General discussion

Locked

detecting access to harddisk

By ytvsoftware ·
I want to write a program that detect any access to harddisk both read and write at real time and able to give permition for/filter.
Technically it can be done by writting own device driver or intercepting the interupts.
Can you provide more detailed information on how to do it. I would prefer just be able to filter the data like a lyer before and after the device driver.

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Smeglor In reply to detecting access to hardd ...

Why not just use NTFS permissions?

Collapse -

by ytvsoftware In reply to

Poster rated this answer.

Collapse -

by ytvsoftware In reply to detecting access to hardd ...

The use is for defending against of any kind of intruders. All other sources can be relatively
easy controled. For an instance the current idea protecting against of viruses is nonsence. It is not needed to create the dictionaries of virus patterns etc. Just control access to harddrives.

Collapse -

by voldar In reply to detecting access to hardd ...

Why don't you set up an audit on the driver? And then, check the audit logs. It's the easier way to do what you want.

Collapse -

by ytvsoftware In reply to

As I explained I need to prevent not discover after that the disaster happened. The main flaw of the security that it is late. Somehow I ask you to pay attension that I put max points for and need exact solution as I described but not a easy way to do nothing.

Collapse -

by voldar In reply to detecting access to hardd ...

Okay man, so what you need is something like a virtual drive accessed by the user, and then, if everything is fine, you perform some kind of syncronization between the virtual and the real drive. For doing that, sorry, I am too limited in experience to provide you an answer. Good luck in your pursuit.

Collapse -

by voldar In reply to

And about filtering data - you can always filter the data flow - if in network - by setting up filters on your NIC (UDP and TCP). I think it's much easier to stop the most commun ports that a virus/trojan uses then filter/monitoring everything.

Collapse -

by voldar In reply to

then = than .. I need typing lessons

Collapse -

by ytvsoftware In reply to

voldar, it is already a discusion and for no values.I think you know well that the idea of filtering of ports is already called firewall etc. and all those methods are not eficient. Idea of virtual drive can be have sense if you know the way of implementation. Actually at kernel it requires
interception of calls to the real driver anyway.
I am looking for the answer for my question not opportunity to lecture anybody at relation to. Please do not take my time.
The question is dificult and only people who have expertize at the area should express at. If it was posible I would rate it higher then 500 points.

Collapse -

by wlbowers In reply to detecting access to hardd ...

Do you have any idea how much stuff accesses the drive and how often.

Some programs don't access directly they call items like svchost.exe.

Wintels has two programs. Filemon and Regmon. The log results is displayed in milliseconds.

Even when the machine is idle. The beat goes on.

I would suggest you obtain a copy and watch what is happening in the background.

It will give you an idea what you are trying to deal with.


Good Luck

Lee

Back to Windows Forum
10 total posts (Page 1 of 1)  

Related Discussions

Related Forums