The Swap File and your privacy.

[null]

Don't know how to explain this. Perhaps it was a system update that I
foolishly downloaded.

It's probably because you haven't chosen to modify your system
files using the patch available here:

http://www.geocities.com/mfd4life_2000/

Nope. They're still both active.

I thought you used a cloned h.d. instead as I do.

Anyway, it seems to me that disabling
PC Health would accomplish the opposite. That is, make it so the
system doesn't protect the autoexec.bat file.

Not if you use a cloned h.d. instead.

BTW, I'll mention again that my FBROWSER program gets rid of the messy
way you use to view large files such as the swap file. It presents
them quickly regardless of their size. However, in the special case of
the swap file, you must view it in pure DOS. And don't forget to load
SMARTDRV.


Art
http://www.epix.net/~artnpeg

 

[John Corliss]

It's probably because you haven't chosen to modify your system
files using the patch available here:

http://www.geocities.com/mfd4life_2000/


I thought you used a cloned h.d. instead as I do.

I do, but still have System Restore and PC Health enabled. Not sure
why you think I should disable those modules.

Not if you use a cloned h.d. instead.

Not sure what you mean by this. Use a cloned h.d. to do what?

BTW, I'll mention again that my FBROWSER program gets rid of the messy
way you use to view large files such as the swap file. It presents
them quickly regardless of their size. However, in the special case of
the swap file, you must view it in pure DOS. And don't forget to load
SMARTDRV.

Art,
I just tried your FBROWSER program, but for the life of me I can't
figure out how to use it to view the swap file. It creates a nice
catelog of my hard drive, but doesn't seem to list any of the files.

 

[null]

I do, but still have System Restore and PC Health enabled. Not sure
why you think I should disable those modules.

Why keep them if you don't need them? Doesn't make sense.

Not sure what you mean by this. Use a cloned h.d. to do what?

To back up your main hard drive That accomplishes the same
objective as System Restore but much more since your entire h.d. can
be restored.

Art,
I just tried your FBROWSER program, but for the life of me I can't
figure out how to use it to view the swap file. It creates a nice
catelog of my hard drive, but doesn't seem to list any of the files.

It lists files in the highlighted folder when you press Enter. You
then select the file to view in the same way. Highlight it and press
Enter.


Art
http://www.epix.net/~artnpeg

 

[John Corliss]

To the best of my knowledge, using such a patch removes the ability to
access the "Safe Mode".

Why keep them if you don't need them? Doesn't make sense.

I use System Restore all the time. It works nicely for testing freeware.

To back up your main hard drive That accomplishes the same
objective as System Restore but much more since your entire h.d. can
be restored.

Right, but I only use the cloned hard drive to restore individual
files. System Restore is faster than restoring an entire hard drive.

It lists files in the highlighted folder when you press Enter. You
then select the file to view in the same way. Highlight it and press
Enter.

AAAAHHH!!! Thanks for the explanation! I'll give it another try.

 

[REMbranded]

peter online <[email protected]> wrote:

Steve H wrote:

[...] "- Swap file wiping. [...] There's some pertinent info here, on
Eraser's FAQ page: http://www.tolvanen.com/eraser/faq.shtml

Off topic but similar question:
Now as I have problems with a newer XP tower I realized that the swap file on
my older pc with windows ME is set to 150 MB - but the C:\_RESTORE (hidden)
file is more than 1,02 GB big! 98 % alone is a big TEMP file. [ME with all
updates, only 160 MB memory, Pentium MMX 200 MHz]

Question: Is it possble to reduce the size or to delete the file, when the
machine runs fantastic for a while?

You can delete the swap file from a "real" DOS prompt. Windows simply
recreates it on the next boot with the new stuff that swaps out. I
think a couple of freeware applications were mentioned earlier that
will assist you to a real DOS prompt.

From a previous post:
=====================================================

There's another one here:

http://www.overclockers.com.au/techstuff/a_dos_me/

=====================================================

It looks like this is the only way to delete this file in ME. You can
adjust the size though, in "Control Panel\System\Performance\Virtual
Memory" (98SE location). It's debatable, but I would think a fixed
size of 160-200 megs would suit you. You need to defrag before doing
this though, as this is a permanent swap file that is unfragmented
upon completion.

