Manual for HIPS: Access physical disk

Discussion in 'other anti-malware software' started by xtree, Aug 26, 2008.

Thread Status:
Not open for further replies.
  1. xtree

    xtree Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    96
    Hi,

    Hope some of you will help me/us (average Joes) understand the way a system works giving simple and clean explanations about what apps may use/need access to physical disk and for what purposes and what the symptoms of suspicious activity are regarding this subject.
     
    Last edited: Aug 27, 2008
  2. xtree

    xtree Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    96
    IMO there is a need for such a 'virtual hand book' about using HIPS.
    Or am I alone? :oops:
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    U can,t get such a spoon feeding, I am afraid.
     
  4. Henk1956

    Henk1956 Registered Member

    Joined:
    Dec 3, 2007
    Posts:
    55
    Normal apps that want to write/read something on you disk use high level disk access mechanisms (like folder/file) and do not actually want and/or need to know where the information is stored exactly at the physical level (like track/sector).

    Using high level disk access, an app will however not be able to see all information stored on the disk (like deleted files and files hidden by rootkits) nor does it know where a file is actually stored (a file may be stored in successive sectors or in sectors spread all over the disk (fragmented)).

    Knowing this, the apps that need disk access at physical level (track, sector) are not so difficult to imagine:
    - disk maintenance tools, like disk error checking / defragmentation apps and apps that can retrieve deleted files which are not in the recycle bin
    - security apps, like anti-virus and anti-malware apps (for instance to detect hidden files)

    Hope this helps.
     
  5. xtree

    xtree Registered Member

    Joined:
    Dec 4, 2006
    Posts:
    96
    Hi Henk,
    Thank you very much for your spoon feeding. :)
    So if my IE browser wants to have access at physical level is it because I use GesWall Pro and Keyscrambler Premium and actually these security apps want to have access thru IE and the same refers to Linkscanner Pro when asking for the same request?
    If IE wanted to have low level disk access alone would it be suspicious?
    Spywareblaster and my mail client Courier also ask for physical access. SB is a sec app but my mail client?
     
    Last edited: Aug 29, 2008
Loading...
Thread Status:
Not open for further replies.