Kittie_Killer
New Member
- Reaction score
- 0
How secure an OS is depends upon certain features implemented, one feature being object reuse. Simple put, object reuse just means that objects (including disk blocks, memory and other shared resources) are cleared out after use. This prevents leakage of confidential data.
As shipped NT4 (2K/XP also ?) doesn't implement reuse on the virtual memory's pagefile. A couple of publicized attacks rely on the fact that NT's pagefile is left intact when the the system shuts down; it can then be scanned for useful data. To prevent this, add or modify the following registry entry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Control\SessionManager\Memory Management
REG_DWORD
ClearPageFileAtShutdown
Value = 1
This registry entry will force the system to zero out the contents of the pagefile at system shutdown.
note: as with any addition or modification to the registry - backup it up before !
(the above info can be verified in the following M$ Knowledge Base Articles: Q182086 and Q314834)
As shipped NT4 (2K/XP also ?) doesn't implement reuse on the virtual memory's pagefile. A couple of publicized attacks rely on the fact that NT's pagefile is left intact when the the system shuts down; it can then be scanned for useful data. To prevent this, add or modify the following registry entry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Control\SessionManager\Memory Management
REG_DWORD
ClearPageFileAtShutdown
Value = 1
This registry entry will force the system to zero out the contents of the pagefile at system shutdown.
note: as with any addition or modification to the registry - backup it up before !
(the above info can be verified in the following M$ Knowledge Base Articles: Q182086 and Q314834)
