The macOS operating system and running applications expect it to be enabled. However, it is technically possible to disable the backing store—that is, those swapfiles on disk—on macOS. The macOS operating system and the applications running on it expect the virtual memory system to work properly. Yes, even if you have 16 GB or more of RAM, it may sometimes fill up—especially if you run demanding professional applications like video, audio, or image editors that need to store a lot of data in memory.
Leave it alone.
There are two reasons why people might want to disable the virtual memory feature and remove the swapfile files from disk. First, you may be concerned about disk space usage. You may want to get rid of these files to free up some space. Try closing demanding programs—or even rebooting—and the swapfile files should shrink and stop using space.
This is true in theory, but in practice, this concern is generally overblown, and left over from the days when SSDs had far less longevity. Modern SSDs should last a good long time, even with features like this enabled. Leave virtual memory be and allow your Mac to work as it was designed to. The Best Tech Newsletter Anywhere. Join , subscribers and get a daily digest of news, comics, trivia, reviews, and more.
This seems like it help close a big part of the security hole without borking the system. It would only be removed at boot and get rebuilt with use. The entire time the machine is powered off, it is still vulnerable as long as you don't let the machine get to the point of running the rc. It would be more wise to wipe it at halt. But that wouldn't stop the fact that it's plain insecure while you're using it. If you disable virtual memory all that happens is your system will run out of memory for processes quicker.
The same thing happens if you leave VM enabled but run out of disk space for swap files Processes that request memory won't get it, and may or may not do something sensible as a result. Since running out of memory tends to be an unusual occurrence, many programs don't deal with it at all well, and may behave erratically or just plain die. Even programs that do deal with it properly may die, since that may be the only sane thing to do in an out-of-memory situation.
This will cause you problems if, for example, one of the system processes like the window manager needs more memory and can't get it--you may well find your login session dies. I really wouldn't do this unless you actually need to test what happens when the system runs out of memory like if you're stress-testing an application you're writing. Turning off swap, as others have suggested, is such an extreme move as to be dangerous.
My own example
The system will eventually die a sudden and perhaps horrible death. Using "srm" instead of "rm" in the rc file makes the most sense, as suggested above. The swap files will be securely deleted. As for physical access and security, this has always been known.
If someone has physical access to a computer, they can gain access. This is why the military developed the Tempest enclosure; it prevents physical access to all but the keyboard and mouse. That is, they prevent someone from being able to intercept the RF signals put out by your system by having really tight sheilding. The reason that this is a problem is that sophisticated snoopers can 'see' what you are doing on your system by analyzing the RF it puts out.
As far as the military is concerned, keeping a handle on physical access is what twitchy 18yr olds with M16s are for: Your system will not die a horrible death.
Disable Swap Files In OS X - bodunyxaketa.tk
I have tested using No vm swap on numerous systems for several weeks now. At worst you may get a beach ball when you try and open many many things at once It depends on how much RAM your machine has. As I said in the above hint this is for people who require more security than the current level of OSX default installation. For those who can not tolerate the fact that their Login and FileVault and Keychain passwords re there for the easy pickings to anyone that can has physical access to there machine or who roots it through a remote exploit!
Cheers, Thomas Hardening Your Macintosh http: Your fantasy of security is slightly off centre.
Disable Swap Files In OS X
If the window server cannot malloc memory, then it will freeze. Once it has froze, you can ssh in and start killing things to free memory, but then you lose unsaved work. If you can't free enough to un-freeze the window server, then its dead. If someone roots your machine through some yet-to-be-discovered remote exploit that you have left on your machine even after a patch is released which would happen within days , then they have access to the kernel and can grab passwords from memory, forget the swap file.
If someone has root, then you're screwed. If your fantasy of keeping passwords off disk makes you feel special, then by all means go for it, it will only prevent you from working efficiently. Recommending that others do it is irresponsible. I have tried the grepping for password trick and it is particularly disturbing that my password showed up a dozen times, since then I have made sure that my login password and the root if you make the mistake to enable root password are different from all my other passwords and have discovered that I am unable to find my password in memory.
I do not know if this is sufficient proof that this "hole" is not as bad as you pretend, but it is does mean that there is almost no way for someone to crack my passwords, assuming that they can somehow get root to see my swap files anyway. Go check out John the Ripper, it might bother you sufficiently to go delete your hard drive to make sure your passwords are safe. JP Pell. Sorry about that. I was under the impression it was for physical access. They have other enclosures that keep people away from switches, connectors, floppy drives, etc.
This is why OpenBSD encrypts its swap. One can hope that Apple will at least offer the option to encrypt swap at some point in the future. About a month ago there was a discussion on macintouch. It is erasing all pass phrases from memory directly after using them which should prevent them from ending up in a swap file. While PGP disk works great and I definately reccomnend it as a better replacement to those using FileVault swap on or not. Using PGP Vault does still not adress all the other security concerns with using vm swap.
How To Disable Virtual Memory In OS X
Keychain login passwords and more are all written to swap plain text. As I said above, this hint is for those people who need a higher level of security and is not for everyone.
- Post navigation.
- how to clean mac keyboard aluminum.
- Why You Shouldn’t Turn Off Virtual Memory on Your Mac.
- Executive summary.
- What Is Virtual Memory?.
- Where Is It Stored?!
I can't comment on FileVault's strength because Apple won't show source code for it. Probably there are errors in the application of encryption in FileVault just like all the others. Proper use of encryption for disks is hard. But encrypting the swap files will surely slow down the perfomance of our memory considerably. I know its a pain, but this is a tricky topic.
Actually, the symmetric cypher used by OpenBSD to encrypt the swap file is faster than the disk access so there is no performance degradation at all except under ridiculous load. While the non-secure erase of swap files may be somewhat of a problem, it's kind of hard to pick out the passwords out of mostly random data in the free blocks of a hard disk without already knowing what they are. As for those nasty administrator users snooping, why did you make them administrators in the first place? My setup: I'm running an oracle server for development.
I do a lot of data munging and, at the moment, image manipulation the job I've got running now will probably finish in 12 hours or so. I'm using MenuMeters beta, version 1. I've noticed that when heavily loaded, even this machine swaps like crazy. Now I've turned off the VM and It's not paging out any more, but it is still paging in endlessly. With the VM turned on page-outs were in the same order of magnitude as page-ins.
Could it be that these stats are counting normal data reads initiated by applications as well as vm reads ie: The memory usage stats are even more confusing: Is it OS-X's file cache? If the OS needs more space, does it just throw this away? Anyway, after this little experiment I'm going to turn the VM back on again, for no other reason than complying with the standard setup. Does anyone have any other ideas to prevent OS-X from swapping?
Thanks for the original tip, and thanks for any other suggestions! Steve [ Reply to This ] encrypted swap Authored by: I would like to disable virtual memory as Firefox keeps running slowly whenever I have loads of windows and tabs open, when I look in Activity Monitor it show it is using upto a about a gigabyte of VM If I then run another browser such as safari whilst still having the same slow running firefox open Safari or alike runs at full speed..