You do not need to backup this file. I never used ME long enough to
become familiar with the various settings, but there should be a way
to exclude this file.

For answer thanks in advance & a happy Christmas Season!

Happy holidays!

 

[REMbranded]

Define "small" ?

That is one of the MS mysteries. I don't think that I have ever seen a
definitive answer from MS about this. I feel certain my 256 megs is
fully utilized. I've seen articles that said SE won't boot with
greater than 512 megs, but who knows?

I would expect this information from MS. They have XP to market
though, so secrecy could play into their favor.

I found that I couldn't get '98SE working with more than 765MB RAM.
Though things work okay with that amount.

This is the largest amount I've heard of.

 

[null]

To the best of my knowledge, using such a patch removes the ability to
access the "Safe Mode".


I use System Restore all the time. It works nicely for testing freeware.

So does restoring from the h.d.

Right, but I only use the cloned hard drive to restore individual
files. System Restore is faster than restoring an entire hard drive.

Not necessarily. Restoring is as quick as backup. Takes me no more
than a minute or two depending on how long since the last backup and
how much stuff needs backing up or restoring. Sysem Restore is a
unnecessary burden on your resouces. It's useless, IMO.

AAAAHHH!!! Thanks for the explanation! I'll give it another try.

I'd appreciate feedback on any problems you might encounter. I've
tested the hell out of the proggy on both Win ME and Win 95 OSR2 but I
learned the hard way that experience on a variety of user's systems is
the real test


Art
http://www.epix.net/~artnpeg

 

[null]

To the best of my knowledge, using such a patch removes the ability to
access the "Safe Mode".

I had that problem as well. I got around it by making the "boot
directly into Windows" boot disk as per instructions at the XXCOPY web
site. Using this boot disk, I can press F8 as usual to get into Safe
mode.

I dunno why this problem comes up though. The author claims he checked
out his patch on the latest version of Win ME which is 4.90.3000 which
is what I have. He claims you can get into Safe mode but I couldn't. I
double checked everything and haven't come up with an answer. But I
couldn't care less since there is the method I mentioned above of
getting getting into Safe mode if you ever want to. I find I never
have use for it, fortunately.


Art
http://www.epix.net/~artnpeg

 

[jimpgh2002]

No, they're not "pouring over said files" and uploading *everyone's*
swap files. What does exist, however, is the definite capability of
doing that with any specific individual. If you don't believe that,
then you are being foolishly naieve.
The existance of such programs as EnCase:

http://www.worldnet-news.com/encase.htm

verifies to a certain extent that this is indeed the situation.

You remind me of my friends who laugh at privacy concerns, shop online
with their credit cards, and then complain to me about being ripped
of, having their identity stolen and getting flooded with tons of spam.

If you don't like this discussion, ignore it rather than jumping in
here and pissing people off.

How many people did I piss off, aside from you? Funny, though I'm not
1 of your friends(all 2 of them), I have shopped online many times &
have yet to be ripped off or flooded with spam.

If you're so concerned about your swap file, get enough memory & turn
off swapping, Mr. Paranoid.

 

[Steve H]

A RAMDISK swap file doesn't just make sense as a swap file. Swap files are
made to compensate for too little RAM. Well, if you have enough RAM, you
shouldn't even need a swap file.

Indeed they are - and all would be wonderful if the OS managed the
available memory perfectly..but it doesn't, and most savvy people are
aware of the problem of badly written apps hogging resources.
This is something you have little control over - it's precisely the
sort of thing the OS is supposed to deal with, but sometimes it
doesn't.

I'd agree that there's no point in using a ram swapfile if you're not
running a significant amount if main memory - but after that...?

IIRC, you can choose to make no swap file in Win9X.

You can indeed - but you have to hope it NEVER tries to page its
non-existent swap file.

Regards,

 

[John Corliss]

(snip)
John, there is something you can try;
Open a blank Notepad and save it to the root folder as: win386.bak
Then place the following in a .bat file;

@echooff
deltree /y c:\windows\win386.swp
copy c:\win386.bak c:\windows\win386.swp

Then call the .bat file from the Run key in HKEY_LOCAL_MACHINE using the
following;

String Name: DelSwap
Value: "path_to_your_bat_file" (with the quotes)

Steven,
Sorry, but I see no reason why this would work when I'm unable to
delete the swap file without rebooting into a pure DOS session from a
Startup Disk. Remember, I'm using ME and I'm not willing to modify it
to re-enable the DOS selection in the menu. This is because I'll lose
the ability to start up in Emergency Mode (from what I've read).

