I am no computer expert, but I think that direct disk access means that some kind of program is trying to access space on the physical disk… So it can read stuff or replace files on the disk for example or create files on the disk… It is comparible with direct memory access. Direct disk access does not have to be dangerous, some program like diskcleaners, diskdefragmenters, word processing program, video/photo editting program need to access the disk directly to read/replace/create stuff on the disk to work properly… If you use some kind of program and CIS does not recognize the program, CIS will produce an alert. I don’ think you should be afraid about your registry is being modified somehow. CIS will alert you with a different alert if that happens
I am a programmer but have never used direct disk access. Word processors and video/photo editing programs would not require it. They would all write to the disk using the windows API. So do most defragmenters. Disk cleaners and anti-malware programs are about the only ones that should require direct disk access.
If it is potentially dangerous and so few programs need it it would be more secure it it was not automatically allowed for all safe programs.
yes it is true, basically when a program needs access to the disk, most programs use windows api or other programs. But accessing the disk directly is mostly used by disk defragmenters, diskcleaners and antimalware programs… But it is hard to judge when a person doesn’t know much about software and hardware… Maybe CIS should include more practical information for novice users…
I have always wondered about this. May be it is not a good practice of programming for some of the programs? I can see the need for disk defragmenters and cleaners but I have my doubts for other applications. What would be the shortcomings of the Windows API…etc…?
Just to indulge my curiosity as a non programmer.(:NRD)
In what situation would you use direct disk access over using the API?
What do you think about the thesis I dropped that other than for disk defragmenters, disk maintenance and anti malware programs using direct disk access is a sloppy was of programming?
The reason I am asking is that direct disk access probably needs elevated rights within the OS. Then this may be a type of programming makes it harder to run these programs as Limited user (which is a more secure mode of course) and being part of a (decreasing?) problem of programs needlessly using admin rights.
I’m no programmer… But I know for a fact that the Windows API includes functions for defragmenting even. JkDefrag for example claims to use nothing but the Windows API. Actually I don’t think I’d trust a defragger that uses direct disc access instead. It may mess things up inadvertently. Same goes for disc cleaners, if they bypass the OS the may touch something they shouldn’t or in a way they shouldn’t. When should a program use direct disc access instead of the Windows API? When it’s for DOS instead of Windows I guess. Just my opinion, as I said I’m no expert.
I think, I may be wrong, that when writing to a NTFS disc via the Windows API, the disc can’t be damaged even if the power comes out suddenly. Otherwise damage may occur, as happened in the past with FAT.
The only circumstances I can think of for needing direct disk access would be detection of rootkits (where the API would lie to you) and probably ChkDsk and disk formatting like utilities. There is an API for defragging.
A program may open a physical disk or volume to flush it. This is not dangerous at all. The weird thing is that with TortoiseSVN installed I got a direct disk access warning every time an Open File Dialog appeared. After a reinstall of Vista I noticed that CIS no longer monitored direct disk access by default. Could it be because users kept on getting meaningless prompts about disk access?
I get lots of messages about direct disk access. Blocking them does not stop the programs working. Even a test program using windows API to write to disk triggers direct disk access but is not blocked if you say block. This is a bug in defence+ I reported some time ago.
I agree but most program do not need direct disk access. My solution it to create a group of dangerous applications (all those that handle files from the internet) and block direct disk access for this group. I get lots of attempt logged (due to the bug I have mentioned) but everything works.