RES: How to hide a file ?

["Pedro Quintanilha" <PQuintanilha () abril com br>]

I´m curious... The stream associated to the file will follows the
atributes of that file, like encription (EFS) or auto-compression?

If it occurs, the ADS CONTENT cannot be analized too... in other words,
a possible virus cannot be detected on that.



-----Mensagem original-----
De: Altheide, Cory [mailto:CAltheide () broadband att com]
Enviada em: Tuesday, January 08, 2002 3:30 PM
Para: vuln-dev () security-focus com
Assunto: RE: How to hide a file ?


Just a quick note on hiding using data streams...

While the streams themselves are transparent, creating an alternate data
stream does alter the modified date of the "parent" file.

Cory Altheide
Internet Security Coordinator
AT&T Broadband Legal Demands Center

> -----Original Message-----
> From: Jose Nazario [mailto:jose () biocserver BIOC cwru edu]
> Sent: Tuesday, January 08, 2002 10:10 AM
> To: Udi dahan
> Cc: vuln-dev () security-focus com
> Subject: Re: How to hide a file ?
>
>
> On Tue, 8 Jan 2002, Udi dahan wrote:
>
> > I was wondering if there's a way to hide a file under windows 2000
> > server, so that it will not be seen when using "show hidden file",
> > "show all files" and so on. I want to hide a file but I want to be
> > able to run the file only when I know exactly where it is 
> and what is
> > the file name.
>
> use the file streams. h carvey has written some nice documentation on
> this:
> http://patriot.net/~carvdawg/perl.html
> http://www.chi-publishing.com/isb/backissues/ISB_2001/ISB0601/
> ISB0601HC.pdf
>
> an additional discussion is available on:
> http://rr.sans.org/win/ADS.php
>
> enjoy,
>
> ____________________________
> jose nazario                                               
> jose () cwru edu
>                    PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 
> 48 A0 07 80
>                                      PGP key ID 0xFD37F4E5 
> (pgp.mit.edu)