IS YOUR SWAP FILE LEAKING INFORMATION ?

24. April 2010, 19:02 | by WD Milner | Full Article |

Almost all computer operating systems use some form of “swap file” (sometimes called a paging file) for aiding in memory management and speeding up certain operations. In some systems it is a separate partition on a hard disk drive, rather than a file within the file system.

In the case of Windows XP, it is a hidden system file stored on the hard drive. While it may be obvious that such a file can leak information while the system is active, what may not be so obvious is that it can leak information when the system is not.

An intruder can boot the system using a CD, DVD, USB key or floppy disk and have access to the last information contained in the swap just by reading or copying the file from the hard drive. The swap may contain nothing of value or it could contain account names, passwords, credit card numbers, fragments of or entire personal or business documents, bits of browsing history etc. While for the vast majority of computer users this is a remote likelihood, the possibility does exist.

For those who require the extra security, or simply want their system as secure as they can make it, there are two ways to secure the swap file. One is to encrypt the file system so that the swap and its contents are inaccessible. This requires a bit of work and additional software. Another, simpler method for those who want to ensure the inaccessibility of their swap file is to delete the swap file when you shutdown your computer. Encrypting your system is a whole topic in and of itself, so we’ll look at the second option of deleting the swap file when the system is shut down.

This solution requires editing the Windows registry. In Windows XP, run the REGEDIT command at the Run prompt. Before you start making any changes, you should always make a backup copy of the registry by choosing File and then Export.

Navigate the Registry tree to the following entry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management

In the right hand pane, set the ClearPageFileAtShutdown DWORD to 1.

The swap file will now be deleted whenever you shut down the system. Note that this will make shutting down the system take longer as it first overwrites the swap file with zeroes.

- 30 -

Categories: ,
Keywords: swap,privacy,leak,encrypt,erase

Comments


 



Textile help
 
* Indicates a required field.

As a SPAM prevention measure, comments are moderated and will be posted once vetted.

 

Article & Comments


Comments are not enabled for all articles or documents.

Article Navigation
|

Categories

Business
Communications
Electronics
Entertainment
Environment
Government
Internet and WWW
Miscellany
Music and Audio
News
Photography
Privacy
Psychology
Security
Society and Culture
Stage and Screen
Technology
Theology
Tips and Tricks
Web Design
Web Site


The Birches - Milner.ca Support Child Safety Online

 

 
 
 Help to FIGHT spam!
 • 
  •
•••