From the title, I first thought this might be an article from a long, long, time ago. Nah, some vulnerabilities just persist. I left Windows long time ago. Have there been any improvements on preventing or detecting these risks?
In principle, malware could hide in it - and probably does, but I don’t think many people are under the illusion that they can detect malware without specialized tools anyway. The most “practical” use I can think of for it is data exfiltration. I think most of the risks are around bugs rather than malicious use; it’s a somewhat bizarre feature, and not well-known, and as such it should be regarded as technical debt.
Yes, you’re certainly correct that it’s not that rare a thing. As the original article notes, NTFS added it for parity with Apple’s HFS+. That doesn’t really change that it’s obscure and fragile, but certainly Windows shouldn’t bear the blame alone.
From the title, I first thought this might be an article from a long, long, time ago. Nah, some vulnerabilities just persist. I left Windows long time ago. Have there been any improvements on preventing or detecting these risks?
Granted I’m a bit biased, but what’s the risk? I’m missing it.
In principle, malware could hide in it - and probably does, but I don’t think many people are under the illusion that they can detect malware without specialized tools anyway. The most “practical” use I can think of for it is data exfiltration. I think most of the risks are around bugs rather than malicious use; it’s a somewhat bizarre feature, and not well-known, and as such it should be regarded as technical debt.
I see. I’m sure it’s used by Windows though.
It’s a pretty common feature across many filesystems: https://en.wikipedia.org/wiki/Extended_file_attributes#Implementations
Yes, you’re certainly correct that it’s not that rare a thing. As the original article notes, NTFS added it for parity with Apple’s HFS+. That doesn’t really change that it’s obscure and fragile, but certainly Windows shouldn’t bear the blame alone.
You nailed it! Hiding malware and storage channel for exfiltration are main issues.