Posted by: Ken Harthun
Encryption, Memory, Secure Computing, Security, Security management
Since the early days of Windows (3.x and forward), the operating system has relied upon vritual memory in the form of files stored on the hard drive to compensate for the lack of a machine’s physical memory. When the machine’s physical memory begins filling up, pages of data are moved from physical memory to the virtual memory file. Until Windows NT, this file was called win386.swp; when NT came along, it was renamed to pagefile.sys. While the pagefile generally enhances performance, it’s a security risk.
For one thing, Windows’ default behavior leaves the pagefile intact when a user logs out, so there’s a good chance of viewing information in any files the user opened while logged in.
Encryption doesn’t necessarily mean the data is safe, either. Sure, the file itself is encrypted, but in order to work with encrypted files, the system must first decrypt them and this unencrypted copy may be stored in the pagefile.
There’s a simple registry setting that will clear your pagefile when you shutdown your computer. Why this setting isn’t enabled by default only makes sense from a performance standpoint. It may take Windows slightly longer to shut down, but you’ll rest easier knowing your confidential data isn’t at risk.
Start regedit and navigate to:
Set the key ClearPageFileAtShutdown to 1
Close regedit and reboot your computer to apply the change.