Secure Erasure Under Windows NT

Last reviewed: November 2, 1995
Article ID: Q94239
The information in this article applies to:
  • Microsoft Win32 Application Programming Interface (API) included with:

        - Microsoft Windows NT versions 3.1, 3.5, and 3.51
    

SUMMARY

File systems under Windows NT currently have virtual secure erasure (when a file is deleted, the data is no longer accessible through the operating system). Although the bits could still be on disk, Windows NT will not allow access to them.

MORE INFORMATION

The NTFS file system does this by keeping a high-water mark, for each file, of bytes written to the file. Everything below the line is real data, anything above the line is (on disk) random garbage that used to be free space, but any attempt to read past this high-water mark returns all zeros.

Other reusable objects are also protected. For example, all the memory pages in a process's address space are zeroed when they are touched (unlike the file system, a process may directly access its pages, and thus the pages must be actually zeroed rather than virtually zeroed).

Note that file system security assumes physical security; in other words, if a person has physical access to a machine and can boot an alternative operating system and/or add custom device drivers and programs, he/she can always get direct access to the bits on disk.


Additional reference words: 3.10 3.50
KBCategory: kbprg
KBSubcategory: BseSecurity


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: November 2, 1995
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.