Results 1 to 5 of 5
  1. #1
    Star Lounger
    Join Date
    Jan 2002
    Location
    Suffolk, England
    Posts
    60
    Thanks
    0
    Thanked 0 Times in 0 Posts

    What's lurking in your NTFS file system

    <P ID="edit" class=small>Edited by WyllyWylly on 28-Apr-02 16:04.</P>A lot of the link attached is over my head, but suffice it to say there seem to be vulnerabilities inherent in NTFS that could do with an airing. <img src=/S/flee.gif border=0 alt=flee width=25 height=25>

    If this is 'Security Bulletin Board Paranoia', it would be good to know.......

    Thoughts?

    http://patriot.net/~carvdawg/docs/dark_side.html

  2. #2
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What's lurking in your NTFS file system

    Alternate data streams in NTFS have indeed been around a long time. Quite frankly, I can't see how they would really pose a security risk as stated in the article you referred to - it's been this long and still no one has made it a vulnerability?

    Here's an excellent reference on the NTFS file system: <A target="_blank" HREF="http://www.win2000mag.com/Articles/Index.cfm?IssueID=27&ArticleID=3455">Inside NTFS: NT's native file system
    -Mark

  3. #3
    Star Lounger
    Join Date
    Jan 2002
    Location
    Suffolk, England
    Posts
    60
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What's lurking in your NTFS file system

    .......just when I thought I'd run out of bedtime reading! <img src=/S/heavy.gif border=0 alt=heavy width=40 height=34> - but seriously, thanks for the links!

    There is one anti-trojan vendor who would have it that writing to ADS is both possible and the ideal way to hide a Trojan - but as to whether it is feasible???

    Hence the post.

    (Can supply the link, but don't want to get into area which seem to lie outside the Lounge without the blessing of a Mod or WMVP)

  4. #4
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What's lurking in your NTFS file system

    <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15> I don't think you need anyone's blessing to bring up valid points for discussion. Certainly it's possible to write malware using NTFS streams, but I just don't think most coders would find it worth their while. A virus writer would probably want to hit as many machines as they could - and this targets only the NTFS file system, which makes for a very small subset of computer users as a whole. Most of the world still uses some variant of Win9x, and there is never a guarantee that even NT users are using NTFS.

    I'd love to see the link! More information is always a good thing.
    -Mark

  5. #5
    Star Lounger
    Join Date
    Jan 2002
    Location
    Suffolk, England
    Posts
    60
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: What's lurking in your NTFS file system

    (Edited by Leif to make link live - see the quick guide)

    Using NTFS myself for all the obvious reasons, its easy to forget about the prevalence of FAT......

    Anyway, the link is (I must learn how to tag these so they work!) http://tds.diamondcs.com.au/. The product which trumpets about ADS called TDS-3.

    By way of background, as you probably know, virus scanners can be very patchy at spotting Trojans as the two are rather different in nature. Given that my SOHO Lan includes a laptop which is on the receiving end of seemingly dozens of joke distribution lists, and the kids' PC - and goodness knows what they might download in ignorance (even tho' they don't have admin privileges), I'm taking security very seriously. <img src=/S/yikes.gif border=0 alt=yikes width=15 height=15>.

    NOD32 virus scanner & firewalling may not be enough.......

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •