Location:
State:
Carrier
Country
Status

Clear Pagefile on Shutdown


I've been looking into clearing the pagefile, and I found the following steps at a somewhat dated webpage:
  1. In the registry editor, navigate to: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management
  2. Set ClearPageFileAtShutdown to the REG_DWORD value of 1.
  3. Restart Windows.

I'm just wondering whether those steps are still valid, and, if so, does clearing the pagefile work as advertised?

You are running a VM - you could test it (shut down your VM, mount the vhd and have a look).

[spoiler]yes it does still work the same[/spoiler]

Really though I have to ask why? Sure there can be stuff in your pagefile (passwords perhaps) but if your disk isn't encrypted then it hardly matters as it would normally be much much easier to read things elsewhere. It isn't easy to read pagefile as there isn't any logic in where things are or in what format.

Is your reason security? If so FDE is the only solution.

If your reason is performance it will only make it worse - even MS say so
Note If you enable this feature, the shutdown time may be increased.
source

Clearing the pagefile is a security measure. In spite of claims to the contrary it has no other benefits. It writes zeroes to every byte of the pagefile. It does not delete the pagefile as sometimes claimed. It will increase shutdown time, particularly on systems with slow hard drives (laptops). It cannot be used with hibernation. While it isn't really a bad idea it makes little sense except as part of a comprehensive security policy. Most systems have security risks that are more serious than an uncleared pagefile. In most cases a hacker could obtain what he wanted by other means with less effort.

You are running a VM - you could test it (shut down your VM, mount the vhd and have a look).

[spoiler]yes it does still work the same[/spoiler]

Really though I have to ask why? Sure there can be stuff in your pagefile (passwords perhaps) but if your disk isn't encrypted then it hardly matters as it would normally be much much easier to read things elsewhere. It isn't easy to read pagefile as there isn't any logic in where things are or in what format.

Is your reason security? If so FDE is the only solution.

If your reason is performance it will only make it worse - even MS say so source
Regarding testing it, all I really know how to do is make sure that nothing bad happens, which I did last night.

My reason is basically paranoia about privacy stemming from a bad experience.

As far as FDE is concerned, I haven't fully explored data-leak issues yet, but, so far it looks as if 7zip and Eraser would meet my needs adequately. (I'll probably be posting another thread or looking elsewhere, if not.)

I'm aware of the performance issue, but it doesn't seem to be a problem right now.

Anyway, thanks for the information.

As far as FDE is concerned, I haven't fully explored data-leak issues yet, but, so far it looks as if 7zip and Eraser would meet my needs adequately. (I'll probably be posting another thread or looking elsewhere, if not.)
It really depends.

FDE (and clearing pagefile which is pointless I think) stop people getting information from your PC if they steal it.

If someone has access to your PC and is signed on and you are trying to stop them accessing certain files then you could use 7zip I guess (and FDE would not help). It is a whole other question.

I use bitlocker (in case I lose my laptop again) but I also have accounts for my wife and son. If they get past the bitlocker (which they can with their fingerprints obviously) then it is as open as any other PC for them. So I have further encrypted containers (I use 7-zip). VMs I use are also encrypted. Just because.

Anyway, sorry about your issue and do try to explain who your are trying to stop accessing what, perhaps we can help.

Do remember though that if you give away your details online it makes no difference what security you had on your local PC when you did it.

...do try to explain who your are trying to stop accessing what, perhaps we can help.
My concerns are with general theft and privacy issues.

Theft? Upgrade to Pro and enable bitlocker. There is no other sensible supported solution at all any more.

Privacy? It is entirely separate. It is valid concern but there are too many tin foil hat conspiracy nuts who keep jumping on anything with the word "privacy" and complaining about MS - it is just too boring. Please open another thread for that (so I can ignore them).

You could look here for a start though - Tor Project: Anonymity Online Do read the FAQ though, they are quite interesting.

Clear Pagefile on Shutdown