Pagefile Question

Discussion in 'privacy problems' started by caspian, Jul 2, 2014.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I have read about encrypting the pagefile here for privacy. So I did. It just takes a second so why not? But what kind of private data can really be extracted from the pagefile? I mean, if someone stole my laptop, assuming that they knew how to access the pagefile, what kind of personal data would they see? Would it really be anything of much significance? Could there possibly be passwords or something like that? That would actually be the scariest thing that a person could steal off of my computer. But I don't see how something like that could be saved. I use Sandboxie with Eraser so I assume that all of my entered passwords are gone when I delete the sandbox, right?

    Anyway, I entered "fsutil behavior set encryptpagingfile 1" in the command prompt and restarted. So now if I understand correctly, my pagefile is unreadable. But what is it that is unreadable in the first place?
     
  2. Dave0291

    Dave0291 Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    553
    Location:
    U.S
    There's not much reason to encrypt it I don't think. There is a possibility of the history of files you opened being left in the pagefile when you log off, so you ought to use something like Privazer to clean it and the system up daily. Eraser just takes too long to do even simple erasing, and I don't think it's because it does it more securely. Watch for Sandboxie, it doesn't really wipe all traces of activity away after emptying. As for that command you entered, I doubt it can do anything that can't be reverted, and I'm sure the 3 letter folks already know that exists and can get to that pagefile regardless.

    I don't think you have anything to really worry about as far as data is concerned. Although there is the risk that encrypting your file may screw with the operation of Windows of some programs.
     
  3. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    Last edited: Jul 2, 2014
  4. Dave0291

    Dave0291 Registered Member

    Joined:
    Nov 17, 2013
    Posts:
    553
    Location:
    U.S
    There's no way in hell you could advise someone to turn off their pagefiles with 6GB of RAM. Most major games, especially MMOs will take up to 2-3 GB by their selves. If you're trying to do other heavy activities like Photoshop, you're looking at another gig or more. I'm not suggesting most people will run all this stuff at once, but still. If you're going to tell someone to turn their pagefile off, tell the people with 16GB or so to.
     
  5. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    Entirely depends on what you're doing with it. Turn it off, have issues, turn it back on. Worried about the security/privacy of the pagefile, well, that's why serious privacy stuff runs all in ram.

    I have 8GB of ram in my own rig, rarely for daily stuff does it even go over 3-4GB. Games, another story sure.
     
    Last edited: Jul 2, 2014
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    No Pagefile = No Worries. Same goes for disabling Hibernation. Naturally, i'm assuming you have other precautions etc in place too ! I have 2Gb RAM on my XP & rarely use more than 1/4 of it. I do not play games on it, or anywhere else lol !

    @ MrBrian

    Thanx for the PDF link. I'm in the process of reading it now. You never know, i might learn something new !
     
  8. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    Yeah, Hibernation is another good one to disable, especially if you don't use sleep mode. I also find that the Page File and Hibernation file have to be manually deleted/turned off sometimes with various defragging software which refuses to defrag those files. Plus both of them can chew up a fair amount of hard drive space less they're set up manually.
     
  9. Robin A.

    Robin A. Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    2,279
    AFAIK, sleep mode and hibernation are different. In sleep mode, the memory is kept energized so that its contents is not lost. In hibernation, the memory contents is written to disk (to the hibernation file).

    Under normnal circumstances, I don´t see any reason to encrypt the pagefile. As to disable sleep mode or hibernation, it depends on personal preferences. I use sleep mode a lot, almost never use hibernation.
     
  10. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Just a few highlights from the PDF http://brage.bibsys.no/xmlui/handle/11250/143807 which confirm my long held beliefs etc ! I would recommend you read the whole PDF for Lots more insight etc.

     
  11. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,280
    Location:
    England
  12. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    For a common user, I would probably recommend 8GB, but it depends on the user, what kind of software he uses, what AV and overall system settings. I have Windows 64-bit and 6GB (512MB used by GPU), I have disabled superfetch and other nonsense, so my Windows takes only about 450MB, I use CleanMem, therefore I have disabled the pagefile and even while playing games, I have hardly reached 4GB usage. Even now with a browser running, it is only about 1GB.
     

    Attached Files:

  13. Rainwalker

    Rainwalker Registered Member

    Joined:
    May 18, 2003
    Posts:
    2,106
    Location:
    USA
    When booting to the Safe Mode is Last Known Good Configuration stored in the pagefile?

    TIA
     
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Wow! This is a lot more serious than I realized, thanks!
     
  15. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I have heard it recommended here and elswhere to prevent people from being able to read anything if they gain access to it.

    http://www.ghacks.net/2011/04/04/encrypt-your-windows-pagefile-to-improve-security/

    I use Privazer every few days. So it wipes the entire pagefile? Is there any way that you know of that this can be verified?

    If Eraser wipes leftover dat files from browsing, do you think that this can somehow be recovered?

