NTFS, broken by design? (was Re: Is this a Virus?)

["Bruce Ediger" <eballen1 () qwest net>]

On Sat, 31 Dec 2005, Geo. wrote:

> Actually not. If you fill an NTFS disk with files that are 1K or smaller it
> forces the MFT to suck up the whole disk, small files are stored entirely in
> the MFT instead of like larger files which have an MFT entry and a data
> segment for storage area. Once that happens it's not possible to shrink the
> MFT so the disk becomes useless for storing files larger than 1K even though
> it shows as 90% empty and at the same time it allows the system to continue
> running and spreading the virus.

I believe that the model for NTFS was DEC's ODS-2, used in VAX/VMS, right?

Did/does ODS-2 exhibit this same feature?  ODS-2 didn't store data of small
files in the file headers, as I recall.

Also, has Microsoft change the implementation of "DIR" or the MFT?  I seem
to recall that appropriate flags to DIR would show you $MFT and $MBR and things
like that, but I can't get that to work on the Windows XP boxes available to me.

Booting Knoppix doesn't show me the MFT either, so, what's the scoop?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/