Erasing the XP Swap File

cwiz55

New Member
Does Eraser actually use the wiping method specified by the user (for example, Gutmann) when erasing the XP swap file, or does it just turn on the swap file deletion option built into XP? This is significant from a security point of view.
Thanks.
 
as far as I can see it just enables the deletion of the swap file at shutdown by making a tweak in the registry (changing the relevant registry setting from 0 to 1). I'd like to think it securely wipes the swap file, but my instinct is it doesn't (for such a large file, with the method I have selected for what should be used to wipe it, the shutdown happens too quickly).
 
this is in the Eraser help files:

Windows NT and 2000


Windows NT (and 2000) has a security feature that will overwrite the paging file at shutdown. The overwriting is done by the operating system after all applications are closed so most data will be overwritten. There are small areas that cannot be accessed because they are allocated by the operating system components that are still active. You may enable this feature from the General Preferences window of Eraser.

-------------------------------------------------------------

and elsewhere (in the General Preferences (referred to above) page:

If you are using Windows NT and 2000, you can enable the clearing of the paging (swap) file at shutdown (this change does not take effect until you restart the computer and requires Administrator privileges to set). This is a Windows NT security feature and the overwriting is performed by the operating system, not by Eraser. Clearing the paging file means that after closing all applications and after writing unused data to the disk, Windows overwrites all available space on the paging file with zeros. Since the overwriting is done at shutdown, all possible sensitive data should be overwritten and the small number of areas that are still inaccessible at the moment are used only by the operating system. This option is not available when running on Windows 95, 98 or ME and is disabled if the user does not Administrator privileges on the system.

---------------------------------------------------------------------

Windows NT is the same as XP I think, or behaves the same. So it looks like the swap file is overwritten by Windows and not Eraser.
 
y knoT use a baT file to wipe the swap File using eraser

y knoT use a baT file to wipe the swap File using eraser?
i use xp & do this;
I USE " 2 " PASSES IT CAN BE CHANGED TO PREFERENCE
i booT into true dos mode at booTup & run a baT file containg this;
eraserd -file c:/pagefile.sys -passes 2
 
qxp - Looks like your method wipes the new swap file just created at startup. What's the point of wiping a swap file that has not been used?
Thanks.
 
The SWAP Doesn't need to be erased

When the SWAP file gets deleted a new SWAP file gets created which means it overwrites the old SWAP file. So deleting the old SWAP file could get rid of the old SWAP data.
 
Hyipo,

I'm not sure your concept is correct. Just because a file is deleted, doesn't mean that when a new file of the same name is created, it overwrites the old one. In the case of the swap file, or in later Win versions, paging file (pagefile.sys), the Windows feature for deleting the paging file only makes one pass of writing zeros - or so I've read.

If you physically delete the swap file (like c:\pagefile.sys), then Windows creates a new, empty one at reboot. But, the new one is not necessarily, and most likely will NOT be written on top of the old file (which still exists on the disk because it wasn't securely erased).

Besides that, the new empty paging file has nothing in it to completely overwrite the old one, even if it was placed in the exact spot where the old paging file was - which it probably will not be.

As I understand it, either live w/ Windows' level of security of overwriting the file w/ one pass of zeros, or delete the file and then erase the free space on the drive or partition where the paging file was.

And cwiz55,

No, Eraser doesn't erase the paging file in Win 2000 / XP. It only enables the function that already exists in Windows to overwrite the paging file. But, you can enable that feature w/o Eraser.

For Win XP, see How To Clear the Windows Paging File at Shutdown http://support.microsoft.com/kb/314834/en-us?
 
Back
Top