Windows security: File hiding

Discussion in 'other security issues & news' started by john_j, Jan 10, 2007.

Thread Status:
Not open for further replies.
  1. john_j

    john_j Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    1
    Hi guys!

    New user/IT-noob here. :p

    I was watching this video on window's security
    on file hiding ( http://www.metacafe.com/watch/379519/windows_xp_security_hacking_hiding_files_ads/ )

    Googling around for info on this area, all I could found is results on its threat, otherwise profound explaination
    of its origins. Could anyone explain to me of its origin and purpose in simple? Is this feature necessary in the first place?

    Cheers,
    John
     
  2. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    some of the search terms youd look for are
    rootkit \ rootkits
    ADS (Alternative Data Streams)
    Hidden Files and Folders
    Hidden Extensions

    starting from the last

    Hidden Files and Folders in an OS are generally to keep the curious out of directories where changes have the potential for damage. Hidden file extensions are more an aesthetic decision to avoid too much "clutter" on the part of a system designer.

    both are potentially dangerous decisions
     
    Last edited: Jan 12, 2007
  3. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    http://www.microsoft.com/technet/sysinternals/utilities/RootkitRevealer.mspx

    there are several reasons rootkits have been employed by otherwise legitimate aps
    to allow them to fool other software (daemon tools employed a rootkit to allow it to mount a virtual CD drive inorder to facilitate copying a game or disk) the most famous rootkit was the one SonyBMG placed on its CDs inorder to impose their DRM scheme
     
    Last edited: Jan 12, 2007
  4. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    http://www.windowsecurity.com/articles/Alternate_Data_Streams.html

    http://en.wikipedia.org/wiki/Fork_(filesystem)

    ADS has been a potential concern for over 6 years (which is when I first started using LADS) but was largely unemployed by malware authors till recently. Some applications allowed you to scan ADS for hidden malware (TDS3 for instance) The rise in rootkits in general has been the largest development in the last few years with an ongoing war between creation and detection, but the latest twist has been this new generation of ADS rootkits specifically

    very very nasty
    which is why Im actually making fundamental changes in how I approach security with integrating virtualization to isolate the major attack vectors (browse view email and IM in a sandbox or virtual machine) and running any application from an untrusted source through a zoo first. And finally getting serious about setting up a packet sniffer IDS between me and the net in an attempt to spot subversion.

    for the security neophyte virtualization would be my recommendation and give up on any applications with a shady pedigree or source......period.

    (read: freeware from folks you dont know and trust or that hasnt been widely vetted by others and all applications from P2P sources) That doesnt even address data\media that might be able to be infected via exploits or by disguise. Keep informed, virtualize it where possible, and otherwise isolate it as much as possible.
     
    Last edited: Jan 12, 2007
Loading...
Thread Status:
Not open for further replies.