Updating Drivers and System Files

Along the same lines, you should also be aware that Windows 2000 protects system files by not allowing them to be overwritten (sort of – keep reading). One of the things that has made previous Microsoft operating systems less reliable was the fact that any application could potentially overwrite a system file with a ‘newer’ version (the one that worked with the vendor’s product), which could compromise system stability. Windows 2000 protects system files via WFP, or Windows File Protection. WFP works in the background, scanning system files for changes. If an application overwrites a system file, WFP replaces the file with the original ‘official’ digitally signed version. It does this by checking the dllcache directory for a cached copy of the file, or the source files, if they can be found. If the original is found, the OS replaces it transparently. If it cannot be found, the user is prompted to provide the CD (or source file location). Only if the user chooses not to provide a location will the newer version of this file be used. As such, you could say that WFP is passive protection, since it can be potentially circumvented. The good news is that if WFP does replace (or try to replace) a protected system file, an event is written to the System log. A command-line utility called the System File Checker, Sfc.exe, can be used to scan the system for unofficial or unsigned system files, and provide an appropriate course of action (just identify, replace, etc).

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.