Geeks in Phoenix

Geek Blog


How to safely optimize your solid state drive

When it comes to getting the best performance out of your computer, nothing can beat a Solid State Drive (SSD). Right out-of-the-box they are extremely faster reading / writing data than a Hard Disk Drive (HDD). But there are a few things that you have to do differently with an SSD. Here's how to safely optimize your solid state drive.

The definition of tweak

There are plenty of articles out there that will give you a ton of different tweaks you can use to speed up the SSD access time. From turning off disk indexing to disabling Prefetch and Superfetch. Some may work for you, some may not. Generally speaking, if you're running Windows 7 or higher, the operating system should recognized the SSD and modify its behavior accordingly. The following tweaks are completely safe and will not harm your system in any way.

General SSD maintenance

SSD's operate differently from HDD's and there are a couple of things you should never do to an SSD. Since SSD's have limited read / write cycles, any program that intensively accesses the SSD could shorten the life span of the drive. Running a disk defragment program on an SSD is definitely not recommended. And as far as Check Disk (CHKDSK) is concerned, you'll need to contact the manufacturer of your SSD to find out if they recommend it or not.

Microsoft started building in support for SSD's in Windows 7 / Windows Server 2008 R2 and has expanded on it in Windows 8 / 8.1 & Windows Server 2012. Since low-level operation of SSD's is different from HDD's, the Trim command was introduced to handle deletes / format requests. To verify that Trim is on, you'll need to open an Administrative Command Prompt.

How to open a Command Prompt with Administrator privileges in Windows 7
How to open a Command Prompt with Administrator privileges in Windows 8
How to open a Command Prompt with Administrator privileges in Windows 10

You can verify that Trim is enabled by typing the following into an Administrative Command Prompt:

fsutil behavior query DisableDeleteNotify

If the command returns a 0 then Trim is enabled. If it returns a 1, then it is not. To enable Trim, just type the following into the Admin Command Prompt:

fsutil behavior set DisableDeleteNotify 0

SSD free space maintenance

SSD's do have one down side; their capacity is smaller than HDD's, so maintaining an adequate amount of free space is necessary. Now there are two scenarios for setting up computers with SSD's: Single-drive (SSD only) and Multiple drives (SSD + HDD). Laptops are usually single-drive and desktops are almost always multiple-drive. Here's a few ways to maintain free space.

Single-drive (SSD only)

The options here are limited. To free up space you could store your personal files like documents, photos and music to an external drive or to the cloud. Here are a few more ideas.

Turn off Hibernation.
With the speed of an SSD, boot times will be quite faster than with an HDD. You'll find that you can boot your computer just as fast as if you brought it out of hibernation. And since hibernation writes the system memory to disk, you'll free up the same amount of disk space that is equal to the total system memory. And if you have a lot of memory, this can free up a big chunk of space on your SSD.

Disable Windows hibernation and free up disk space

Turn off the virtual memory / pagefile.
Use this with caution! Technically, virtual memory is used when all of the system memory is full. If you have a large amount of system memory (16GB or more) and you don't run memory hog software like Photoshop, you should be alright disabling it. And you'll free up a few GB's of drive space in the process.

Managing Virtual Memory / Pagefile in Windows 7
Managing Virtual Memory / Pagefile in Windows 8
Managing Virtual Memory / Pagefile in Windows 10

Clean up drive on a regular basis.
Temporary files and browser caches are a few items you'll need to keep an eye on. Using a program like Piriform's CCleaner or Disk Cleanup that comes with Windows will take care of these files. Disk Cleanup can also be run as a scheduled task too.

Free up more disk space with Windows 7 Disk Cleanup
Clean up your hard drive in Windows 8 with Disk Cleanup
Clean up Windows 10 with Disk Cleanup
Clean up and optimize your computer for free with CCleaner

Multiple-drive (SSD + HDD)

This is the optimal setup. Everything under single-drive scenario applies here. Windows and program files need to be on the SSD. Almost anything else that Windows doesn't require for normal operation can go over to the HDD.

Move the virtual memory / pagefile.
Instead of turning it off, just move it to the HDD (see link above).

Move personal files to HDD.
Your documents, photos and music can take up a large amount of space on your drive. Get them off of the SSD and over to the HDD.

Modifying the default locations of user files and library properties in Windows 7
Modifying the default locations of user files and library properties in Windows 8
Modifying the default locations of user files and library properties in Windows 10

There are plenty of other tweaks you can do, like moving location of your browser cache and temp folders to the HDD. You can find all of that information and more with a quick search on Google.

Harden / Mitigate the security of your Windows programs with Microsoft EMET

*** Revised 19, February 2016 ***
This article has been revised for EMET v5.5

Enhanced Mitigation Experience Toolkit 5.5

Let's face it, some of the software we use on a daily basis has become subject to security vulnerabilities and exploits. Software manufacturers do their best to develop and test fixes / patches as fast as possible, but this can take time. A lot of users just cannot keep up with all of the updates and hotfixes. A few years ago Microsoft released the Enhanced Mitigation Experience Toolkit (EMET) to deal with just this issue.

View of the main screen inside EMET 5.5
View of the main screen inside EMET 5.5

So what is EMET? EMET monitors selected programs (Internet Explorer, Microsoft Office, etc.) for known attack actions and techniques. When one of the several pseudo mitigation technologies is triggered, EMET will either block the programs' access to the resouce it is trying to reach or just terminate it. EMET expands on the technologies that Microsoft implemented with Data Execution Prevention (DEP), which has been included in the Windows operating system since Windows XP SP2. It will also validate digitally signed SSL certificates inside of Internet Explorer.

