily retrieve "deleted" files.
There are several problems in secure file removal, mostly caused by the use of write cache, construction of the hard disk and the use of data encoding. These problems have been taken into consideration when Eraser was designed, and because of this intuitive design and a simple user interface, you can safely and easily erase private data from your hard drive.
Eraser wipes files, folders and their previously deleted counterparts, works with any drive that runs under Windows, and has an extremely customizable scheduler. It is able to wipe data using pseudo-random data (or data you specify), any number of times you wish from 1 to 35 times, and it is also able to erase the names of deleted files in the directories they were located.
Systems: Windows 98, ME, NT and 2000 with version 5.7; Windows XP, Server 2003, Vista, Server 2008, Server 2008 R2, and 7 with version 6.0.7
Modern web browsers automatically store usernames and passwords for many of the private web sites that you visit. This can, of course, be a very useful feature, but it can also be an open book to any unauthorized user, including malware. You just might want to know if your passwords are really secure.
IE PassView is a small password management utility that attempts to reveal the passwords stored by Internet Explorer Web browser (there is a version for Firefox), and it does this amazingly well. It allows you to delete passwords that you don't need anymore or don't want accessible by others. It supports all versions of Internet Explorer, from version 4.0 and up to 8.0.
IE PassView doesn't require any installation process or additional DLLs. In order to start using it, just copy the executable file (iepv.exe) to any folder and run it. After running iepv.exe, IE PassView scans all Internet Explorer passwords in your system, and display them on the main window.
System: Windows XP, 2003, Vista , 7
Panda USB and AutoRun Vaccine
Windows has a feature called AUTORUN.INF that automatically launches CDs, DVDs and programs on USB drives inserted into your computer. Malware can exploit this as soon as a new drive is inserted in a computer. The malware copies a malicious executable to the media in the drive and modifies the AUTORUN.INF file so that Windows opens the malicious file as soon as the drive is mounted.
Panda USB and AutoRun Vaccine allows users to vaccinate their PCs by disabling AutoRun completely so that no program from portable media can auto-execute. Since there is no easy, user friendly way of completely disabling AutoRun on a Windows PC, this is a useful and welcome tool.
The Panda utility can be used to vaccinate each USB flash drive you have so that they cannot ever be used as an unsuspecting transporter of malware. Once vaccinated, the process cannot be reversed without formatting.
The program currently only works on FAT and FAT32 USB drives.
Systems: Tested on Windows 2000, XP and Vista.
PCInspector File Recovery
PCInspector File Recovery is able to find and restore deleted partitions on your hard drive, even if the boot sector or file allocation table (FAT) has been deleted or damaged. It can also recover files that have been deleted -- with their original date and time stamps.
PCInspector File Recovery can recover a variety of file formats including document files from popular programs, like DOC, RTF, XLS, DBF, PDF, MP3, WAV, MID, AVI, MOV, BMP, JPG, PNG, GIF, TIF, ZIP, ARJ, TAR, LZH, EXE, HLP, HTML, HTM, etc. Incredibly, it can reconstruct them even if the file headers are missing.
Systems: Windows (not further delineated)
There are times when it would be useful to know which program has a particular file or directory open. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
Process Explorer displays two sub-windows. The top one shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a search capability.
The unique capabilities of this utility make it useful for advanced users to track down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
Systems: Windows XP, Vista , 7 and IA64
Recuva is one of those utilities you need to download, tuck away, and hope you never need it -- but will be pleased you have it if needed. Naturally, like the phonetic name suggests, it can recover deleted files on your hard drive, USB drive, camera, or iPod. Even if you reformatted a disk and it looks as blank as a clean sheet of paper, Recuva can probably still find your files on it.
Recuva can drag deleted email from an empty "Deleted Items" folder, resurrect deleted music from your iPod ot MP3 player, and restore unsaved Word documents. It has a quick-start wizard so you can just jump right in. It can do a deep scan for tougher assignments, securely delete files so even it cannot recover them, and pack itself into a thumb drive so you can port it anywhere.
