DOS: Disaster or Security?

Article excerpt

Why do you format disks? Are you trying to eliminate data that is no longer needed? Do you care if anyone else sees this data? If the answer is "yes" and you are using DOS 5.0, we have something to tell you!

Beware! Under the standard format with DOS 5.0, the data is not removed from the disk. It can be recovered by anyone who might obtain the disk.

Computer security has been a topic of great concern to accountants since the introduction of computers into the business world. Great strides have been made with respect to mainframe security during the last two decades. However, the tremendous proliferation of micro computers has amplified concerns about the security of these machines.

The ability to protect data and programs and the capacity for disaster recovery has improved remarkably. Entire courses (and even certification programs) deal with these topics. Unfortunately, a major problem with respect to microcomputer data security has surfaced. In our minds, this problem is easily corrected with a little bit of information and the initiation of proper microcomputer security procedures.

The concepts discussed here are common knowledge to anyone with a background in computer programming. Most popular microcomputer applications are completely pre-written, requiring no programming modification by users. As a result, there are now millions of users who have little or no background in programming concepts. Consequently, techniques accepted as standard operating procedure on a mainframe are not used as widely on microcomputers. This is especially true with the most widely used operating system (DOS) currently on IBM and compatible machines.

THE PROBLEM

Consider a situation where a CPA firm is working on an audit engagement for a small client. Having a need to use additional disks on the audit, the accountants use some of the disks they carry with them. These disks had been formatted in the office at an earlier time. They have asked the client to copy specific data onto the disks so the accountants may perform additional analyses on the data.

Unknown to the accountants, the disks were not brand new. Instead, they had other clients' data on them, before they were reformatted. In fact, some of that data remains on the disks! With little effort this data can be recovered and viewed by the client the auditors are currently working with.

There are other situations perhaps more likely and less threatening where disks are circulated in an organization with data that may be of a confidential nature.

Several utility programs now exist that can assist in recovering deleted files. They are too numerous to list all of them, but two of the more prominent are Norton Utilities (Symantec Corporation) and PC Tools (Central Point Software). Both programs have utilities that were designed to help recover files that were accidentally deleted. They also can for recover files that were intentionally deleted and not meant to be recovered.

All mainframe programmers learn very early in their training that to erase something completely from storage, the pertinent data area needs to be overwritten, usually with blanks or spaces. Sadly, when IBM microcomputers came into existence, the programming for deleting or erasing files did not use this method. Instead, a delete or erase command in DOS simply replaces the first byte of the file name in the root directory with the lowercase Greek character sigma (E5 in hexadecimal code). This indicates to DOS that the file has been erased. DOS then zeros all the FAT (File Allocation Table) entries for that file so the data clusters previously allocated now appear to DOS as free space. (It should be noted here that DOS handles the "delete" and "erase" commands in the same way.)

Even more important than these specialized utilities packages is the recent proliferation of similar utilities with many of the more common operating systems and applications software. …