Software

Filesystem fragmentation: Security threat

It may not be immediately apparent, but filesystem fragmentation is more than just a minor annoyance; it can also slightly increase the level of risk to your system and data security.

Filesystem fragmentation is a problem with which many computer users are familiar. Many, however, are not. They don't know that filesystem fragmentation reduces performance so that they have to wait longer for their applications to respond. Gaming in particular can suffer -- probably the most common high performance need for home computer users.

Those who know these basic problems presented by filesystem fragmentation usually know about defragmentation programs, and they sometimes even use them. A lot of people don't use them nearly enough. That can be especially important considering the security implications.

The list of immediate security concerns is short, but considering the relative ease with which defragmentation can (usually) be accomplished, they're important enough to go to the trouble when you need it.

Security problems include three key issues:

  1. disaster recovery: If your system suffers some kind of filesystem corruption, and you need to recover the data, many recovery tools can do so using a file allocation table. If that is corrupt, though, a longer and more difficult process needs to be used -- and if your filesystem was significantly fragmented, that can increase the difficulty of a successful recovery quite a lot, as recovery tools will tend to have a harder time reconstructing complete files. Obviously, you should have good, up-to-date backups, but if the filesystem is corrupted between when critical data arrived and when the next backup was scheduled, this may be a very real problem for your data security.
  2. I/O activity: The more fragmented the data on your drive, the more physical operations a drive has to make to read the data your system needs and write data you wish to save. This can consume more power, generate greater heat, and degrade your system more quickly because of wear on the moving parts. Standard SSDs are limited to a particular number of write operations due to integral design characteristics required to make them maintain state when power is cut, which means that greater fragmentation can reduce operational lifespan as well, though the defragmentation process itself will also reduce the life of an SSD. Such circumstances can threaten data security in the long run due to the growing likelihood of an eventual crash.
  3. performance: You may think that reduced performance is just an annoyance, but it isn't. It also affects the speed, efficiency, and effectiveness of security software such as application layer firewalls and virus scanners. Virus scanners in particular are affected, because they are not only directly affected when the scanner applications and their virus definitions are fragmented, but also because they have to be able to scan the entire filesystem regularly to provide complete protection. Making backups can also suffer.

Of course, a better approach is simply to use a filesystem that doesn't get notably fragmented. Most filesystems in use on modern operating systems today are, in fact, very resistant to fragmentation. Filesystems such as UFS, ext3, and ZFS have pretty much solved the problem of fragmentation entirely. The two most common filesystems that still suffer significant fragmentation are NTFS and FAT32 (which is still used on many external storage devices).

MS Windows, as the primary user of NTFS and FAT32, comes with a defragmentation utility in default installs. Third-party defragmenters can do a better job, and if you run large networks of MS Windows computers that do a lot of I/O, it is probably worth your while to research them for the best combination of price, functionality, reliability, efficiency, and speed for your purposes. Be aware, though, that even the best defragmentation utilities for MS Windows begin to have difficulty performing effectively as your drive starts running out of space.

Modern non-Microsoft operating systems use non-fragmenting filesystems: FreeBSD uses UFS, most Linux distributions use ext3, and OpenSolaris uses ZFS. Other filesystems often used by these OSes and others that do not generally fragment include reiserfs, XFS, and JFS, for example. The only time that any significant fragmentation starts occurring on such filesystems is when the filesystem starts getting too full to be able to efficiently manage data distribution on the storage device (over 98% full, generally). In such rare circumstances, however, complete filesystem defragmentation can be achieved by using tools such as dump and restore to quickly rebuild the filesystem.

One way or another, you should keep your filesystems as free of defragmentation as reasonably possible -- not just for performance, but also for security. The preferred method would of course be to use a filesystem that isn't susceptible to file fragmentation, but failing that, regular defrag operations can help you protect the security of your data and make the process of protecting yourself against malicious security crackers and malware more tolerable.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

29 comments
bruceslog
bruceslog

You seem to be referring to file system integrity and backup / recovery issues more than actual system security / insecurity in this article. Title mislead me, as I'm sure you know.

