RAM, pagefile.sys, hiberfile.sys Management

[EternalLight]

While I am impressed with CCleaner as a hard drive secure deletion and registry cleanup platform, I'd love to see a few more things added to make CCleaner a truly versatile security tool.

 

At present, I don't believe CCleaner has an option to "clean up" the RAM, or even RAM-related files on the hard drive such as pagefile.sys and hiberfile.sys. It would be far more convenient to have a RAM management utility built into CCleaner rather than having to run a separate application.

 

RAM cleanup has especially become important for security conscious users who employ Full Disk Encryption on their drives in the light of the Princeton Coldboot Attack which utilizes RAM to gain access to encryption keys.

 

I would love to see some feature which could not only selectively modify the pagefile.sys and hiberfile.sys files (which contain data dumped from RAM), but also a method of freeing up actual RAM using a POST-type method used at boot-up to clear data not being used run current programs.

[Fleet Command]

But you already have the features that you requested.

 

First, not only hiberfil.sys itself is encrypted (See this part of Wikipedia), you already have the option of cleaning hiberfil.sys via CCleaner. (EDIT: Sorry, it was a mistake: This feature is not available in the original CCleaner. It must have been added to my CCleaner when I installed an extension for it.)

 

Second, modern encryption-aware hardware (that is, those which allow full-disk encryption) nowadays do wipe the RAM upon boot. In any case CCleaner is unable to clear encryption keys from memory as it is running when this encryption key is already in use! Besides, it cannot implement a POST-time wiping; it's up to hardware vendor not CCleaner. EDIT: The full name of the spec which hardware must comply with is "TCG Platform Reset Attack Mitigation Specification". (See "Use TCG compliant systems" on Wikipedia)

 

Third, not only pagefile.sys itself is encrypted (See this part of Wikipedia), Windows natively gives you the option to erase pagefile.sys upon shutdown. In any case, it is impossible for CCleaner to delete or tamper pagefile.sys when Windows is running.

[EternalLight]

I wasn't aware of hiberfil.sys wiping! That's good to know.

 

As for the rest, I suppose that's fair enough. I was just throwing the idea out there because I would have liked an on-the-fly method of dumping the encryption key - effectively wiping it from RAM and killing access to the hard drive in one fell swoop. But I guess that is a bit out of the scope of this program.

 

Thanks for answering, though

[Fleet Command]

Oh, sorry, I made a mistake: Wiping hiberfil.sys is part of an extension that I installed for CCleaner, not itself. (It's awinsys.ini and a bunch of VBScript.) I downloaded this extension from some part of this forum.

 

But still, the good news is that the other things that I said about hiberfil.sys seems correct. (After all the Wikipedia seems crystal-clear about it.)

[Lar]

I, too, would like CCleaner to (optionally) securely erase XP's pagefile. I am currently using CyberScrub to perform this task, so I know it can be done. It requires a reboot after which the old pagefile is erased.

 

"Windows natively gives you the option to erase pagefile.sys upon shutdown." My understanding, however, is that this function is a delete, not an erase.

 

CCleaner is one of my favorite utilities. I use it multiple times daily. When I leave my computer for the day, I would like it to completely erase all of my tracks, including those left in the pagefile.

 

Although I have already paid for CCleaner, I would happily pay for it again for this feature!

 

Thanks.

[ePost]

What is usually done is that we download and use Sysinternals PageDefrag from Microsoft. This if it's fragmented. PageDefrag can't clean. I think that's what there is freeware-wise in regard to the pagefile. Link: http://technet.microsoft.com/en-us/sysinte...s/bb897426.aspx

[Lar]

Both Sysinternals PageDefrag and clearing the Windows pagefile at shutdown may be useful, but they are not what I am asking Piriform for.

 

I sent Piriform an e-mail and was directed here to make my request known. My request to the programming team is to add a feature to CCleaner. The feature is to securely erase the Windows pagefile. Make it an advanced, optional feature. I understand it would require a reboot. No problem.

 

I am new to making such requests. I hope I am doing so properly. I believe this feature would make an already great product even better.

 

Thanks again.