Fog Creek Software
Discussion Board

Can a folder be hidden yet allows indirect access?

Is there a program that allows you to hide a folder/drive, yet allows you to access it via a custom program.
In this case, I have a vb application that access's a local db, i want to hide the folder the db is in. So users cannot just go to it directly, yet i need the vb app to be alble to access it. Does my paradoxial question make sense? :)

Tuesday, December 30, 2003

Whether a folder is hidden or not is irrelevant as far as users accessing it goes. All they need to do is to turn off the hide hidden folders check box.

What you are suggesting here is security by obscurity and that is not a good idea.

If you want to restrict access,  then you will have to talk to the system admin, and get him to set the appropriate security settings. As we don't know the OS we can't give you more detailed instructions

Stephen Jones
Tuesday, December 30, 2003

i'm using xp pro, but i was refering to some 3rd party program such as Hide Folders, Folder Guard pro etc etc.
that might do the job, the above mentioned ones do not give you the flexibility I'm looking for.

Tuesday, December 30, 2003

Like Stephen Jones said, your idea is not a good one.  Security through obscurity is just a bad idea.  And why would the OS let an application put special "uber-hidden" files all over the place that users can't access?

You have two real alternatives.  One, do it through security settings (obviously this requires from administrative intervention).  Second, encrypt the contents of the file.  Then the file is there, but users won't be able to see the contents.

John Rose
Tuesday, December 30, 2003

"Is there a program that allows you to hide a folder/drive, yet allows you to access it via a custom program."

Oh, you betcha.  This is what a lot of the Trojan IRC and FTP servers do.  How they do it is another question.

Tuesday, December 30, 2003

If you mount a file as a file system then you can achieve the same results.  Without knowing what you actually want to achieve though its impossible to say very much, or rather its possible to say an awful lot most of which will be useless.

Simon Lucy
Tuesday, December 30, 2003

If you're on a NTFS system, you can use Alternate Data Streams to hide your stuff.

Tuesday, December 30, 2003

No matter how sneakily you find it, it can be found... on the page about alternate datastreams is a link to a program which lets you uncover them.  Granted, the odds of anybody finding the file you tucked away in an alternate data stream is slim, but can you afford it?

If you're a sysadmin or knowledgable end-user, would you trust an application that ferreted away data in ADS's?  Also, alternate datastreams can cause problems.  It's easy to "lose" ADS's when you create compressed files, write files to CDs, etc....

A much better solution would simply be to put the file out in the open and encrypt it, if you're really worried about users viewing/tampering with it.

John Rose
Tuesday, December 30, 2003

Sounds like you're talking about a data file for an application you want to distribute.
My $.02:
1) If it's a common database file (like .mdb) then change it - make it .dlt or something that people will just gloss over.
2) Stick it in the application folder. People should know by now what they get if they mess with application files
3) Encrypt it. This is trivially easy.
4) As part of your startup routine, validate the file - make sure it's there, has the expected structure, etc.
5) Provide a backup method for the user.


Wednesday, December 31, 2003

Most trojan writers on the net depend on NT5 rootkits that  does just this (among other things): hide accessible files and folders from viewer's eyes; so I guess it's perfectly possible for you to figure out how to do this. Although it might invite the wrong kind of attention from the white-hat/AV community if you do something objectionable with this feature.

Li-fan Chen
Saturday, January 3, 2004

*  Recent Topics

*  Fog Creek Home