1. Technical Field
The present invention relates to a computer system in which a user action can cause a computer program to perform actions which may destroy data stored on the computer or on an associated computer.
2. Description of Related Art
Many software systems include user actions that are intended to destroy unwanted information, either to make media space available for other uses, or for security reasons, e.g., to prevent the information falling into the wrong hands. However, there is a risk of a user inadvertently destroying the wrong data.
Computer systems commonly use a number of different techniques to reduce this risk. One technique is to require a user to replay to a dialog box asking “Are you sure?” to confirm the action or to require the addition of an extra parameter to a typed system command. This approach suffers, however, from the problem that users have become accustomed to it and confirm the action without thinking about whether they really do want to perform the action they have requested. The warning is not only ineffective, it has become irritating in the normal case.
Another technique is to make the action reversible by not really destroying the information, e.g., just hiding it in some way like moving a file reference to a “recycle bin” folder. This approach, however, is not useful for security, as the information is still accessible. It also requires a second action to make the space available—like “emptying the recycle bin,” which is itself an irritation to the user.
A further technique is to keep a backup copy of the data so it can be recovered. This requires that sufficient storage space is available to allow a backup copy to be kept. It also requires an additional action from the user to delete the backup. If the backup is deleted without further user intervention once the action is ‘successful,’ it does not protect the data against unintended user actions.
Some software systems allow actions to be scheduled for some time in the future, but do not allow a delay to be added by default.
So it would be desirable to provide a technique whereby recovery is allowed when a user asks a computer to perform an action which results in loss of information, but which still allows for the destruction of information for the purposes of security and for freeing up disk space.