Slashdot Mirror

← Back to Stories (view on slashdot.org)

WinFS - Who Will Actually Use It?

Posted by Cliff on from the banking-on-a-new-filesystem dept.

Hel Toupee asks: "Tom's Hardware is running an article about the file system to be employed in Windows Longhorn, the to-be-long-overdue successor to Windows XP. According to the information that the authors could get out of Microsoft, WinFS seems to be little more than an indexing and searching service that sits on top of NTFS or FAT. It is also very flexible and extendable, which, for Microsoft, can mean 'slow' and 'exploitable'. For instance: quite a bit of the inner workings of WinFS rely on XML data tags which can allow 'for instance, that developers will additionally be able to automatically display or execute commands linked to items located by a specific search'. This seems to imply that the new generation of spyware only has to change a bit of XML and it can add entries to your context menus, or open webpages when you click on a file, or, since files can be grouped by content in 'virtual folders', spyware could effectively add entries to these folders, or reorganize your entire filesystem on the fly -- all with slight tweak in some XML file! Am I being paranoid? WinFS seems fairly insecure, and I will not be using it if given a choice. What's your take?"

8 of 106 comments (clear)

  1. Bah Apple did it before by Matthias+Wiesmann · · Score: 4, Informative
    Actually, the trick of embedding viruses into the filesystem was done a long time ago (1989) on the Macintosh.

    In the HFS filesystem, a file has two forks, a data fork, that corresponds to the file data in Windows or Unix file-system, and a resource fork, that contained structured data, basically bits of data that had an attached id, name and type.

    Resources were used to store all kinds of stuff. This was very convenient, as you could for instance store the window shape of a text document in the resource fork without affecting the content of the file (data fork). This was also used to store custom icons, text styling without actually affecting the data. You could even use it to embed fonts into word documents.

    The trick is, the OS used resources extensively, an application typically had an empty data fork and lots of resources (icons, pictures, sounds, windows, dialogs), including 68K code segments.

    One Macintosh virus, WDEF, used this mechanism to propagate. What the virus did, was add resource of type WDEF to the database file describing all the icons on the desktop. WDEF resources were window definition code. So when the Finder (file explorer) opened this database file for a given volume, the resource would get loaded and overloaded the default window drawing code, thus enabling the virus to execute and spread.

    1. Re:Bah Apple did it before by Tux2000 · · Score: 4, Informative

      NTFS has "Streams", essentially a more generic case of the HFS. You don't just have two forks, you have a nearly infinite number of forks/streams, with the unnamed stream being the "normal" file. Windows uses this forks for file descriptions and a few other things. But nearly nobody knows this feature. It seems even the virus programmers don't (ab)use it.

      Google found among others this page explaining those streams a little more.

      The most evil thing about streams is that you can only see the default stream using "onboard" tools like "dir" or the Explorer.

      Tux2000

      --
      Denken hilft.
  2. Re:Files are not files anymore by aws4y · · Score: 2, Informative

    Ummm.....
    Have you looked at the 2.4+ Linux Kernels. Or for that matter the BSDs or OSX, the fact is that UNIX and its workalikes are perfectly capeable of handling large disk I/O tasks. Especially with Journaling file systems like JFS or XFS, hell even ext3 does a decent job. This is annother example of Microsoft "innovating" in an attempt to beat a proven solution (EX. putting IIS into the Win2003 kernel) The fact remains that a good journaling filesystem, with a swap partition, more than likely is a much safer solution to the problem you describe than turning every thing on the disk into an XML taged .NET object.

    --
    Did Glenn Beck rape and kill a girl in 1990? gb1990.com
  3. Re:Files are not files anymore by ptaff · · Score: 2, Informative
    I know this might be a shock for you Linux users, but it's time to move on: Files are no longer files as we know them.
    Files are still files; the WinFS is a layer above an existing FS.
    Why? Because using normal files is just too slow. E.g. How do we know which part of a 1gb file should lie in memory, and which should not?
    No matter how you call them, files or Objects or whatever concept you like, if a file is 1GiB big you'll have trouble. You might have a 1KiB metadata file describing it, but when you access the real data, the same issues come back.
    This will of course need a better file-handling tool. It's just like a big database
    No, no, no! files are not stored in a database, metadata is. It's a layer.
  4. Re:Nothing to worry about, folks by the_truk_stop · · Score: 3, Informative
    I haven't had spy/adware in freaking years; of course, it helps that I've switched to a superior browser...

    I haven't had (spy|ad)ware for years either. My solution is a bit more comprehensive than a browser, however. ;)

  5. Re:Am I being paranoid? by iantri · · Score: 2, Informative
    Additionally (forgot to stick this in my other comment), Microsoft does NOT always create correct software.. see This page on the security requirements for Office 97. To be fair, I don't know if they fixed it for Office 2000, but come on.

    Look at this; It needs full read/write access to C:\Temp, C:\Winnt, C:\Winnt\System, (these ones are already wide-open in a default install), C:\Program Files\Office 97, and a bunch others.

    This makes it basically impossible to secure a Windows box..

  6. Re:Asshat supreme by sld126 · · Score: 2, Informative

    Depending on file contents, this metadata can be the author (of a document), the genre (of an audio file), keywords (from a PDF file), and more.

    This sounds exactly like the Desktop Database in Mac OS8/9, with a few extra fields.

    Now, how is this new exactly?

    --
    You're just jealous because the voices only talk to me.
  7. Re:My take ? by Ed+Avis · · Score: 2, Informative

    It's not inherently insecure to allow actions to be associated with shortcuts or add other whizzy things. If the user has write access to the filesystem, why shouldn't the user set up these things for his own files?

    Consider - the window manager I use (icewm) has a menu file saying what programs appear on the start menu. It is possible for a program (including a worm) running as my uid to change that menu so that clicking on 'xterm' runs something else instead. This does not mean icewm is insecure.

    The problem comes from running malware with full user privileges. As long as that happens, the system will be insecure anyway whether or not there are fancy WinFS active content things.

    (However, if WinFS is so stupid as to display active content for files which were created by another user or sent over email, and the design is so stupid as to allow the content full access to the machine, there is certainly a problem. The Acorn RISC OS had a severe security bug of this kind - each application directory (like an appdir on NeXT) had a file !Boot which would be executed merely on _viewing_ the directory listing. Of course this was the ideal vector for viruses.)

    --
    -- Ed Avis ed@membled.com