win2k, XP deletes somename_files when somename.html deleted

[q q <systemcracker () gmail com>]

well, the title says it all really;

create a file named foobar.html
create a folder named foobar_files
copy a bunch of files (of any type) inside foobar_files
delete foobar.html

notice that windows has also deleted foobar_files and everything inside it

the reason is that when you choose to save a webpage from MSIE, as
'webpage, complete', it stores images, scripts, css, etc in
(htmlfilename)_files
when you delete the html file, windows also deletes the associated folder

what I found interesting is that there is no special file attribute,
registry key, ini entry or anything that flags that folder as linked
with the html file. Windows assumes that if there's a folder with the
matching name plus _files, it just goes right ahead and deletes it.

In terms of security/vulnerabilty, I was wondering if the _files part
is stored in the registry (and what other folders are subject to /
could be made subject to this implied linkage) Also, could windows be
made to do this for other file types?

anyone have any thoughts on this?

Even if there's no vuln as such, it's something to be aware of.

tested on win2k SP4 and XP

I think there should at least be an extra/different prompt saying
something like "Do you want to delete blah.html, blah_files, and all
it's contents?"

AFAIK, this only works for .html and .htm files (though it probably
works for .php, asp and other 'web' filetypes)

-- 
Computing tutorials, PHP code, online tools and more at
http://www.puremango.co.uk