Manual for HIPS: Access physical disk

Hi,

Hope some of you will help me/us (average Joes) understand the way a system works giving simple and clean explanations about what apps may use/need access to physical disk and for what purposes and what the symptoms of suspicious activity are regarding this subject.

 

IMO there is a need for such a 'virtual hand book' about using HIPS.
Or am I alone?

 

U can,t get such a spoon feeding, I am afraid.

 

Normal apps that want to write/read something on you disk use high level disk access mechanisms (like folder/file) and do not actually want and/or need to know where the information is stored exactly at the physical level (like track/sector).

Using high level disk access, an app will however not be able to see all information stored on the disk (like deleted files and files hidden by rootkits) nor does it know where a file is actually stored (a file may be stored in successive sectors or in sectors spread all over the disk (fragmented)).

Knowing this, the apps that need disk access at physical level (track, sector) are not so difficult to imagine:
- disk maintenance tools, like disk error checking / defragmentation apps and apps that can retrieve deleted files which are not in the recycle bin
- security apps, like anti-virus and anti-malware apps (for instance to detect hidden files)

Hope this helps.

 

Hi Henk,
Thank you very much for your spoon feeding.
So if my IE browser wants to have access at physical level is it because I use GesWall Pro and Keyscrambler Premium and actually these security apps want to have access thru IE and the same refers to Linkscanner Pro when asking for the same request?
If IE wanted to have low level disk access alone would it be suspicious?
Spywareblaster and my mail client Courier also ask for physical access. SB is a sec app but my mail client?