 

[Steven Burn]

Steven,
Sorry, but I see no reason why this would work when I'm unable to
delete the swap file without rebooting into a pure DOS session from a
Startup Disk. Remember, I'm using ME and I'm not willing to modify it
to re-enable the DOS selection in the menu. This is because I'll lose
the ability to start up in Emergency Mode (from what I've read).

</snip>

John,
There's no reason why it shouldn't work as you won't have to do it manually
and don't need the DOS selection menu enabled.

Your choice though obviously.

--
Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!

Disclaimer:
I know I'm probably wrong, I just like taking part ;o)

 

[John Corliss]

How many people did I piss off, aside from you? Funny, though I'm not
1 of your friends(all 2 of them),

Now how would you have the SLIGHTEST idea how many friends I have? Get
a grip.

I have shopped online many times &
have yet to be ripped off or flooded with spam.

Good for you. I'm real happy for you.

Others (my friends - and relatives - among them) haven't been so lucky.

If you're so concerned about your swap file, get enough memory & turn
off swapping, Mr. Paranoid.

When was the last time you priced RDRAM? Not only that, but I'd have
to replace all of my existing ram because the slots are full and the
modules have to be identical.

Besides, what's your problem? If you don't like this discussion, as I
suggested, why don't you move on to the next thread?

 

[John Corliss]

So does restoring from the h.d.

I have too large of a hard drive and too much stuff on it for that.

Probably so, but it's not the route I prefer to take. At any rate,
we're drifting off the original topic of this thread.

Not necessarily. Restoring is as quick as backup. Takes me no more
than a minute or two depending on how long since the last backup and
how much stuff needs backing up or restoring. Sysem Restore is a
unnecessary burden on your resouces. It's useless, IMO.

My experience with System Restore has been different from yours,
obviously.

I'd appreciate feedback on any problems you might encounter. I've
tested the hell out of the proggy on both Win ME and Win 95 OSR2 but I
learned the hard way that experience on a variety of user's systems is
the real test

I page downed until I got to the Windows folder and then hit enter. As
you say, this opened a listing of the files in the Windows folder. I
then pagedowned to the bottom (where the swap file was listed) and
discovered that the win386.swp file is somewhere below the uppermost
file in the last page of the folder. Your program won't scroll below
that first file in the bottom most page, so I was unable to access the
swap file.

 

[null]

I page downed until I got to the Windows folder and then hit enter. As
you say, this opened a listing of the files in the Windows folder. I
then pagedowned to the bottom (where the swap file was listed) and
discovered that the win386.swp file is somewhere below the uppermost
file in the last page of the folder. Your program won't scroll below
that first file in the bottom most page, so I was unable to access the
swap file.

Geeez John! Simplty follow the simple instructions on the screen for
moving the highlight up and down! Use the U and D keys if you like or
the Ctrl-PgUp and PgDn keys.

I give up


Art
http://www.epix.net/~artnpeg

 

[Max]

The one thing I noticed about the Knoppix distro was that the
driver for my Sound Blaster Audigy X-Gamer card didn't work. I'm
sure the problem can be fixed somehow, but installing Linux on my
system will first require me to partition my hard drive somehow
hopefully without having to format it (probably I'll use Ranish
http://www.ranish.com/part/, if it supports that feature but I
don't know if it does), and also I'll need to locate drivers for
all my legacy peripherals. I know it's possible, but right now I'm
busy working on kitchen cabinets and with the holiday season.

You might want to start looking into some of the linux hardware NGs.
Someone has probably already walked that sound card isle and might
offer some suggestions. If you can't find an acceptable method to
partition your drive(s), you can find a few on the linux side to do
the job (parted comes to mind).

Surprisingly enough, linux generally works exceptionally well with
older hardware. The way $MS uses the term 'legacy' doesn't apply in
my opinion.

Heh. Wish I could simply dump Windows and migrate, but as you
probably know it's not that simple. I'll need to keep Windows
working during the process somehow.

