Misplaced Pages

Fork (file system)

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

This is an old revision of this page, as edited by AlistairMcMillan (talk | contribs) at 20:22, 29 November 2005 (Copyedit). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Revision as of 20:22, 29 November 2005 by AlistairMcMillan (talk | contribs) (Copyedit)(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

In computing, a fork is additional data associated with a file system object. Filesystem forks are traditionally associated with Apple's Hierarchical File System (HFS), however they are also available in Microsoft's NTFS filesystem, where they are known as alternate data streams. Other filesystems such as Novell's Novell Storage Services (NSS) and Netware File System (NWFS), and Veritas Software's Veritas File System (VxFS) also support filesystem forks, some pre-dating Microsoft's implementation.

HFS was designed to use resource forks to store metadata about a file that would be used by the graphical user interface (GUI) of the Apple Macintosh, such as a file icon or an image preview. However the feature was not limited to GUI data, so additional uses were found, such as splitting a word processing document into content and presentation, then storing the presentation information in the resource fork. One particular non-obvious use is that prior to Mac OS X, Postscript Type 1 fonts have traditionally been stored entirely in the resource fork, the data fork being empty.

Starting in 1985, NWFS and its successor NSS were designed from the ground up to use a variety of methods to store a file's metadata. Some metadata resides in Novell Directory Services (NDS), some is stored in the directory structure on the disk, and some is stored in, as Novell terms it, 'multiple data streams' with the file itself. Multiple data streams also allow Macintosh clients to attach to and use Netware servers.

Microsoft's implementation of forks

Support for filesystem forks was added to NTFS, as alternate data streams (ADS), so that servers running Windows NT could host files for Macintosh users. With Windows 2000, Microsoft started using alternate data streams in NTFS to store things such as author or title file attributes and document thumbnail images. With Service Pack 2 for Windows XP, Microsoft introduced the Attachment Execution Service that stores details on the origin of downloaded files in alternate data streams attached to files, in an effort to protect users from downloaded files that may present a risk.

Security experts have warned that alternate data streams on NTFS files pose security risks, because of their relative obscurity and the fact that Windows hides them from the user's view. The concerns also center around the fact that any type of file, including executable files can be stored inside the ADS of any other file or directory. For example, a virus executable can be stored as an ADS attached to a text file. In this example, because Windows by default provides no method of finding alternate data streams (through Windows Explorer or otherwise) it would not be possible to find the executable file unless you already knew of it's existence or used third-party software. Also Windows Explorer and the Windows APIs do not report the file size of the ADS stream, so a 10 byte text file with a 5 MB ADS attached to it, would still be reported as 10 bytes. Currently, very few virus scanners scan the contents of ADS streams, however there are now a number of third-party tools that can remove ADS streams.

Another concern with Microsoft's implementation of alternate data streams is that there is no method for streams to be transferred to another file system. If a file with alternate data streams is copied from an NTFS filesystem to a FAT32 filesystem, the streams will be lost along with any data that they stored.

External links

Category: