|by Jon on Wednesday, October 27, 2004||file under: Technology|
There's a nerdy idea floating around that you can tell an uninformed Windows user to type "format c:" in the Run dialog to solve their problems. This is perpetuated in office jokes and comics among other places, but how many people have actually tried to destroy their using "format c:".
I made a goal for myself to find out what would happen if I ran ?format c:? on a freshly installed Windows system and decided to compare it to the equally notorious "rm -Rf /" in Linux. Besides noting how effectively I could trash the system, I wanted to see how the operating system responded, and what it took to be able to destroy the system. I know that "format c:" and "rm -Rf /" aren't equivalent, but they usually are interchangeable punchlines to jokes, which is why they were chosen.
Read more for the destruction of two perfectly good operating system installations.
My target OSes were Windows XP Pro and Ubuntu Linux, both with all the latest and greatest updates. The installs were both fresh and no additional security settings had been set. Ubuntu asked me for a password during installation, Windows did not, which we will see makes a difference later down the line.
First I established a baseline for my environment: a virtual shell parked at the root of the file system (C:\ for Windows, / for Linux).
Well, that was simple enough. Getting to each file system's root was a nearly identical process. Now is where things will change, however. In Windows, I am going to attempt to format the drive, a low level operation which usually occurs on drives not being used and in Linux I am going to attempt to remove all of the files from the filesystem. Both should give me an empty file tree when I'm done, but come at it from different angles. In Windows, I use the "format c: /FS:NTFS" command, in Linux "rm -Rf *".
Thankfully, and as I expected, neither of these commands wiped out my filesystem. To my shock, Windows looked as if it was going to comply with my wishes. It asked me if I would like to proceed and I confirmed that indeed I would. Ah, but as I expected, the drive was mounted and could not be formatted until it was unmounted; so I told it to try to forcefully unmount the drive. Finally it told me that it could not gain sole access to the drive and would not continue. So, straight away "format c:" will not erase your hard drive! Now how did Linux fare? Also, as I expected, almost nothing was deleted by my "rm -Rf *". My personal home directory (~/jonathanhohle) might have been erased, I didn't think to check it before I moved on. All in all, however, both systems were still up, stable, and in need of more abuse!
My goal was to mass erase these disks from the command line and so far I hadn't had much luck. With Windows I knew I was going to have to take a different approach, with Linux, I knew exactly what I had to do to kill this system.
I decided to attack Windows from the same attack point as I was hitting Linux. Instead of trying to do a low level erasure of my files I was just going to recursively delete them. So after a little mucking around at the command prompt, I came up with "del /F /S /Q *". Linux was a no brainer. All I had to do was escalate my permissions with sudo, "sudo rm -Rf *" to be exact.
Well, that did the trick on both systems with one caveat. As the first Linux screenshot under this paragraph shows, Linux would not continue with the command until the root password was entered. Windows, on the other hand had no problems going to town unlinking files after the [Enter] key was struck.
After about a minute, Linux had finished removing files. Several messages were printed for the virtual files and directories that could not be removed. Windows, however, took quite a while (probably close to 20 minutes) to delete all the files on the drive, all the while printing a status message for every file it encountered. As it neared the end and had removed large number of system files, I began to get dialog boxes which popped up informing me, not that files were missing, but that files had been replaced with unrecognized versions. I find this to be a very misleading message considering files had not been replaced, but removed from the system entirely. At least 20 of these dialog boxes appeared, some noting which file was missing, others not, like the one pictured.
Once everything was deleted, I wanted to see how functional my shell environment still was. In Windows I used the "dir" command to get a directory listing, in Linux I attempted to call the "ls" program. Because "dir" is a command prompt builtin and not an external program, it had no problems giving me a directory listing (a rather short one at that). ls, however, since it was no longer on the system, could not be run. With few builtin functions in bash, my Linux command line became very useless very quickly. Non-builtin programs in Windows reacted similarly to Linux
In both operating systems I was still able to navigate around my graphical environment, and both showed similar signs of desolation, mainly in application menus that no longer contained entries. Both Gnome and Windows seemed to have no problems continuing on. While I wouldn't be able to start new programs (since they weren't availble to the operating system anymore) my only goal was to be able to log out. However, the results of what the two operating systems did was soon apparent. Windows would not delete files which were locked, typically programs or libraries that were currently running or being used. This left a lot of useful applications in the file tree. Linux, however, loads programs into memory and doesn't worry about locking them, so nearly everything was removed, even programs that were currently running when I removed them.
Upon logout, Windows prompted me with my login screen like normal, however Linux seriously geeked out. Notice, however, that the default background used in the Windows login screen is not there.
Amazed that Windows hadn't died as awesome a death as Linux, I decided to reboot it, and of course, it didn't come back up.
So what did I learn? Ubuntu's default file permissions and user accounts are much more mature then Windows XPs, NTFS is much slower then EXT3 (or whatever the default Ubuntu FS is) when it comes to unlinking files (alternatively, it could be the fault of the del command), and Windows file locking, while usually annoying, allowed the system to be shut down normally even after the file system was mostly destroyed
The default install of Windows does not prompt for a password to be created for the primary user. It also is set to auto-logon, even after Service Pack 2 is installed. This means, for a default install of Windows, anyone can walk up, type "del /F /S /Q *", and your system will be hosed. Ubuntu, like most Linux distributions, set up a password for the primary user right away during installation. The primary user's password is required to do anything beyond the single users's environment, so why a user may screw up their own files, they won't destroy the system (which may contain tools which allow them to recover their files).
Deleting files in Windows was a painfully slow process. I sat and watched as every file from every folder was confirmed as deleted, or an error message was printed informing me a file couldn't be deleted. After the thousands of files that were removed, it would have been quite a chore to go back through that output and parse which files could not have been deleted. In Linux, however, deleting files was a snappy process, and the only output I received were the few files that could not be removed.
And finally, I was pleasantly surprised at how Windows handled losing most of its files. While the important ones required for shutting down the system were obviously locked this made the shutdown seem much more graceful (despite the immenent death I knew would come). Linux, however, lost in style points as it simply gave up, spewing a pink mess across the screen. Normally I would be annoyed with file locking, as it makes it difficult to test a program and build a new version to the same file, but in this one extreme situation, it may have had some usefulness.
So there you have it. Stop telling people they should run "format c:" because it won't get you or them anywhere. Same goes for "rm -Rf /" (unless you know they always log in as root). While technically incorrect however, those well known commands are much easier than suggesting they "del /F /S /Q /" or "sudo rm -Rf /".