Wiping the pagefile on shutdown

Discussion in 'General Returnil discussions' started by VanguardLH, Dec 2, 2011.

Thread Status:
Not open for further replies.
  1. VanguardLH

    VanguardLH Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    96
    I realize that Returnil is primarily a security product but many users implement it also for privacy. Anything they've done while in virtualized mode gets wiped because all the disk changes are gone (they were in the virtualized disk that's gone after a reboot) - except for the hibernate and pagefile in Windows. Returnil does not virtual writes to those.

    I don't use hibernate since the time to boot up and login is only a little longer than the time to resume from hibernate. In Windows, users can configure it to wipe the pagefile on shutdown. While in virtualized mode in Returnil, will the "wipe pagefile on shutdown" still work?
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    It should as the pagefile is not virtualized but it depends on when the file is scheduled to be wiped; at shutdown or the next startup.

    If the former, then no problem, if the latter then you may run into a situation where the COMMAND to wipe is lost and the process would not happen...
     
  3. VanguardLH

    VanguardLH Registered Member

    Joined:
    Sep 10, 2007
    Posts:
    96
    While there might be some 3rd party utility that does a purge or clean of the file system, including the pagefile, on Windows startup, I don't have anything like that. I was thinking about the configurable option (via registry edit) already included in Windows of having it purge its pagefile on shutdown.

    See http://support.microsoft.com/kb/314834 about getting Windows itself to purge its pagefile on shutdown.
     
  4. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    That is what I am talking about - the scheduling. Regardless of whether it is a hack or a third party program, the key is to make certain the command to perform the wipe is maintained across restarts.

    One possible way of doing this is to make the registry changes you are contemplating while the VM is turned off, and then allow the hack to do what you want - wipe the pagefile when appropriate or when you want it to happen.
     
Thread Status:
Not open for further replies.