Systems: All Windows systems
Standard registry-editing software, including Windows' own, will not permit you to delete registry keys that contain embedded null characters. RegDelNull is a command-line utility that searches your Registry for embedded null characters and changes the null to an asterisk (*), allowing the key to be deleted.
A word of warning is needed here. Deleting registry keys may cause applications associated with the key to fail. You really should not use this utility unless you know what you are doing. Even then, it is wise to create a restore point immediately prior to using this program.
Systems: Windows 2000, XP, Vista
RootkitRevealer is an advanced rootkit detection utility for advanced users.. It runs on Windows NT 4 and higher and its output lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit. RootkitRevealer successfully detects many persistent rootkits including AFX, Vanquish and HackerDefender (note: RootkitRevealer is not intended to detect rootkits like Fu that don't attempt to hide their files or registry keys).
The reason that there is no longer a command-line version is that malware authors have started targetting Rootkit Revealer's scan by using its executable name. RootkitRevealer ahs been updated to execute its scan from a randomly named copy of itself that runs as a Windows service. This type of execution is not conducive to a command-line interface. Note that you can use command-line options to execute an automatic scan with results logged to a file, which is the equivalent of the command-line version's behavior.
Systems: Windows XP (32-bit), Server 2003 (32-bit)
Windows NT and later systems have a fault that makes it possible to use raw disk editors and recovery tools to view and recover data that the operating system has deallocated. Another fault is that even when you encrypt files with Windows' Encrypting File System (EFS), a file's original unencrypted file data is left on the disk after a new encrypted version of the file is created.
The only way to ensure that deleted files, as well as files that you encrypt with EFS, are safe from recovery is to use a secure delete application. Secure delete applications overwrite a deleted file's on-disk data using techniques that make disk data unrecoverable, even using recovery technology that can read patterns in magnetic media that reveal weakly deleted files. SDelete(Secure Delete) is such an application.
You can use SDeleteboth to securely delete existing files, as well as to securely erase any file data that exists in the unallocated portions of a disk (including files that you have already deleted or encrypted). SDeleteimplements the Department of Defense standard DOD 5220.22-M to ensure your file data is gone forever. Note, however, that SDeletesecurely deletes file data, but not file names located in free disk space.
Systems: Windows XP and higher, Server 2003 and higher
If you take data security seriously, you've either used or seriously considered using an encryption program. Among the better of the many you can choose from is TrueCrypt. The encryption algorithms are sound and secure -- AES-256, Serpent, and Twofish -- but this is expected of good programs. So what sets TrueCrypt apart?
First of all, it creates a virtual encrypted disk within a file that mounts as if it were a physical drive. It encrypts an entire partition or storage device, such as a hard drive or USB flash drive. It encrypts a partition or drive where Windows is installed, true pre-boot authentication of all volumes. Encryption is automatic, real-time and transparent. Data is read and written as fast as if it were not encrypted at all. And finally, the program provides plausible deniability in case of duress by allowing a bogus password to be entered to reveal a bogus volume.
Systems: Windows 2000, XP, Vista, 7, Mac OS X, and Linux
VIPRE Rescue Program
The VIPRE Rescue Program is a command-line utility that will scan and clean an infected computer that is so infected that programs cannot be easily run. It is not intended to replace your normal antivirus program that runs in the background and protects your machine day-to-day. However, if your computer needs the VIPRE Rescue Program, I would seriously consider replacing your normal antivirus program.
The VIPRE Rescue Program is packaged into a self-extracting executable file (.exe) that prompts the user for an "unpack" or installation location, then starts the scanner and performs a deep scan. The user can start the program either by opening it via Windows or from the command line.
Virus definitions are included, and the program is self-running once executed. The initial scan, and all subsequent scans, include Rootkit Detection. Four command line options are available, perform a deep scan, perform a quick scan, log the events, and disabling the rootkit.
Detections are consistent with the full VIPRE ensemble, and the VIPRE Rescue Program is designed to disinfect a system so infected that a user cannot install it normally.
Systems: Windows 2000, XP, Vista, 7