Justin James
Justin James

One thing I noticed ages ago, is that Windows Vista, out of the box, runs an automatic defrag on a weekly basis. I wish it didn't need to do this, but at the same time, it's nice that the OS automatically does this so that less savvy users don't have to worry about it. J.Ja

vindasel
vindasel

I always defrag regularly (automatic mode) with Diskeeper 2009 on my systems, but I've been doing that mainly from a performance POV. Until now, I had not seriously considered the effect of fragmentation on data recovery, so that information is quite interesting. Multiple backups to different physical media (HDDs + DVD) are done very regularly, so I am also covered in that respect. Looks like I am reasonably safe from losing data permanently :)

apotheon
apotheon

Don't bother feeling too good about your "argument" just because rickk agreed with it. He seems to enjoy disagreeing with me -- often insultingly -- about pretty much [b]everything[/b].

rkuhn040172
rkuhn040172

1) Maybe it's an Indiana thing. I don't think this had much to do with security either. 2) It's pointless to argue with Apotheon. He's always right :) I suppose with his loose argument here, one could tie together just about anything and call it security. Hang nails, old pizza crust, former girlfriends...they're all security risks to him as he is borderline paranoid about security anyways.

Sterling chip Camden
Sterling chip Camden

... of the article was to draw attention to the security threats inherent in a fragmented file system, which may not be obvious. I fail to see how you were misled -- perhaps you misfollowed.

apotheon
apotheon

Isn't it the integrity and privacy of your data? Isn't that what this article is about? Also . . . Did you miss the part about performance of security software like virus scanners?

Neon Samurai
Neon Samurai

Penetration security is only one consideration. Physical security, risk reduction, business continuity through disaster recovery, information integrity through data protection and recovery; these and other considerations are all part of proper layered and holistic security.

sidekick
sidekick

This can be set up as a scheduled job on XP and later OSes too. I keep my 2003 servers defragged this way. Good to know about Vista. If I ever have a Vista machine and it suddenly slows down on me, I'll have one more thing to look for.

Neon Samurai
Neon Samurai

He doesn't get to stand in front of the defrag progress screen feeling satisfied that it's doing something.

Neon Samurai
Neon Samurai

If your going to pay for a defrag utility, Diskeeper is a good one with it's "auto defragment if needed" daily checker. I've since moved to using jkDefrag because it tends to do a better job of optimizing the files and can be started easily from a command line if I choose to set a schedule. It's not limited by license numbers and comes in a portableapp version I can run from flashdrive (though it skips removable media, as it should). I've eaten too many flashdrives with overzealous defrag schedules in the past so I leave it to the flash chip's even ware algorithm.

rkuhn040172
rkuhn040172

But you have failed to convince many on here that framentation is a security issue. Sure, a DR issue, a performance issue, etc but not a security issue. To most people, security means one thing and to you another. And that's fine. But to me and other, you have cast your net too wide.

santeewelding
santeewelding

Because I am on record twice as having analyzed and accepted the argument to be proper. Can't say anything about the narrow Indiana thing, except that you said it.

sidekick
sidekick

Because I just love to poke a hornets' nest...... My first thought when I saw the title was a possible vunerability with fragmented drives. Fine, whatever, I still got some useful information. And I've learned that different people have different views of what falls under security. Nothing wrong with that. Personally, I could see pushing fragmentation into this if it affects recoverability, which in turn affects integrity.