    Right now I have 8 G's of RAM so maybe there's not much. But if passwords can be recovered that's not good. I log into my bank and several credit card accounts all the time. But I had always assumed that Sandboxie with Eraser would prevent passwords from being saved anywhere. So maybe I will start running Privazer more often. Thanks for your input.
     
  16. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I have 8 G's of RAM. But I think it is upgradable to 16. If I upgraded to 16 do you think I could still run VMs and that sort of thing without running out of RAM?

    I have never disabled hibernation, but I did go into power settings and tell my computer to never go to sleep. Would this prevent hubernation? Or do I till need to disable it specifically?
     
  17. Veeshush

    Veeshush Registered Member

    Joined:
    Mar 16, 2014
    Posts:
    643
    I'd honestly think you could get away with 8Gb, but as I said in my first post in this thread, you might run into issues anyway and regardless of how much ram you have. But you might not. Try it and see, your system isn't going to have permanent damage from it. Have a crash- just reboot and re-enable it.

    To monitor my ram usage I just use: http://addgadgets.com/all_cpu_meter/ but there's tons of stuff out there.

    See: http://www.sevenforums.com/tutorials/819-hibernate-enable-disable.html
     
    Last edited: Jul 3, 2014
  18. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks so much, Veeshush, for your help. Looking at the link you provided, in the last option it says to go into power settings. I went their and expanded the sleep tab and hibernate was no where to be found. Does this mean that it is already disabled? I am wondering because I do have Privazer installed and thinking back, it did ask me if I wanted it to disable hibernation and I said yes. So hopefully Privazer was able to disable it for me. But I can find nowhere to verify this.

    Concerning pagefile, I use Shadow Defender. So if I disable the pagefile while SD is enabled, and my system crashes, all I will need to do is reboot and it will be enabled again.

    I am wondering if Privazer really wipes all of the pagefile as claimed? I would be nice to be able to verify this.
     
  19. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    caspian

    Privazer disables hibernation & wipes pagefile = Yes, AFAIK

    Disabling PF while SD is enabled & PC crashes = reboot and it will be enabled again = Yes
     
  20. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks CloneRanger. I will mention something else while I am thinking about it. Do you remember posting the Recuva test? And then I did some tests with Recuva showing that images can show up on the hard drive even while using Sandboxie with Eraser.

    No one explained why. I just assumed that the hard drive was needed as a reflective surface but now I am wondering if those images were actually on the pagefile. I can't get the same result on my new computer with 8 G's of RAM. My old one only had 2 G's and I got tons of images to show up. I assumed that if images showed up then there would be other sensitive data there too.....like passwords, etc. Anyway, the only way that I could prevent these images from showing on the hard drive was to run a portable browser from a USB stick. And I didn't need Sandboxie either. But of course then some of the personal data would show up on the USB stick instead of the hard drive.

    So then I decided to do another test. I created a Truecrypt folder. I enabled Shadow Defender *before* mounting the TC volume and then I filled it with videos, music, pdf's, text docs etc.... Then I closed the volume and restarted my computer. After restarting, I ran Recuve in the TC volume and searched for all files (deep scan) and nothing showed up. Not a speck of anything. It appears that it is impossible for anything to be saved in a TC volume if SD is enable before mounting it. So here is my thinking. I have portable VirtualBox with windows 7 installed in a TC volume. So my thinking is if nothing can be saved in a TC volume if I enable SD first, then my VM is 100% resistent to malware after reboot. I could be infected while I am using it, but after I restarting my computer, it appears that it is impossible for anything to persist in the VM after reboot. Unless of course it can break out of the VM and infect my real computer. But otherwise it seems that this method word protect against persistent malware 100%. Does my thinking seem right on this?

    Also, if I have the write cache encrypted in SD, and I have my pagefile encrypted using this command, fsutil behavior set EncryptPagingFile 1, and I enable SD before mounting the TC volume that has my portable VM, wouldn't this prevent any personal data from being saved on my real computer? It seems to me that this would be a pretty darn good plan for privacy with very little effort.
     
  21. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
  22. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for the article. I'm even wondering if I need to disable it. I used the command, fsutil behavior set EncryptPagingFile 1, to encrypt it. And a guy in the SHadow Defender forum says that the pagefile is virtualized when SD is enabled. So I am thinking that I am safe. The other thing that I wonder is if I am running my browser from a USB stick using Sandboxie configured with Eraser, would it even be possible for a password to be saved to the pagefile?
     
  23. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Re - Disabling the Pagefile. In over 10 years on both 98SE & XP having it disabled has caused ZERO issues !

    @ caspian

    Everything is virtualized when SD is enabled, apart from drives/partitions/exclusions you haven't included. Rebooting wipes ALL activity = Stop being concerned about traces/leftovers etc !
     
  24. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I personally wouldn't mess around with encrypting or disabling it... and could just see that causing problems later on (if not immediately). I find it sufficient to simply clear it after every shut down via this Local Policy tweak (XP Pro):
     

    Attached Files:

  25. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    689
    Luciddream thanks for this tip. Ive just done it.
     
Loading...
Thread Status:
Not open for further replies.