Erase your paging file at shutdown

Bookmark This (opens in new window)

There are risks associated with the use of computer hibernation. One risk is associated with sensitive information that may be present in the system’s paging file (pagefile.sys) such as passwords or the plaintext version of encrypted files. If an intruder is able to steal a computer in hibernation, he or she may be able to access the hard drive, including the entire contents of the paging file and hibernation file.

I should clarify this – even a system that is shut down is at risk: the paging file is still there and may have sensitive data on it.

One effective way to reduce this risk is to erase the paging file when shutting down the computer (note that I said shutting down and not hibernating). You can activate this policy (which also zeros out the hibernation file at shutdown if hibernation is disabled) by following the procedure in this procedure (Windows XP only):

Control Panel > Administrative Tools > Local Security Policy > Local Policies > Security Options > Shutdown: Clear virtual memory pagefile. Set this to Enabled.

1 thought on “Erase your paging file at shutdown

  1. Pingback: Reduce risks associated with computer hibernation « Securitas Operandi™

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.