A ideia é que isto sirva para se protegerem e não para incentivar condutas menos próprias. Trata-se de um artigo da Personal Computer World deste mês que aborda o tema dos Alternate Data Streams (ADS) e dos RootKits que eu decidi partilhar convosco porque considero importante o tema da segurança informática.
Segue-se um pequeno exemplo prático do ADS, contido no artigo acima indicado, para que saibam que (embora quase inacreditável)
Microsoft’s preferred file system, NTFS, allows files of any size to be hidden using a little-known compatibility feature, Alternate Data Streams (ADSs), without leaving any traces. These data streams are also used in Vista.
ADS РFa̤a Voc̻ Mesmo
An ADS can be created very easily, for example using the Windows editor Notepad. Choose Start/Run and enter the command ‘notepad test.txt’. This creates a new text file named test.txt. Enter some text, save the file and close Notepad. Start Explorer
and select test.txt and have a Look at the file size via the context menu – just 17bytes under Windows XP. Next, open a command window and change to the directory where test.txt is located and enter the command dir test.txt which will confirm the 17byte file size that Explorer also reported. Next, choose Start/Run and enter the command notepad test.txt:hidden.txt and enter some text, for example ‘This is a test with hidden content’ and save the file. You must save this new file in the same directory where you saved the original test.txt. Now close Notepad.
The second file you created with Notepad is an ADS containing the new text. Check the test.txt file using both Explorer and the dir command. As before, both show a size of 17bytes. If you open test.txt using Windows Explorer you will only see the original text displayed. There is no sign of the ADS – Windows search will not expose it either.
However, if you use the command prompt and enter notepad test.txt:hidden.txt the content of the ADS is displayed. This proves that Explorer and dir only display the
contents of the main data stream.
Acho que há aà uma tag mal fechada…
MWYkmzxSRts3G oGuMYQEdVBEw srQP9hPiya7MO9