Windows File Protection (WFP)

Without delving too far into what would certainly be a mundane history lesson, WFP was originally born of a need to make Windows more stable. Unfortunately, previous versions of Windows allowed applications to be installed that would potentially overwrite critical system files with their own special or modified versions. While this might have been necessary to make one particular application function correctly, it could also wreak havoc on other applications that expected the original version of a file to be present. Ultimately, the second application would appear to misbehave or frequently crash, leading to situation often referred to as “DLL Hell”. If you’ve never experienced this particular anguish, take the time to talk to a PC old-timer and ask about their experiences with Windows 3.1, and wait for the fire that lights up in their eyes over PC problems past.

Windows XP solves the “DLL Hell” issue by strictly monitoring any successful or attempted changes to critical system files, and then replacing them with the “proper” versions as necessary. In this context, the “proper” version is the one digitally signed by Microsoft. Microsoft digitally signs all critical system files as a type of identification, and only a few methods of updating these files are actually supported, as we’ll soon explore. The vast majority of time, you wouldn’t even know if WFP replaced a rogue file with the proper, signed version. XP maintains a cache of most system files from which an original can be obtained quickly and without intervention when necessary. Only when a cached version is not available does WFP prompt you to insert the Windows XP installation CD (or supply the location of your Windows source files) to revert to the original version.

In order to maintain system stability, critical files monitored by WFP can only be replaced by four main methods. These include via the installation of a Service Pack (named update.exe), an official hotfix (hotfix.exe), an operating system upgrade (winnt32.exe), or by using the Windows Update feature. In each of these situations, Microsoft again digitally signs files that are updated for the purpose of maintaining system integrity. Should program developers attempt to use other methods to update system files, WFP will attempt to replace the file with a cached version automatically, or prompt you for the CD.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.