bruceslog
bruceslog

I was mislead by the title of the article because it says 'Filesystem fragmentation; Security Threat'. I read that to mean that someone had discovered an exploit that involved fragmented files somehow. Such was not the case. Much of the article discussed file integrity as it applies to ease of recovery operations, with some discussion of file systems that do not fragment as much as Windows systems, and an unsubstantiated bit about a fragmented filesystem slowing down anitvirus programs enough to pose a security threat. I was mislead because, upon malware intrusion, it doesn't matter if your file system is fragmented or not, you are still owned. And I didn't see anything in that article that provided real proof that your files are inherently less secure when they are fragmented than they are when they are intact. Fragged or defragged, files are equally vulnerable. Easier to recover, yes. But that isn't why the title of the article brought me to read the article. Although the article did state that this was a slight increase in th elevel of risk to a system... I think that slight should have been minuet. To apotheon - [q]Did you miss the part about performance of security software like virus scanners? [/q] answer; No, I did not. And I was mislead because of the antivirus portion of the article. The anti virus program isn't dependent on whether a file system is fragmented or not, the scanner just scans files in whatever order it is coded to scan, often first come, first serve, no matter where the files are on the disk, nor whether they are fragmented or not. An A/V programs efficiency in speed is usually measured in milliseconds these days, And although Antivirus programs fall under the umbrella of 'security software', antivirus programs rarely stop a user from introducing malicious software or scripting to the system, antivirus programs are generally used to clean up after a system is found to be infected. That is damage control more than security as in keeping the system Safe and Secure. Regardless of how you view that, a A/V program will scan every file on the machine, if it is so configured, no matter whether the files are fragmented or not and most do so very quickly, fragmented files or not. I was also mislead because the title of the article had me thinking that maybe a new exploit had been found involving defraggers, or a defraggers methodology, or a system became less secure due to having scattered files. But the article had nothing to do with vulnerabilities or defraggers, nor dod the article convince me that fragmented files posed a unique security threat by way of intrusion... but that having a well and often defragged system improved file INTEGRITY, and helps in recovery of the files involved. But, fragmented files are still just, and only just, as susceptible to invasion as a newly defragmented machine. There was no new inherent threat to a system just because the files get fragmented as they will. I read the article looking for such things because of the title of the article. The author says that a fragmented file system may slow down a virus scanner. Maybe, but nothing that a user could notice. Unless one has Norton A/V ( 2001 till 2008 ). The scanners I am familiar with just rapidly grab and scan files without regard to where the files are on the hard drive. With quad core processors, 4 GB of memory at 1600 MHz DDR3 bus speeds, and 300 Mbs SATA hard drive interfaces, you'd have to measure any performance hits to a antivirus softwares scan speeds on a fragmented filesystem vs a recently defragged system with an atomic clock. My free A/V program grabs and scans files at faster than my applications do for use. Granted, some A/V file scanners do work in a particular order, such as scanning each file in the "my docs" folder and downloads folders first, but they seem to be able to grab those files just as fast whether the files are whole and defragged, or recently used and thus fragmented. If there is any slowdown, it is not noticeable to my human eyes, the whole file still gets scanned, and if it found an infection, it would still be damage control... cleaning up AFTER an infection. Not an increased security issue of intact vs fragmented files. So my take on the article was that regular defragging can help in disaster recovery, some filesystems are better to use because they do not fragment their files systems as much, and fragmented files can slow antivirus scanners and the like. So to me, the article discussed file system integrity and performance more than the security intrusion threat that the title lead me to believe someone had found regarding fragmented files. Wasn't what I expected. Well, The post is getting long now, just dropping in to clarify why the title mislead me. Ok, sorry to bother ya. I just finished replacing the power supply in the extra box that I was testing Win7 on, and now it's time to get back to giving this Win7 beta a workout. Guess I'm working it good, the power supply I just had to replace was only 18 months old, a RaidMax 350 Watt unit that I always cleaned every 6 months ( blew any dust out of and toothbrushed the fan blades ). Seeya's :)

Justin James
Justin James

... in college watching that defrag screen. No lie. J.Ja

PrinceGaz
PrinceGaz

When it comes to flash drives, my advice would be to never use an external defragmentation product on them. Access time on flash-drives with fragmented files is almost irrelevant, and re-arranging the files on a flash-drive to de-fragment them will likely involve at least two and very probably three or more writes to all of the drive. Whilst with a magnetic HD it is true that rewriting the data is a good thing as it restores a strong magnetic recording on the media (even if it involves more disk-head movement) therefore reducing the likelihood of unused data becoming unreadable after several years, with a flash-drive it means additional unneccessary write-cycles which will cause the drive to fail sooner rather than later. Defragmentation is for magnetic HDs. Flash drives, whether USB sticks or internal SSDs should be left to take care of themselves, regardless of the file-system they are formatted with. Forced re-writing of files on flash-drives is unlikely to produce any useful performance gain (seek-time on them is negligible even when fragmented to hell), but will cause them to fail that much sooner.

seanferd
seanferd

I didn't. But I have now.

apotheon
apotheon

I appreciate that well-reasoned response, and will take your perspective under advisement for future writing. Thank you for your input.

apotheon
apotheon

"[i]You publicly post a false and unsubstantiated claim based on all you know about me and my knowledge by reading a few paragraphs ?[/i]" Perhaps you aren't familiar with the meaning of the word "if". You should read the passage you quoted, and to which this statement was a reply. You might notice my use of the word "if" there. Read about it in a dictionary some time, and see how that applies to what I said -- and how it invalidates your assumption that I'm somehow making unsubstantiated claims about what you do and don't know. Then try replying as if you actually understood what I said. "[i]So of course you must be right when you state as a fact that I think antivirus software is the end all and be all of total system security, as you've stated.[/i]" I didn't say anything of the kind. I think you're engaging in the same fallacious style of reasoning here as that to which I initially responded. I pointed out there's more to security than dealing with malware, which you pretty clearly indicated is what you expected an article about security to be about; now, you're pretty clearly indicating that I think antivirus software is all you think security is about (which is not the same thing at all). "[i]I back up user files daily to second internal hard drive.[/i]" You might want to look into external incremental backups as a way to hedge your bets. Daily backup to a second internal hard drive is barely more secure than RAID 1. You mention external backups for your MS Windows boxes, but the way you mentioned internal hard drive backups after talking about Linux-based systems, it seems like you aren't keeping external incremental backups for them. I'm confused by your inclusion of this in your reference to what you do for security, since you previously indicated that you don't believe maintaining the security of the data in your filesystem is actually "security". Please clarify this contradiction in your statements. "[i]But, because you're right, I know nothing about security other than having a antivirus program.[/i]" In point of fact, the problem I pointed out wasn't that you don't know anything about security -- but that you don't consider a lot of stuff related to security as being "security". "[i]You're right because you're always right, aren't you ?[/i]" Actually, the reason I'm right is that I make sure I know the grammatical implications of what I say, and of the statements you make to me to which I've replied. It's possible you mistakenly said something in a manner that implies something you did not intend to imply, and it's obvious you inferred a lot from what I said that was [b]not[/b] implied by my words, but there was nothing wrong with what I said as a response to your actual words. "[i]Yes, Corporates definition of security includes the clean up and recover AFTER security has been breached, when all the security they reluctantly paid for has failed in one way or another and now someone has to CLEAN UP the mess and RECOVER the data. The security still failed, now one is in cleanup and recovery mode. It is still now just cleanup and recovery irl. Falling under the security umbrella in corporate speak, no doubt.[/i]" Restoring data security is, indeed, related to security. I can't even explain what I'm talking about clearly without using the word "security": "restoring data security". Oh, sure, I could refer to restoring data [b]integrity[/b], but that would leave out implications of privacy and access authorization, among other directly security-related matters. There's a lot more to disaster recovery than just restoring from backups, after all, unless you're doing it wrong. "[i]Defragging ones hard drive(s) falls more under file system integrity and general system maintenance.[/i]" Insofar as it affects security, it is a security matter. Thus, the article. "[i]It can have some benefits to security aspects, yes. Never said it couldn't.[/i]" It's nice you want to make my points for me. Thanks. "[i]The author begs us askance of validating his claim that defragmenting the file system is a security measure, and I disagree.[/i]" You just said it can provide security benefits. As such, it is worth considering as a security measure. Period. "[i]how you chose t publicly portray me.[/i]" I think your insult-laden, overtly hostile rant was portrayal enough. "[i]I didn't see keeping a hard drive defragged in so your antivirus can work a little faster.[/i]" Worse AV performance can, as I already pointed out, lead to AV scans being put off or skipped -- among other problems. That's a security matter. "[i]Here's another example... go to a Linux forum, tell them you've been owned. The first thing they WILL NOT ask you is if you defragged your hard drive. Because of you didn't defrag your hard drive then you were not secure.[/i]" Actually, the reason they won't ask that is even simpler: the standard filesystems used with Linux-based OSes don't require regular defragmentation. There are other reasons as well -- such as the fact that regular virus scans are not necessary to protect a regularly updated Linux-based system. There's also the simple fact that, while filesystem fragmentation can contribute to a more security-hostile computing environment, the [b]proximate[/b] cause of a compromise is going to be something else entirely. That doesn't mean there aren't contributing factors aside from the proximate cause itself, such as factors leading to poor performance of security tools, which in turn might lead one to turn them off if one is overly concerned with system resource usage. "[i]You say I know nothing of security[/i]" One more time: That's not what I said. "[i]And the article still mislead me.[/i]" You weren't misled. You assumed meaning to the word "security" that is much narrower than that meaning used by security experts in general. Again, I direct you to filesystem integrity auditing tools such as Tripwire as an example of where your differentiation between "security" and "integrity" is misconceived, by the standards of . . . oh, [b]most[/b] people who know anything substantial about security. "[i]Unless you wanna find me and try to attack me in person, of course It's not hard to find me. I'm closer than you think. Really.[/i]" If I had some evidence you were serious, and not just engaging in childish posturing, I'd rather report you to the police for threatening me. There's a lot of other poppycock you offered on the subject of the statements you imagined I said, and how you felt about them, that doesn't warrant a response. I just thought I'd point out some of the specifics of where you went flying far astray.

santeewelding
santeewelding

Being necessary to security is how I take Apotheon. You look to be so far into it you can't see it.

bruceslog
bruceslog

You said; [quote] There's more to security than malware. Your view is far too narrow. I hope nobody ever hires you on the strength of your security expertise if dealing with malware is the sum total of what you think qualifies as "security". " [/quote] Thank You for returning and letting us all see your sparkling personality. You must be a real pleasure to work with. How on Earth did you infer that opinion from what I'd said ? You are so far off base I wasn't even going to reply to this. But then you started resorting to personal attacks like the one above. You publicly post a false and unsubstantiated claim based on all you know about me and my knowledge by reading a few paragraphs ? Well, ok then, I wouldn't hire you for fear of having to cover your a$$ when you get sued, or somebody shows up at the door to kick your A$$. Since you cannot seem to stick to the discussion at hand, and insist on getting personal, then allow me... If I should stoop to your level, then I'd have to guess that you must be a mule headed republican, based solely upon your on your responses, of course. Not that I know you or anything, but it must be true, because of the way you attacked me for no reason. Right ?. And I, then, in your view, I then should be a terrorist. NO, better yet, an enemy combatant. Far inferior to yourself. Worthless. Lock em up and swallow the key. Yep, you got me pegged alright. So of course you must be right when you state as a fact that I think antivirus software is the end all and be all of total system security, as you've stated. You can safely assume that I do not have 3 Linux systems here at HOME that have root passwords so strong that you'll never be able to guess or force them, ( Now THAT is security ), and you must be right to assume that I don't have or use any secure passwords, [ mine are all upper case, lower case, AND alpha numeric ], or that my wireless router isn't WPA2 encrypted with a password that only God and I know, ( and sometimes I have to ask God for the password, cause I sure as heck can't remember that motha ! ). Oh, that;s right, I know nothing about security, so I wrote that password on a sticky note that is pasted to the router. All my other passwords are taped to my monitors. Yup, Yup. And you must be right to assume that my laptop hard drive isn't fully encrypted, that the 3 home machines that are running Windows here have not only anti virus, and firewalls, but also Spybot and Teatimer, ccleaner, FCheck, and are behind 2 hardware firewalls and are scanned weekly with Spybot, the A/V, AND HiJack this, and ONLY use FireFox and Thunderbird. I back up user files daily to second internal hard drive. I defrag every Windows box weekly. Have since '95 or so. Right after defrag I back up to external hard drives, ( now a days ), and monthly I image my system drive to a separate hard drive, and DVD's that go to my friends house offsite. Except for my PCLinuxOS box, where I just invoke makeimage which creates my system iso that I burn to DVD after I do system updates. I been doing this awhile, and have lost some data, but still have personal data from 1995 that I've managed to keep intact all these years despite my astounding lack of knowledge. All this doesn't make my Windows boxes more secure though. But all I know about security is antivirus, huh ? Heck, I even create limited user accounts on my Vista and Win7 Beta machines right from the start, and those are the only accounts I log into, even though those operating systems are 'designed' to be operated on the default PA account created at 1st boot because that is what most users want. But I prefer the additional security, and besides, I am so used to elevating privileges on my 3 Linux boxes when I need to that I feel exposed if I don't create limited user accounts. ( For those who don't know about Microsoft's PA accounts, PA is Vista and Win7's name for the 'Protected Administrator' account that one creates at first boot, which runs with limited user tokens, until the user does something that requires elevated privileges, which invokes the UAC prompt and secure desktop ). But, of course you knew that, and I didn't, cause all I know about security can be summed up by half a dozen paragraphs and our 2 different definitions of the word security, right ? Hey, here's more ! My whole home is monitored by a popular nationwide outside security company AND 8 cameras that upload to my remote web host. ( 4 cameras inside, 4 outside ). And I advertise that fact. But, because you're right, I know nothing about security other than having a antivirus program. You're right because you're always right, aren't you ? And amazingly, you apparently require very little actual, factual information to make your assessment, don't you ? These things, and Thousands more, are what I know about security. I also know that as secure as I can be, I can still get hit. I can even get hit from afar, like when WalMart's credit card processing company gets hacked and all our CC numbers owned. Or when the VA lost my info in a attack 2 years ago. Security is trying to keep yourself from being hit. Recovery is cleaning up the mess after one is hit. ( Hit includes, of course, EarthQuakes, Floods, Lightning strikes, physical theft, Fire, roof collapse, strike by automobile, aircraft or train, bombs, hardware/software failure, and all the other thousands of things that can get ones data ). All those things that you just said in your post that so obviously I know nothing about, in your expert and rapid assessment. Security is trying to keep all of that from happening. Lock the doors, build on high ground, monitoring openings, security cameras, alarms, firewalls, SECURE passwords on LIMITED USER accounts, even better passwords on Admin accounts that only 2 people can access. That is security. Yes, Corporates definition of security includes the clean up and recover AFTER security has been breached, when all the security they reluctantly paid for has failed in one way or another and now someone has to CLEAN UP the mess and RECOVER the data. The security still failed, now one is in cleanup and recovery mode. It is still now just cleanup and recovery irl. Falling under the security umbrella in corporate speak, no doubt. Because Corporate puts all of that under the umbrella of 'security' for ease of department accountability and ease of blame, they don't want to or need to create a new department dealing with recovery, ( in fact, they usually pay RECOVERY companies to do that for them ), among other reasons. Yet, it is still actually disaster recovery, cleaning up the mess after your SECURITY measures have failed to keep things as they should be. Under corporate speak, recovery and cleanup relates to security. But fragmenting ones hard drives does not fall under the long held definition of security measures that one should be taking to prevent data loss. Defragging ones hard drive(s) falls more under file system integrity and general system maintenance. It can have some benefits to security aspects, yes. Never said it couldn't. But it is still more of a maintenance than security. The author begs us askance of validating his claim that defragmenting the file system is a security measure, and I disagree. I see defragmenting as a maintenance measure, that does make recovery easier, but does not secure a system, regardless of how you chose t publicly portray me. Here, For a definition of security, Click this: http://www.google.com/search?hl=en&defl=en&q=define:security&ei=ubKKSd6YEYTcNPqUiNsP&sa=X&oi=glossary_definition&ct=title To read this, Definitions of security on the Web: * the state of being free from danger or injury; "we support the armed services in the name of national security" * defense against financial failure; financial independence; "his pension gave him security in his old age"; "insurance provided protection against loss of wages due to illness" * freedom from anxiety or fear; "the watch dog gave her a feeling of security" * a formal declaration that documents a fact of relevance to finance and investment; the holder has a right to receive interest or dividends; "he held several valuable securities" * property that your creditor can claim in case you default on your obligation; "bankers are reluctant to lend without good security" * a department responsible for the security of the institution's property and workers; "the head of security was a former policeman" * a guarantee that an obligation will be met * security system: an electrical device that sets off an alarm when someone tries to break in * measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" Do you see your definition of security in there ? I didn't. I saw measures taken as a precaution, As in passwords, locks, firewalls, antivirus. I didn't see keeping a hard drive defragged in so your antivirus can work a little faster. Here's another example... go to a Linux forum, tell them you've been owned. The first thing they WILL NOT ask you is if you defragged your hard drive. Because of you didn't defrag your hard drive then you were not secure. Try it. Those are the defintitions of security that I follow. But, You say I know nothing of security, that no one should hire me for security ? Just How did I deserve that childish remark ? Our definitions of actual 'security' differ, and for that, you tread on me. Well, bite my butt. I'm still right. And the article still mislead me. ( Remember that conversation ? ) Now I'm done with you. Get lost. Unless you wanna find me and try to attack me in person, of course :) It's not hard to find me. I'm closer than you think. Really.

apotheon
apotheon

"[i]I read that to mean that someone had discovered an exploit that involved fragmented files somehow.[/i]" Yep -- it sounds like you misfollowed. Data security and the increased security that can be had from security scanning software that actually completes its scheduled operations is security, too. This isn't the "IT Vulnerabilities and Exploits" Weblog; it's "IT Security". "[i]Much of the article discussed file integrity as it applies to ease of recovery operations[/i]" Effective disaster recovery is part of a good security strategy. If you don't plan for disaster recovery in the event of a security compromise (internal or external, intentional or otherwise), you're doing security wrong. "[i]an unsubstantiated bit about a fragmented filesystem slowing down anitvirus programs enough to pose a security threat.[/i]" Your use of the word "unsubstantiated" doesn't change the fact that the article addressed security concerns. "[i]I was mislead because, upon malware intrusion, it doesn't matter if your file system is fragmented or not, you are still owned.[/i]" There's more to security than malware. Your view is far too narrow. I hope nobody ever hires you on the strength of your security expertise if dealing with malware is the sum total of what you think qualifies as "security". "[i]Fragged or defragged, files are equally vulnerable.[/i]" Vulnerable to . . . what? Your view is too narrow. You have security tunnel vision. "[i]Easier to recover, yes. But that isn't why the title of the article brought me to read the article.[/i]" Your exceedingly limited view of what constitutes "security" is nobody's problem but your own. "[i]An A/V programs efficiency in speed is usually measured in milliseconds these days[/i]" I'm not sure your experience with AV software is to be trusted. "[i]And although Antivirus programs fall under the umbrella of 'security software', antivirus programs rarely stop a user from introducing malicious software or scripting to the system, antivirus programs are generally used to clean up after a system is found to be infected.[/i]" This is true -- which is why they say that an ounce of prevention is worth a pound of cure. In some circumstances, though, you may not have the luxury of employing proper prevention. "[i]That is damage control more than security as in keeping the system Safe and Secure.[/i]" Damage control [b]is[/b] security, to a significant degree. It seems you wouldn't agree that just leaving malware on a system, and ignoring it, because it's too late to prevent it from getting there in the first place, is bad security policy. Do you think a system is just as secure if malware is left on the system as if it is removed? "[i]Regardless of how you view that, a A/V program will scan every file on the machine, if it is so configured, no matter whether the files are fragmented or not and most do so very quickly, fragmented files or not.[/i]" You seem oblivious to secondary effects of poor software performance -- such as inducing people to halt scans or schedule them less often, leading to scheduling conflicts between different types of software that consume system resources, and so on. "[i]I was also mislead because the title of the article had me thinking that maybe a new exploit had been found involving defraggers, or a defraggers methodology, or a system became less secure due to having scattered files.[/i]" Again using Sterling's delightful neologism -- you [b]misfollowed[/b]. You inferred that from the title. The title did not imply it. The responsibility for jumping to conclusions lies with the person who jumped. "[i]nor dod the article convince me that fragmented files posed a unique security threat by way of intrusion[/i]" That's because they don't. You're right about that. What you're wrong about is the notion that this is the only kind of threat to IT security in the world. "[i]There was no new inherent threat to a system just because the files get fragmented as they will.[/i]" Not a [b]new[/b] threat -- but it's a threat nonetheless. It just isn't a direct intrusion threat. "[i]I read the article looking for such things because of the title of the article.[/i]" It's not my fault if your interpretation of common security terms is different from everyone else's. "[i]With quad core processors, 4 GB of memory at 1600 MHz DDR3 bus speeds, and 300 Mbs SATA hard drive interfaces, you'd have to measure any performance hits to a antivirus softwares scan speeds on a fragmented filesystem vs a recently defragged system with an atomic clock.[/i]" 1. Your use of hyperbole is misleading -- especially when consumer grade external hard drives can provide 1.5TB for under $150 now, and people are more likely to turn off virus scanners while doing overnight code compilation or playing computer games. 2. There are other people than you that need security advice -- and many of those other people don't use quad core processors, 4GB DDR3 RAM, and 300 MBps SATA drives. (Did you mean MBps when you said Mbps? That's pretty damned fast. If you meant 300 Mbps, though, I think you're using old drives.) "[i]Wasn't what I expected.[/i]" Your expectations, when they do not match reality, are your own responsibility. They certainly aren't proof anyone defrauded you. You seem really hung up on integrity being something that shouldn't be considered part of security. I think a lot of people would be surprised to discover that filesystem integrity auditing tools such as Tripwire aren't "security" tools. In fact, I think a metric assload of security experts would disagree with you on that pretty intensely.

Neon Samurai
Neon Samurai

I still get sucked into watching the mess slowly clean itself still too. I remember watching to coloured blocks organize themselves with NT and 98's defrag. Then the thin virticle lines organizing themselves with XP's defrag replaced with diskkeeper proper.. these days those thin horizontal lines in jkDefrag's display suck me in. I equate it to the way watching a bonfire can suck you in to watching. :D

Sterling chip Camden
Sterling chip Camden

... it had more animation than Diskkeeper's, even though it was all done with characters.

apotheon
apotheon

"[i]External drives- flash or otherwise don't generally benefit from defragging, because the bottleneck would be the USB interface more than the fragmentation.[/i]" Flash media also has faster access times for fragmented files than standard magnetic media like a hard drive, so fragmentation doesn't impose as much of a performance penalty. Solid state storage devices also tend to be much, much smaller than traditional magnetic hard drives, so fragmentation doesn't result in stuff being scattered nearly as widely across a filesystem. External drives also tend to be written to less often than internal drives, so fragmentation doesn't typically happen as much even in cases where the filesystem is prone to file fragmentation. There are several reasons external solid state storage media devices don't suffer as much performance degradation from file fragmentation as magnetic hard drives do. "[i]However, the file system (NTFS) gets fragmented irrespective of the storage system- SSDs, magnetic HDDs etc and regardless of moving parts.[/i]" Not all solid state drives have the limited write cycle problem. Those that use volatile media don't have built-in write cycle limits -- but they have the problem of requiring a constant power source to avoid losing all the data they contain. Your computer's RAM is basically just an array of volatile media SSDs, after all.

vindasel
vindasel

External drives- flash or otherwise don't generally benefit from defragging, because the bottleneck would be the USB interface more than the fragmentation. Just my guess, not 100% confident about this. When it comes to internal 'flash' drives i.e. SSDs, defragging them with a conventional defragger is a bad idea because it causes unnecessary wear and tear by using up erase+write cycles. However, the file system (NTFS) gets fragmented irrespective of the storage system- SSDs, magnetic HDDs etc and regardless of moving parts. Seems SSDs *do* benefit from free space consolidation and other optimizations that allow the filesystems to write sequentially as much as possible (remember, SSDs have relatively poor random write speeds often resulting in stutter). Apacer drives are going to come with this optimizer built into the firmware I think http://downloads.diskeeper.com/pdf/HyperFast.pdf

Editor's Picks