[v6] Invalid values / no file erasure methods to choose


Active Member
After installing Eraser 6, stating Eraser gives you this message:

The following settings held invalid values:
Default file erasure method
Default unused space erasure method
Randomness data source

These settings have now been set to naive defaults.

Please check that the new settings suit your required level of security.[/quote]Eraser 6 is built on top of a plugin architecture. This means that anyone with programming skills can help write plugins which can be used together with Eraser. While useful, this poses a security risk (imagine a malicious programmer claiming to distribute an Eraser plugin!) and therefore Eraser plugins must be signed before they are loaded automatically.

The built-in erasure methods and PRNGs are also plugins. So we've got a problem: The program doesn't know that the default plugin is safe (because it's from us) yet it must be loaded automatically. So we've signed the plugin using a Certum certificate, which is a(relatively new) Certification Authority and as such not all computers has the root certificate.

To resolve this problem, you'll need to apply every single update, especially the Root Certificates update: http://support.microsoft.com/kb/931125. Install that and try again.

If that still doesn't work, press Windows Key + R, type in mmc, press enter. Go to File | Add/Remove Snap-in and double click on the Certificates snap in. Check Local Computer, but if that is not available, check My User Account; then click OK and go to the Certificates node under the Trusted Root Certification Authorities node under Certificates - Local Computer or Certificates - Current User respectively (depending on what you selected earlier). Check that the Certum CA exist in the store. For the record: the certificate hash is
‎62 52 dc 40 f7 11 43 a2 2f de 9e f7 34 8e 06 42 51 b1 81 18

If the Certum CA certificate is still not in the store, you can find the corresponding certificate on a computer with the certificate and manually import the certificate. Export the certificate from the source computer as a p7b/pfx file and then import them on the server.
Hi. I just wanted to note (for others) who are trying to install Eraser on Windows Server 2008 R2 (or any other kind of internet disconnected server...)

I was able to successfully install Eraser to a Windows Server x64 2008 R2 after doing the following steps:

1) Install .NET 3.5.1 as a Server Feature:
Run Server Manager (%SystemRoot%\system32\ServerManager.msc) Click Features. Add a Server Feature. Find .NET 3.5.1. Check it then install. By the way, if you already are using the Application Server ROLE for your server, then you already have .NET 3.5.1 installed. Both work with Eraser.

2) Import Certum CA certificates to the Local Computer account.
I know in Joel's response above, he says to install the certificates to your local account (My User Account) Certificate stores, but using Local Computer works. (Which means no need to have ALL users install their own certificates to their own stores.) As for the certificates themselves, I just happened to have the Certum CA (and Certum Trusted Network) certificates installed on my laptop. Export those certificates as p7b files to a temp directory, and then import them on the server. Our servers happen to be disconnected from the internet so I couldn't patch with the most up-to-date Root Certificates patch, which is why I resorted to exporting from my laptop (which does get regular patches from microsoft.) Refer to Joel's post above for certificate install instructions.

3) Install Eraser
Be sure to right-click and select 'Run As Administrator'.

Good luck.
- Richard
Thanks for your help Richard. I'll amend my initial post.