windows NTFS file system supports a feature that allows a file to contain multiple inodes, which was originally used to support Macintosh file system, is a bad idea. you can use this feature to create hidden files for other files that will never show up in windows explorer. you can even hide executable files this way and attach them to windows kernels and do very bad things.
an example to show you how:
1. create a file with any name, like example.txt
2. click Start + R, and type in that file name, for example, "notepad C:\example.txt:hidden.exe"
3. a new file that pretends to be the inode of example.txt has been created, and if you try to find that file example.txt:hidden.exe in your explorer, you can't find it. the inode file's size won't even appear in example.txt. so you can put a 1 GB file into example.txt and you won't even notice. in fact, the only way you can notice this hidden file is to move this file from NTFS to FAT
this multiple inode feature is only used to save a file's custom information, such as author and such, but it doesn't block any file from including additional inode files that arn't being used legally.
and for all those people who thinks Windows Vista is better, you better read the 10 page long deprecated features from Windows XP to Windows Vista. Some of those deprecated features are nice for security, but some are stupid.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment