Richard Rasker wrote:
Op Sun, 31 Dec 2006 17:04:03 +0000, schreef J.C:
Can somebody please fyrther enlighten me about this thread:
Microsoft's Really Hidden Files
This oldie has been dragged out here several times already. IIRC, the
final verdict was that it most probably was a case of the usual stupid
design/implementation decisions by Microsoft, more than malice
The article only mentions hiding files with the +s system flag, but
fails to mention using alternate data streams (a la rootkits).
As a dual booter (on the two machines on my network that have Windows
installed), by far the easiest way for me to audit my Windows drives is
to mount them under Linux using ntfs-3g (which supports alternate data
streams), and examine (and possibly delete or edit where applicable) any
nasties I find. And of course the standard Linux toolset ("find", etc.)
makes this so much easier.
Of course I don't have proper access to the Registry this way, but IIRC
WiNE has a registry editor, and there are various tools that allow
editing "remote" Registries (i.e. importing other USER.DAT and
SYSTEM.DAT files for editing, under Windows), that I could use under
virtualisation such as VMWare or even run them with WiNE.
http://slated.org - Slated, Rated & Blogged
| Gates' Law: Every 18 months, the speed of software halves.
Fedora Core release 5 (Bordeaux) on sky, running kernel 2.6.18-1.2849.fc6
18:46:59 up 43 days, 11:08, 2 users, load average: 0.02, 0.03, 0.00