Keeping your system safe

 Top  Previous  Next

We have begun to modify mircryption code to attemp to insure that no key text will be left in system memory after exiting mircryption.  However, due to the inherent insecurity of mirc, someone with total access to your computer could theoretically locate your keys by searching either your entier system memory (before rebooting), or possible the saved system page file even after rebooting.  If a sophisticated cracker gains total control over your computer, there may be little you can do to prevent this.

 

One good precaution is to clean your system swap/page file on reboot.

 

For windows XP, from http://www.nswc.navy.mil/ISSEC/Form/AccredForms/acc_part2_XP_help.html

Wiping the System Page File during clean system shutdown

Virtual Memory support of Windows XP uses a system page file to swap pages from memory of different processes onto disk when they are not being actively used. On a running system, this page file is opened exclusively by the operating system and hence is well-protected. However, systems that are configured to allow booting to other operating systems, may want to ensure that system page file is wiped clean when Windows XP shuts down. This ensures that sensitive information from process memory that may have made into the page file is not available to a snooping user.  Click on Control Panel, Administrative Tools, Local Security Policy. Under Security Settings, Local Policies, Security Options. Choose "Shutdown: Clear virtual memory pagefile".

 

For Windows NT, from http://is-it-true.org/nt/registry/rtips86.shtml

Virtual memory support in Windows NT uses a system page file to swap pages from memory of different processes onto disk when they are not being actively used. On a running system, the page file is opened exclusively by the operating system and is well-protected. To ensure that any sensitive information from process memory is not left on the hard drive and thus not available to a user booting the PC with another operating system, apply the following Windows NT / Windows 2000 / Windows XP registry hack:

Hive: HKEY_LOCAL_MACHINE

Key: SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management

Name: ClearPageFileAtShutdown

Type: REG_DWORD

Value: 1

Note that this protection only works with a clean shutdown. The ClearPageFileAtShutdown is part of the normal shutdown process when this value is set. Valuable for shared PCs or if you have something very valuable needing protection.