That's why I mentioned a "dual-boot" setup via (most likely) LILO or
Grub. Going this route will allow you to maintain both OS's. At
boot-up, you can take your pick of wME or linux. Having windows
around as a fall-back will come in handy when first starting out.

Ooops. s/encrypted swap partition/encrypted file-system

Not sure how I would go about doing that. Sounds like a great idea
though.

I should have worded that better. What I was referring to was
'conservativeSwapfileUsage' in system.ini. I don't think it's set by
default. I only bring this up since I had done a new install of wME
(only for the holidays and the relatives youngsters and their
games), and I noticed the swapfile was usually there after shutdown
(right around 75Mb). With nothing more then what wME starts up by
default, 256Mb of ram onboard, that somehow didn't seem right.

As I said, this probably isn't what your problem is, but I've not
been seeing any of what you've been describing. Nothing at all
consistent with win386.swp on my end. Take a quick look in
system.ini under [386Enh] for the above.

Well now, that is indeed interesting. I thought that it was just
normal behavior for the OS.

Unless I misinterpreted what you described, totally consistent
swapfile behavior from one session to the next was something I never
really saw. Could it be you have too little ram and precisely enough
stuff running in the background to cause this kind of paging
activity at start-up?. Even so, still seems odd.

Hopefully, you'll get this sorted out. And do consider the linux
alternative.

Max

 

[H-Man]

Previous post:

Oh, no. open and close after each complete file write. Sorry, I must
have worded that badly.

As to the extra write, this comes from watching BcWipe. For each wipe
the swap file size increases about 5 megs. But this is in Windows
mode. Your utility is in DOS mode, so that isn't necessary.


It looks like a great start! I think I gave bum advise as to character
writing using random seed. This is pretty slow. My swap was 83 megs in
Windows, but when I booted to DOS mode it was 209 megs!

The character approach is fine for 10 meg files, but it didn't work
well on the 209 meg file. It took 35 minutes. How many complete writes
were made?

Perhaps a better approach is to just write words, 0xffff and 0x0000
alternating. For this purpose, I wouldn't think security is much more
than peace of mind. You might allow the user to elect more writes
though.

This will remove the random seed overhead and write 16 bits per write,
rather than 8. Much faster!

I'm not certain what has the swap file locked. It has an archive
attribute. The other GUI wipers can wipe the swap, so it's a matter of
figuring out how to get write access to it to work in 32 bit mode.
Then you could write 32 bits per write, 0xffffffff and 0x00000000 and
it would be really fast.

I'll browse around and see if I can find any info.

You have the makings of a very nice utility going here Harold.

Okay, I've uploaded a fixed version, it's pretty quick. I write about 20K at
a time, and reuse the random 20K over and over again. Not the most secure,
but it should provide a good wipe. It's especially slow on my test machine,
as I'm running W'98 in a virtual machine on XP. This really slows things
down, but it appears still useable on anything that was intended for '98 and
ME. I can add a command line switch if needed to turn wiping on and off if
this is needed. The problem with doing this from within the GUI, and I've
looked at this, is that you can't really know what Windows still needs,
really needs, that might be stashed in the swap file. You can examine system
ram, shut down non-essentials, and make the swap file size 0 bytes, then
wipe and delete it. Recreate it after all that, but you'll still probably
have to reboot to restart essentials. If you try that at bootup you'll need
to suspend the boot, like Powerdefrag does, and do it all then, but I've
tried this before, for login scripts and such, and never got anywhere. I'd
like to be able to do this, but I never could figure it out.
HK

 

[REMbranded]

"H-Man" <[email protected]> wrote:

Okay, I've uploaded a fixed version, it's pretty quick. I write about 20K at
a time, and reuse the random 20K over and over again. Not the most secure,
but it should provide a good wipe. It's especially slow on my test machine,
as I'm running W'98 in a virtual machine on XP. This really slows things
down, but it appears still useable on anything that was intended for '98 and

It wiped an 80 meg swap file in 27 seconds on my machine. That's
pretty darned reasonable.