View of the application configuration screen inside EMET 5.5
View of the application configuration screen inside EMET 5.5

So how does EMET work? EMET acts as a shim between the program being monitored and the operating system. The monitored program thinks it's talking directly to the operating system, but it's actually talking to it through EMET. EMET comes with predefined profiles for some of the more common programs like Microsoft Office, Internet Explorer, Adobe Acrobat and Java. You can also add to the predefined profiles or create your own. I recommend that you monitor any program that can open files on or from the Internet.

What security exploits are currently covered

Here's is the current list of mitigations EMET 5.5 currently looks for.

  • Attack Surface Reduction (ASR) Mitigation
  • Export Address Table Filtering (EAF+) Security Mitigation
  • Data Execution Prevention (DEP) Security Mitigation
  • Structured Execution Handling Overwrite Protection (SEHOP) Security Mitigation
  • NullPage Security Mitigation
  • Heapspray Allocation Security Mitigation
  • Export Address Table Filtering (EAF) Security Mitigation
  • Mandatory Address Space Layout Randomization (ASLR) Security Mitigation
  • Load Library Check - Return Oriented Programming (ROP) Security Mitigation
  • Memory Protection Check - Return Oriented Programming (ROP) Security Mitigation
  • Caller Checks - Return Oriented Programming (ROP) Security Mitigation
  • Simulate Execution Flow - Return Oriented Programming (ROP) Security Mitigation
  • Stack Pivot - Return Oriented Programming (ROP) Security Mitigation
  • Windows 10 untrusted fonts

What programs should you harden / mitigate

You only want to harden / mitigate certain programs that are targeted on a regular basis. Web browsers like Chrome, Firefox and Internet Explorer, production / office programs like Microsoft Word, Excel and PowerPoint, e-mail clients like Outlook and Windows Live Mail are some of the few. I recommend that you harden any program that can open files on or from the Internet.

What programs should you not harden / mitigate

You should never configure EMET to monitor anti-virus, anti-malware, intrusion prevention / detection software, debuggers, software that handles Digital Rights Management (DRM) technologies or software that uses anti-debugging, obfuscation, or hooking technologies.

Installation notes

New installation: Just download EMET and install

Upgrade install: Since the registry keys for EMET changed with this version, you can either export your existing EMET settings using the method in the 'What's new' section below, download the converter or reconfigure all of the program settings. With the drastic change with the EMET data format inside of the registry, I think that it would be just easier to reconfigure EMET then try the export / import method. Either way, remember to uninstall any older version of EMET and restart your computer before you install this version.

What's new in EMET 5.5?

  • Full-featured GPO management, compatible with reporting and compliance requirements
  • Command line: new syntax and options
  • Implementation of certificate pinning now based on root CA thumbprints. Exceptions logic removed.
  • Export and Import now memorize path
  • EMET registry has been refactored. To convert settings from previous versions of EMET (including EMET 5.5 Beta), registry values must be saved in a file then imported back with the use of the converter PowerShell script after EMET 5.5 is installed. Here are the steps to follow:
  1. Export settings. With elevated PowerShell, run the following command:
    .\Migrate-EmetSettings.ps1 -RegFile .\NewEmetSettings.reg -MissingCertCsv .\MissingCerts.csv PowerShell script Migrate-EmetSettings.ps1 is provided with EMET 5.5 RTM. It includes documentation about its usage.
  2. Uninstall former version of EMET.
  3. Install EMET 5.5 RTM. When asked to choose between Use recommended settings and Configure manually later, chose option Configure manually later.
  4. Import settings. With elevated PowerShell, run the following command:
    reg.exe import .\NewEmetSettings.reg

Supported Operating Systems

Windows 10 , Windows 7, Windows 8.1, Windows Server 2008, Windows Server 2012, Windows Server 2012 R2, Windows Vista

  • EMET 5.5 requires .NET Framework 4.5.
  • For Internet Explorer 10 on Windows 8 you need to install KB2790907 - a mandatory Application Compatibility update that has been released on March 12th, 2013 or any other Application Compatibility updates for Windows 8 after that

For more information on EMET, just follow the links below.

Enhanced Mitigation Experience Toolkit
Download Enhanced Mitigation Experience Toolkit (EMET) 5.5
Download Enhanced Mitigation Experience Toolkit (EMET) 5.5 User Guide
Download Enhanced Mitigation Experience Toolkit (EMET) 5.5 converter

Customer service is #1

Here at Geeks in Phoenix, we take pride in providing excellent customer service. From computer repair, virus removal, and data recovery, we aim to give the highest quality of service.

Bring your computer to us and save

We base our in-shop computer repair service  on the time we work on your computer, not the time it takes your computer to work!

Contact us

Geeks in Phoenix
Professional service at an affordable price!
4722 East Monte Vista Road
Phoenix, Arizona 85008
(602) 795-1111

Like Geeks in Phoenix on Facebook

Follow Geeks in Phoenix on Twitter

Watch Geeks in Phoenix on YouTube

Geeks in Phoenix is an IT consulting company that specializes in servicing all brands of desktop and laptop computers. Since 2008, our expert and knowledgeable technicians have been providing excellent computer repair, virus removal, data recovery, photo manipulation, and website support to the greater Phoenix metro area.

We here at Geeks in Phoenix have the most outstanding computer consultants that provide the highest exceptional service in Phoenix, Paradise Valley, Scottsdale, and Tempe, Arizona. We offer in-shop, on-site, and remote (with stable Internet connection) computer support and services.

Copyright © 2020 Geeks in Phoenix LLC