Neal Christiansen - Inside File System Filter, part I

Posted By: The Channel 9 Team | Jan 21st, 2005 @ 12:04 PM | 119,438 Views | 35 Comments
File System Filters are kernel-mode non-device drivers that monitor inbound and outbound FileSystem IO.

A prime example of an FSM is anti-virus software (the primary function of an AV app is to monitor IO stream content looking for virus patterns, after all).

Anyway, we were introduced to Neal by Dana Epp (he's working with the filter driver team to build a new security system and helped us during this interview) and we were impressed with Neal.

Why? Well, he's built two operating systems himself. More on that later, but hope you enjoy the first part of this, second part to come Monday.

Here, he takes you on a tour of the depths of Windows. Inside the kernel and the world of so-called kernel-mode drivers.
Tags: Kernel, OS
Media Downloads:
Rating:
3
0
#Jan 21st, 2005 @ 1:55 PM
Sven Groot
Sven Groot
My name has 9 letters. Coincidence? I think not...
Pretty interesting stuff. We need to have more videos like this, digging deep into Windows (or other MS technologies).

It might be a good idea to have a video with someone from the kernel team explaining how the NT kernel works. Not everybody here has read books on that, and I'm sure many people would be interested. Even better, get someone who can really tell us why certain things are designed the way they are, and what the benefits or disadvantages of that design have turned out to be since the conception of NT. This video already does some of that, but it focuses on one area of the kernel. Not that that's really a bad thing, but I just think it'd be a good idea to try and paint the big picture too.
#Jan 21st, 2005 @ 4:58 PM
koorb
koorb

Excellent video!
Some of the videos don't have much useful content, but this is very educational.

Neal mentions the Crash Analysis reports. Is there any chance of Channel 9 finding-out what happens to those automated reports, and why sometimes stuff is uploaded and other times not?

#Jan 21st, 2005 @ 5:00 PM
Charles
Charles
Welcome Change
Sven Groot wrote:
Pretty interesting stuff. We need to have more videos like this, digging deep into Windows (or other MS technologies).

It might be a good idea to have a video with someone from the kernel team explaining how the NT kernel works. Not everybody here has read books on that, and I'm sure many people would be interested. Even better, get someone who can really tell us why certain things are designed the way they are, and what the benefits or disadvantages of that design have turned out to be since the conception of NT. This video already does some of that, but it focuses on one area of the kernel. Not that that's really a bad thing, but I just think it'd be a good idea to try and paint the big picture too.


Funny you should mention this, Sven. Smiley

I am going to introduce a new series on Channel 9 in the relatively near future which I'm calling Deep Windows (but that may change). This video is in fact a precursor and your reply gives me even more incentive to make Deep Windows a reality. Also, I will be starting a more speculative and theoretical "interview" series that will include roundtable discussion among very big thinkers here at Microsoft. 

It's going to be a deep year on Channel 9.

Going deep,

Charles 


EDIT: I'm leaning towards calling the series Going Deep. Yes. That's it.
#Jan 21st, 2005 @ 5:02 PM
Charles
Charles
Welcome Change
koorb wrote:

Excellent video!
Some of the videos don't have much useful content, but this is very educational.

Neal mentions the Crash Analysis reports. Is there any chance of Channel 9 finding-out what happens to those automated reports, and why sometimes stuff is uploaded and other times not?



Glad you liked the video. There are more Neal vids coming soon.

Perhaps we should interview some of the CA people. Wink
#Jan 21st, 2005 @ 5:30 PM
Jarod_24
Jarod_24
Great video, Just one question.

If these Filters can now be unloaded at any time, what prevents someone from writing a virus that will unload the antivirus filter?

#Jan 21st, 2005 @ 7:38 PM
JamesC
JamesC
One big vote for Deep Windows here, as well as the roundtable.  There are things that I don't know to ask but affect me every day - let's hear it!  Keep it up and thanks for the C9 Guy Wink

PS - Will we ever see Bill here?
#Jan 21st, 2005 @ 10:54 PM
Jerrold
Jerrold
Compliments to Neal Christiansen on a well communicated overview of file system filters.
#Jan 22nd, 2005 @ 1:34 AM
Fonze
Fonze
da Fonz...... aaayyyyeeee
I would be extremely interested in seeing some interviews with people who will talk about the inner workings of windows. I'm focusing on OS's as part of my CS major, and the one thing they don't talk enough about are the inner workings of windows, we study mostly linux =/
#Jan 22nd, 2005 @ 5:06 AM
Sven Groot
Sven Groot
My name has 9 letters. Coincidence? I think not...
Jerrold wrote:
Compliments to Neal Christiansen on a well communicated overview of file system filters.

I'd like to second that. I wish my professors were as clear. Wink
Microsoft Communities