If you want to make it even faster:

unsigned long int A = 0xffffffff; // max value
unsigned long int B = 0x00000000; // min value

Determine how many times you must write; swap size (in bytes) \ 4
(bytes). Write A that many times, close, open, write B that many
times. The max value is 32 bits that are all 1's and the min value is
32 bits that are all 0's. This is a technique utilized by most other
wiping utilities. It makes it difficult to determine if each bit
overwritten was a 1 or a 0.

ME. I can add a command line switch if needed to turn wiping on and off if
this is needed. The problem with doing this from within the GUI, and I've
looked at this, is that you can't really know what Windows still needs,
really needs, that might be stashed in the swap file. You can examine system
ram, shut down non-essentials, and make the swap file size 0 bytes, then
wipe and delete it. Recreate it after all that, but you'll still probably

It's probably best to leave the swap file intact, as overwrites might
be to different locations on the hard drive if it is removed (set to
0).

have to reboot to restart essentials. If you try that at bootup you'll need
to suspend the boot, like Powerdefrag does, and do it all then, but I've
tried this before, for login scripts and such, and never got anywhere. I'd
like to be able to do this, but I never could figure it out.

ME doesn't have a real DOS mode like 98SE does.

John, you can create a boot floppy for 98 and put this utility on it.

Boot from it and just type "swapkill" at the A: prompt if your swap
is: "C:\Windows\win386.swp". Otherwise, provide the path after the
command. It's pretty nice and will do what you want to do!

It overwrites and then deletes the sucker.

http://207.54.116.99/swapkill/swapkill.zip (32k zip file)

 

[REMbranded]

I just added a batch file - swapkill.bat:

-----------------------------------------------------
C:\temp\swapkill\swapkill
pause // just to see your program
-----------------------------------------------------

I call this from my autoexec.bat:

--------------------------------------------------------------------------------------------------------------------------------------------

@C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
@echo off
path C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\GRISOFT\AVG6;C:\BIN
SET BLASTER=A220 I7 D1 T2
SET SNDSCAPE=C:\WINDOWS
SET SNDSCAPE=C:\WINDOWS
SET PATH=%PATH%;C:\PROGRA~1\NETWOR~1\PGP

call swapkill.bat
--------------------------------------------------------------------------------------------------------------------------------------------

It works like a charm in 98se. It takes the additional few seconds,
but it wipes and deletes at boot perfectly and then Windows boots up
and starts over from scratch with a clean swap file.

The 'call' suspends booting until swapkill.bat executes and returns
control to the autoexec.bat file.

 

[H-Man]

I just added a batch file - swapkill.bat:

-----------------------------------------------------
C:\temp\swapkill\swapkill
pause // just to see your program
-----------------------------------------------------

I call this from my autoexec.bat:

-------------------------------------------------------------------------- ------------------------------------------------------------------

@C:\PROGRA~1\GRISOFT\AVG6\bootup.exe
@echo off
path C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\GRISOFT\AVG6;C:\BIN
SET BLASTER=A220 I7 D1 T2
SET SNDSCAPE=C:\WINDOWS
SET SNDSCAPE=C:\WINDOWS
SET PATH=%PATH%;C:\PROGRA~1\NETWOR~1\PGP

call swapkill.bat
-------------------------------------------------------------------------- ------------------------------------------------------------------

It works like a charm in 98se. It takes the additional few seconds,
but it wipes and deletes at boot perfectly and then Windows boots up
and starts over from scratch with a clean swap file.

The 'call' suspends booting until swapkill.bat executes and returns
control to the autoexec.bat file.

When I was testing it I did the same thing, just put a pause command after
the swapkill command line. I didn't use the call a bat file technique, the
boot was suspended until the pause command was satisfied anyway. As far as
writing 1's and 0's, my thought is that the data written is pretty arbitrary
anyway. The file is then deleted. Id you wanted a DOD wipe for security
reasons, then this would be the way to go, but for the most part, just
putting an overwritten swap file into the deleted background of a hard drive
would make retreival of any meaningful data in said swap file sufficiently
difficult that unless you're a drug dealer or a really juicy target for law
enforcement, you should be okay. To get any real data from this swap file
after Swapkill is done, the hard drive itself would have to be made
available to forensics.

BTW thanks for your encouragement on this, it was fun. If you see anything
you'd like included or changed, I'd love to try to implement new features.
HK