What level of protection do the hidden/non accessible folders have?

[Les]

Hi

Running Vista Ultimate 32bit.

As far as I can see, there exists a number of folders on my computer which I
as administrator do not have permission/ownership of sufficient to open or
view the contents. Indeed, as an example, my Documents and Settings folder
properties doesn't even tell me if there are any contents in this/these
folders.

Question 1: Can this (or other similar folders) be exploited by malicious
software?
Question 2: Do virus scanners have access to these type of
folders/contents?
Question 3: Do other normal malware detection programs have sufficient
access to these folders/files?
Question 4: Why is it thought necessary to hide the contents of these
folders?

I have read elsewhere on these newsgroups, that an administrator has no need
to access these folders! Why? An administrator, by definition, *does have*
the *rights* to full access.

The Administrator word has been corrupted now. It doesn't give the
privileges needed. It has introduced a new higher level of authority, which
I have read described as 'super-administrator' - this whole debacle is
laughable. Why could the authority of administrator not have remained so?

I have also read that MS are trying to combat the situations where normal
users were made administrators just to lessen the support needed if their
authority was less! If this is the case, then MS are barking up the wrong
tree in my opinion as what is to stop those users from being elevated to the
'super-administrator' authority just to lessen the support?

As may be obvious, my knowledge/understanding is very limited. I speak only
as a home user, the only user on my computer, who is annoyed by some of the
new security ideas introduced. I had to redirect an installation to my User
folder so that I didn't get the constant UAC warnings which occurred if I
installed into the Program Files folder. I feel the 'big brother' approach
does not and never will prevent security problems - the security problems
will just become more sophisticated to deal with - I don't really want a set
of folders which may provide nice hiding places for malicious software. The
old fashioned 'look for file xxxxx.by in the zzzzz folder' to see if you
have a malicious software program on your computer no will longer be valid
when these 'no-access' folders exist.

OK, rant over - went slightly off topic, but couldn't help myself. The
initial questions do stand though.
--
regards,
Les Hay, Livingston, Scotland



---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 000736-0, 25/04/2007
Tested on: 25/04/2007 16:27:12
avast! - copyright (c) 1988-2007 ALWIL Software.
http://www.avast.com

 

[Mike Brannigan]

Hi

Running Vista Ultimate 32bit.

As far as I can see, there exists a number of folders on my computer which
I as administrator do not have permission/ownership of sufficient to open
or view the contents. Indeed, as an example, my Documents and Settings
folder properties doesn't even tell me if there are any contents in
this/these folders.

Question 1: Can this (or other similar folders) be exploited by malicious
software?
Question 2: Do virus scanners have access to these type of
folders/contents?
Question 3: Do other normal malware detection programs have sufficient
access to these folders/files?
Question 4: Why is it thought necessary to hide the contents of these
folders?

I have read elsewhere on these newsgroups, that an administrator has no
need to access these folders! Why? An administrator, by definition, *does
have* the *rights* to full access.

The Administrator word has been corrupted now. It doesn't give the
privileges needed. It has introduced a new higher level of authority,
which I have read described as 'super-administrator' - this whole debacle
is laughable. Why could the authority of administrator not have remained
so?

I have also read that MS are trying to combat the situations where normal
users were made administrators just to lessen the support needed if their
authority was less! If this is the case, then MS are barking up the wrong
tree in my opinion as what is to stop those users from being elevated to
the 'super-administrator' authority just to lessen the support?

As may be obvious, my knowledge/understanding is very limited. I speak
only as a home user, the only user on my computer, who is annoyed by some
of the new security ideas introduced. I had to redirect an installation to
my User folder so that I didn't get the constant UAC warnings which
occurred if I installed into the Program Files folder. I feel the 'big
brother' approach does not and never will prevent security problems - the
security problems will just become more sophisticated to deal with - I
don't really want a set of folders which may provide nice hiding places
for malicious software. The old fashioned 'look for file xxxxx.by in the
zzzzz folder' to see if you have a malicious software program on your
computer no will longer be valid when these 'no-access' folders exist.

OK, rant over - went slightly off topic, but couldn't help myself. The
initial questions do stand though.

Les,

A number of the folders you are concerned about are not actually real
folders - but links (reparse points) to provide backward compatibility for
older applications now that the locations of certain folders have been moved
such as Users is the new replacement for Documents and Settings and so on.
They are hidden so you do not need to see them and confuse yourself about
them (as you have done so).
As they are links to the real locations ,AV software, backup software etc
will use them if it is legacy software that is not aware of the new
locations or knows how to make the appropriate calls to find them.

Go into your Documents (C:\Users\<username>\Documents) folder in an
administrative command prompt and run dir /a and you will see the ones
that are real folders and the ones that are other things and what they point
to

 

[Les]

Les,

A number of the folders you are concerned about are not actually real
folders - but links (reparse points) to provide backward compatibility for
older applications now that the locations of certain folders have been
moved such as Users is the new replacement for Documents and Settings and
so on.
They are hidden so you do not need to see them and confuse yourself about
them (as you have done so).
As they are links to the real locations ,AV software, backup software etc
will use them if it is legacy software that is not aware of the new
locations or knows how to make the appropriate calls to find them.

Go into your Documents (C:\Users\<username>\Documents) folder in an
administrative command prompt and run dir /a and you will see the ones
that are real folders and the ones that are other things and what they
point to

Thanks Mike, that has eased my concerns over those folders (links).

However, far from hiding them to avoid confusion, I suspect that many, or
perhaps even most home users who want to at least try to manage their
computer, will see these and become confused if it were not for good
explanations given by people such as you.

--
regards,
Les Hay, Livingston, Scotland



---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 000736-0, 25/04/2007
Tested on: 25/04/2007 19:01:14
avast! - copyright (c) 1988-2007 ALWIL Software.
http://www.avast.com

 

[Mike Brannigan]

Thanks Mike, that has eased my concerns over those folders (links).

However, far from hiding them to avoid confusion, I suspect that many, or
perhaps even most home users who want to at least try to manage their
computer, will see these and become confused if it were not for good
explanations given by people such as you.

Les,

One other quick thing is that the default setting is not to show "hidden
files and folders" so again a regular use will not even see the reparse
points as they are not displayed by default.
Obviously if you go turn on display of OS system and hidden files you will
be exposed to more of the guts of the system and this may raise questions
that would not normally have occurred to the end user.