Problem solve Get help with specific problems with your technologies, process and projects.

Defragmenting balances performance and security

In most cases, disk defragmentation is all you need to speed up computer performance. It's a simple solution that can free up money to do other projects.

Ever wonder where you're going to get that last bit of budget money to fund that much-needed security project? Are you struggling to get users to buy into security and to realize they're also part of the risk management equation? I'm always trying to think of creative ways to eke out those last few dollars and last bit of respect for security's place in the enterprise. Well, here's a new angle on getting both money and buy-in: Defragment your hard drives.

Yep, you heard it from me -- the back to basics security guy. Regardless of which side of the defragging debate you're on, fragmented hard drives have been proven to contribute to computer slowdowns and the user frustrations that come with them. In fact, one of the greatest topics of annoyance I hear users speak of is how slow their computers run.

What's the typical solution to slow computers? Just buy new ones! I can't tell you how many times I've seen people buy new computers to replace ones that were only a couple of years old just because they were running slow -- were too "outdated." The assumption was that these old computers just couldn't handle the demands of the latest versions of Microsoft Office, Internet Explorer and the like.

The fact is that any computer made in the last four or five years that has a decent amount of memory (512 MB to 1 GB, which is not unreasonable) shouldn't have any problem running most run-of-the-mill business software -- especially on Windows XP.

Many people are faced with the need to spend their annual IT budgets or else lose the money altogether. The money that might have been spent buying faster PCs can be redirected to some long delayed information security projects. In short, a few rounds of disk defragging can be a more practical solution to upgrading old, slow computers.

Given the unbelievable amount of Windows processes and services – not to mention the latest and greatest "gotta have it" bloatware running on the typical Windows computer, it really is a wonder our computers can do anything. And it doesn't matter how much memory the computers have or how fast the hard drives are because the more processing power we have, the quicker it seems to go away. Throw out the typical security controls such as antivirus and antispyware software, personal firewalls and whole disk encryption on top of that and you've got yourself an enterprise chock full of fast computers running at the speed of stop.

Over time, as files become more and more fragmented, the hard disk becomes the performance bottleneck of the computer. More often than not, the necessary solution -- disk defragmenting -- is overlooked; instead, security controls are disabled or even uninstalled altogether.

End users know how to bypass security controls
From antivirus to personal firewalls to disk encryption, security controls are easily bypassed by even the most nontechnical users. The typical manager proclaims, "Our users wouldn't do this." The assumption is that users know that they shouldn't do such a thing and they wouldn't know how to do it anyway. Well, contrary to this dangerous belief, in fact, users do disable security controls when their computers are running slow.

Based on my observations and interviews when performing security assessments, users will do what they can to their degree of system privileges and computer knowledge just so they can get their work done. It's the classic problem of security getting in the way of usability. In the case of severely fragmented hard drives, security controls are only part of the problem. But they're often the first thing people think of -- and start disabling. Again, the solution is to defragment your hard drives. I know what you're thinking: Defragmenting is not going to magically keep users from disabling security controls. But, believe me, it'll certainly curb their desire to do so.

Many computer experts claim that defragging doesn't do any good. They argue that today's faster hard drives and disk caches make up for any file fragmentation-based speed losses. But how do you really know for sure? I can say with conviction that disk defragmenting makes a big difference in the speed of my Windows-based workstations and servers. From boot times to email client load times to vulnerability scanner response times (especially those with a database on the back end), defragmenting clearly helps.

If you haven't defragmented your Windows systems lately, give it a shot. There are plenty of free options, such as the Disk Defragmenter that Microsoft built into Windows (which happens to be available via Group Policy control as well), JkDefrag and Auslogics Disk Defrag. If you're looking for more horsepower and handling, check out the commercial alternatives, such as Ashampoo Magical Defrag, Diskeeper and PerfectDisk. Just be careful when you defragment your Windows 2003-based systems. There's a known issue with losing shadow copies of your system, but at least there's a workaround.

All in all, your mileage will vary, but with today's limited time and tightening budgets, the benefits of defragmenting your hard drives will undoubtedly be worth the effort.

Kevin Beaver
is an information security consultant, expert witness, author and professional speaker at Atlanta-based Principle Logic LLC. With over 22 years of experience in the industry, he specializes in performing independent security assessments revolving around minimizing information risks. He has authored/co-authored 10 books on information security, including the best-selling Hacking For Dummies. In addition, he’s the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. You can reach him through his website, follow him on Twitter at @kevinbeaver,and connect to him on LinkedIn.

Dig Deeper on Enterprise desktop management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.