NTFS, broken by design? (was Re: [Full-disclosure] Is this a Virus?)



On Sat, 31 Dec 2005, Geo. wrote:

Actually not. If you fill an NTFS disk with files that are 1K or smaller it
forces the MFT to suck up the whole disk, small files are stored entirely in
the MFT instead of like larger files which have an MFT entry and a data
segment for storage area. Once that happens it's not possible to shrink the
MFT so the disk becomes useless for storing files larger than 1K even though
it shows as 90% empty and at the same time it allows the system to continue
running and spreading the virus.

I believe that the model for NTFS was DEC's ODS-2, used in VAX/VMS, right?

Did/does ODS-2 exhibit this same feature?  ODS-2 didn't store data of small
files in the file headers, as I recall.

Also, has Microsoft change the implementation of "DIR" or the MFT?  I seem
to recall that appropriate flags to DIR would show you $MFT and $MBR and things
like that, but I can't get that to work on the Windows XP boxes available to me.

Booting Knoppix doesn't show me the MFT either, so, what's the scoop?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/