A P,
Read up on NT’s support for auditing and audit logs. It’s probably what you
want to start with.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dejan Maksimovic
Sent: Tuesday, January 24, 2006 12:01 PM
To: Windows File Systems Devs Interest List
Subject: SPAM-LOW: Re: [ntfsd] fmon
ROFL! If any OS allows for one to have read/write as an atomic operation
available to programmers, it does not provide a way to track file copy.
A P wrote:
you mean to say that windows doesnt allow any way to log user
operations on files/ network shares etc the proper way, I don’t
believe this. there has to be a way…
–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com Alfa Transparent File
Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32
developers.
Alfa File Monitor - File monitoring library for Win32 developers.
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: xxxxx@stonestreetone.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
Me?
Arlie Davis wrote:
A P,
Read up on NT’s support for auditing and audit logs. It’s probably what you want
to start with.
ROFL! If any OS allows for one to have read/write as an atomic operation
available to programmers, it does not provide a way to track file copy.
–
Kind regards, Dejan M.
http://www.alfasp.com E-mail: xxxxx@alfasp.com
Alfa Transparent File Encryptor - Transparent file encryption services.
Alfa File Protector - File protection and hiding library for Win32 developers.
Alfa File Monitor - File monitoring library for Win32 developers.
It seems you struggle with the inherent properties of layered software
architectures.
“A P” wrote in message news:xxxxx@ntfsd…
you mean to say that windows doesnt allow any way to log user operations on
files/ network shares etc the proper way, I don’t believe this. there has to
be a way…
Then you need to review your product’s design ideas 
You see - if the user can read the file (the OS permits it), then he/she
can copy it. The question is only in proper selection of tool to do this.
You cannot disallow file copy but allow to, say, open the file in Word.
This will be bypassable, the question is only in choosing the correct tool
(WinZip cames to mind first, but there are also bzip2, tar, GNU “cat”, email
attachments later saved to “eml” files and copied, and so on).
This is illusion of security.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “A P”
To: “Windows File Systems Devs Interest List”
Sent: Tuesday, January 24, 2006 4:08 PM
Subject: Re: [ntfsd] fmon
well thanks for the advices, but then how do i solve it. iwanted a fsfd
because the other approach is to hook at a higher level and that is not
recommended by any of you!!!
—
Questions? First check the IFS FAQ at
https://www.osronline.com/article.cfm?id=17
You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Why do so many PHBs (pointy haired bosses - Scott Adams - Dilbert) think
that you can stop copying files? The only possible solution which would
make the computer almost useless is to stop all writes. You can do that
directly or indirectly via shadow disk volume(s) that discard writes when
the user logs off.
“Maxim S. Shatskih” wrote in message
news:xxxxx@ntfsd…
> Then you need to review your product’s design ideas
>
> You see - if the user can read the file (the OS permits it), then
> he/she
> can copy it. The question is only in proper selection of tool to do this.
>
> You cannot disallow file copy but allow to, say, open the file in Word.
> This will be bypassable, the question is only in choosing the correct tool
> (WinZip cames to mind first, but there are also bzip2, tar, GNU “cat”,
> email
> attachments later saved to “eml” files and copied, and so on).
>
> This is illusion of security.
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> ----- Original Message -----
> From: “A P”
> To: “Windows File Systems Devs Interest List”
> Sent: Tuesday, January 24, 2006 4:08 PM
> Subject: Re: [ntfsd] fmon
>
>
> well thanks for the advices, but then how do i solve it. iwanted a fsfd
> because the other approach is to hook at a higher level and that is not
> recommended by any of you!!!
>
> —
> Questions? First check the IFS FAQ at
> https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
Even stop all writes isn’t enough. Once file can be read and displayed, inventive user doesn’t need computer to save data. Mobile phones with cameras are pervasive, paper and pencils, too. There are even people with photographic memory. It is necessary to control reads and trust people who are allowed to read.
It is funny to see as people trying to implement security software don’t understand something as basic. Once an arbitrary application is allowed to read a file, all bets are off.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of David J. Craig[SMTP:xxxxx@yoshimuni.com]
Reply To: Windows File Systems Devs Interest List
Sent: Wednesday, January 25, 2006 6:55 AM
To: Windows File Systems Devs Interest List
Subject: Re:[ntfsd] fmon
Why do so many PHBs (pointy haired bosses - Scott Adams - Dilbert) think
that you can stop copying files? The only possible solution which would
make the computer almost useless is to stop all writes. You can do that
directly or indirectly via shadow disk volume(s) that discard writes when
the user logs off.
“Maxim S. Shatskih” wrote in message
> news:xxxxx@ntfsd…
> > Then you need to review your product’s design ideas
> >
> > You see - if the user can read the file (the OS permits it), then
> > he/she
> > can copy it. The question is only in proper selection of tool to do this.
> >
> > You cannot disallow file copy but allow to, say, open the file in Word.
> > This will be bypassable, the question is only in choosing the correct tool
> > (WinZip cames to mind first, but there are also bzip2, tar, GNU “cat”,
> > email
> > attachments later saved to “eml” files and copied, and so on).
> >
> > This is illusion of security.
> >
> > Maxim Shatskih, Windows DDK MVP
> > StorageCraft Corporation
> > xxxxx@storagecraft.com
> > http://www.storagecraft.com
> >
> > ----- Original Message -----
> > From: “A P”
> > To: “Windows File Systems Devs Interest List”
> > Sent: Tuesday, January 24, 2006 4:08 PM
> > Subject: Re: [ntfsd] fmon
> >
> >
> > well thanks for the advices, but then how do i solve it. iwanted a fsfd
> > because the other approach is to hook at a higher level and that is not
> > recommended by any of you!!!
> >
> > —
> > Questions? First check the IFS FAQ at
> > https://www.osronline.com/article.cfm?id=17
> >
> > You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
>
>
>
> —
> Questions? First check the IFS FAQ at https://www.osronline.com/article.cfm?id=17
>
> You are currently subscribed to ntfsd as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>