Jump to content

Does Standard Formatting eliminate all threats from a HDD


Scoop

Recommended Posts

I was curious about this question and have been reading some articles but there seems to be 2 schools of thought about it.

 

If there is a known malware / virus present on one's HDD, will a standard Format action render all threats inactive  or does the affected HDD need to be completely wiped via a data destruction tool such a "dban" or other HDD cleaning tools?

 

I've been using "Gparted" to do a simple Format prior to routine cloning during the past couple of years and haven't encountered any issues after formatting an infected HDD and reusing it as a cloned spare verifiable working HDD.

 

I have recovered my PC 3 times using this method where I'm running the PC as normal after installation of the HDD.

 

I've read articles that go either way with this issue.  One article said that a standard format will eliminate all malware / virus threats (not erasing all 1's / 0's but effectively cleaning the affected HDD of all threats so the HDD can be used as a safe backup HDD).

 

Those articles seem to hold the majority opinion.  I have read opposing opinions that recommend the HDD be completely wiped after a threat item or items have been detected on a HDD.

Link to post
Share on other sites

If one deletes the partition table, redefines the partitions and reformats that volume, all malware on the disk will be gone.

 

Note that one can boot off that disk, you'd have to boot from a non-infected OS such as from a CDROM which by definition is Read-Only.

Link to post
Share on other sites

If one deletes the partition table, redefines the partitions and reformats that volume, all malware on the disk will be gone.

 

Note that one can boot off that disk, you'd have to boot from a non-infected OS such as from a CDROM which by definition is Read-Only.

 

Does a standard format do the things that you listed?

 

When I format prior to cloning, I select the default (not custom) format in "Gparted".  I format the "System Reserved" partition and the main partition on my HDD.  I don't do any custom resizing of partitions, etc.

 

Do I have this part right? ↓

 

"High-level" formatting is what you are referring to in your post, removing the partition table, etc.

 

"Low-level" formatting is the same thing as wiping a HDD, removing all information (1's & 0's).

 

Is "High-level" formatting done when one formats from within Windows, at the "My Computer" icons or from Disk Management?

Link to post
Share on other sites

  • Root Admin

Q: Does Standard Formatting eliminate all threats from a HDD
A: NO

 

There are infections that can live in the MBR Master boot record

 

One must typically use FDISK or some other similar utility to delete at least the boot partition where the MBR is located.  The fact that the partition has been deleted now means it must be formatted in order to use it.

 

The normal method for most users is to boot from the Windows install CD/DVD and then when the drives are listed you choose the drive and delete the partitions.  Then you create a partition and then click Install.   There are certainly other tools, means, or operations if one understands and is capable of using other tools.

Link to post
Share on other sites

Does a standard format do the things that you listed?

No.  One has to use software to delete and repartition a given volume and formatting said volume is a separate function.

 

"High-level" formatting is what you are referring to in your post, removing the partition table, etc.

No.  High-level formatting is just laying down a format scheme such as FAT, FAT32, NTFS, etc. and precludes partitioning.  Partitioning is taking a volume and either having is as one large volume or break it down to two or more separate "partitions" which may be formatted using the same formatting scheme such as NTFS or two or more different schemes such as FAT32 and NTFS.

 

"Low-level" formatting is the same thing as wiping a HDD, removing all information (1's & 0's).

No.  Low-level formatting is preparing the platters to accept a partition scheme and to map out bad sectors. It occurs at a lower level closer to the hardware.  Simply wiping a drive by removing partitions, recreating partitions and reformatting a drive is done at OS level.  Thus at a higher level.

 

Is "High-level" formatting done when one formats from within Windows, at the "My Computer" icons or from Disk Management?

Yes.

Link to post
Share on other sites

Q: Does Standard Formatting eliminate all threats from a HDD

A: NO

 

There are infections that can live in the MBR Master boot record

 

One must typically use FDISK or some other similar utility to delete at least the boot partition where the MBR is located.  The fact that the partition has been deleted now means it must be formatted in order to use it.

 

The normal method for most users is to boot from the Windows install CD/DVD and then when the drives are listed you choose the drive and delete the partitions.  Then you create a partition and then click Install.   There are certainly other tools, means, or operations if one understands and is capable of using other tools.

 

Ok.  I've been fortunate over the past couple of years since when I format, I'm formatting the partition (MBR, "System Reserved" partition) but I've not been removing the partition itself.

 

I believe I can do that with "Gparted" but I haven't been deleting the actual partition.  I'll look into that the next time I encounter an infection and remove the HDD to prepare it as a backup cloned spare.

 

 

Does a standard format do the things that you listed?

No.  One has to use software to delete and repartition a given volume and formatting said volume is a separate function.

 

"High-level" formatting is what you are referring to in your post, removing the partition table, etc.

No.  High-level formatting is just laying down a format scheme such as FAT, FAT32, NTFS, etc. and precludes partitioning.  Partitioning is taking a volume and either having is as one large volume or break it down to two or more separate "partitions" which may be formatted using the same formatting scheme such as NTFS or two or more different schemes such as FAT32 and NTFS.

 

"Low-level" formatting is the same thing as wiping a HDD, removing all information (1's & 0's).

No.  Low-level formatting is preparing the platters to accept a partition scheme and to map out bad sectors. It occurs at a lower level closer to the hardware.  Simply wiping a drive by removing partitions, recreating partitions and reformatting a drive is done at OS level.  Thus at a higher level.

 

Is "High-level" formatting done when one formats from within Windows, at the "My Computer" icons or from Disk Management?

Yes.

 

Thanks again.  I guess I've rolled the dice up to now, when I've not been removing partitions after an infection.  It's worked for me but I'll remove the partitions the next time I have to remove my HDD due to malware or virus.

 

I use "Acronis" when I clone. Once a partition is removed, I'm assuming that the cloning process will re-create the partition and then copy the information bit-by-bit as usual.

Link to post
Share on other sites

↑  (can't edit posts yet :) )  I recalled when I bought my new HDD to use it as a cloned backup HDD:

 

I formatted the new HDD and then cloned with Acronis.  It created the partitions during the cloning process.  Makes sense since cloning is a copy-all process to another HDD.

 

Thanks again, Ron, David.  This HDD stuff can be complicated :)   , ie, differences between formatting, partitions, complete wipes, shredding tools ,etc.

Link to post
Share on other sites

"I guess I've rolled the dice up to now"

 

Not really.  When Win9x/ME was prevalent using FATx there were Boot Sector Infectors, a type of virus that can spread from hard disk to floppy and floppy to hard disk, etc., such as the "NYB" and "Form" viruses.  Using NTFS has actually eliminated many forms of malware in the form of trojans and viruses.  There are RootKits (a type of trojan) like TDSS Level 4 (aka; TDL4) that may inject malicious code into the Master Boot Record (MBR) or "trojanize" the MBR but they aren't viruses and do NOT self replicate and are only self preservation or malicious entry points for malware.   Thus using NTFS has less of a threat than using FATx.

Link to post
Share on other sites

"I guess I've rolled the dice up to now"

 

Not really.  When Win9x/ME was prevalent using FATx there were Boot Sector Infectors, a type of virus that can spread from hard disk to floppy and floppy to hard disk, etc., such as the "NYB" and "Form" viruses.  Using NTFS has actually eliminated many forms of malware in the form of trojans and viruses.  There are RootKits (a type of trojan) like TDSS Level 4 (aka; TDL4) that may inject malicious code into the Master Boot Record (MBR) or "trojanize" the MBR but they aren't viruses and do NOT self replicate and are only self preservation or malicious entry points for malware.   Thus using NTFS has less of a threat than using FATx.

 

That's good to know about NTFS.  I'm deducing that a standard format (not deleting the partitions) would render benign nearly all types of undesirables on one's HDD. 

 

I like Ron's post (delete partitions) advice so in the event I need to clean up an infected HDD and since I already boot on my Gparted CD to do my (routine, no issues with the HDD) pre-clone formatting, it will be convenient for me to do the couple of extra steps the next time I need to clean an infected HDD by doing the "select, unmount, delete partition" steps while booted into the tool.

 

as i recall , one of the old drive "low level" nasties was "natas" .

 

Geepers... (yes, I'm an old-timer :lol:),  who had the time to write malicious code like that?

 

 

The Natas virus (named as Satan spelled backwards) was a polymorphic file infecting virus who's payload deleted data on FAT formatted drives and was not a "low-level" formatter.

 

a5aq7d.jpg   That must have originated from a warped mind.

 

David, I gotta say that you had me swinging at your fastballs earlier in that "low/high formatting" post of mine.

 

I'm the one at the plate swinging away and whiffing at every pitch....

 

25zmsqw.jpg   :lol:

 

I sure had that all mixed up... formatting definitions.

 

Seriously, many thanks for the info here, from all of you guys.  The learning curve sped up since arriving at this forum.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.