I recently came across an example of a file-hiding rootkit for Windows that's used for good instead of evil: It's a minifilter that hides (or at least blocks, the files are still visible) access to executables on removable media, with user-configurable options to block autorun.inf and/or all executables, as well as making files on the media non-executable (although you could still map them into memory and then execute them from there if you really wanted to). This is a neat idea, since it stops a pile of exploits that take advantage of the autorun capability. More at http://blog.didierstevens.com/programs/ariad/.
Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
