Two ways to ensure the stability of Windows 7 file system

The system files in the Microsoft operating system are not only the necessary files for the operating system installation, but also some drivers. Microsoft operating systems support hardware much more strongly than open source operating systems such as Linux.

As we all know, Microsoft operating system files are often the object of concern for programs such as Trojans and viruses. Sometimes users will not break system files inadvertently. System instability is mostly caused by damage to system files. The stability of this system file has been improved in Windows 7.

Before talking about this topic, the system administrator needs to understand that the system files in the Microsoft operating system are not only the necessary files for the operating system installation, but also some drivers. Microsoft operating systems support hardware more strongly than open source operating systems such as Linux. In the Windows 7 operating system, an attack can detect most of the hardware and automatically find and install the appropriate drivers during the installation process. This is mainly because Microsoft will test the current mainstream hardware devices before a new version of the operating system comes out. If the test passes, the driver for this hardware will be added to the operating system. Therefore, after installing the Windows 7 system, you can identify most of the hardware without manually installing the driver. These drivers form the system files in the Microsoft operating system. The following protections for system file stability are equally valid for these driver files.

First, use the file signature to verify whether the system file has been modified

In the Windows 7 operating system, all system files (including Microsoft-approved driver files) will carry Microsoft's signature . The signature information includes information such as the system file name, storage path, file creation date, and version number. If the system administrator deploys the Windows 7 system, collect relevant information. Then, when the operating system is unstable, the system administrator suspects that the system file is damaged, you can compare the signature of the system file with the original signature, and you can determine whether the system file is unknown to the administrator. Was changed. Therefore, relevant measures can be taken to repair the system files to restore the stability of the operating system.

In the Microsoft operating system, there is no need to manually collect this information. A graphical file signing tool is provided in the system to help system administrators do the job. In command line mode, entering the sigverif command will sign the dialog.

This file signing tool is a graphical management-based tool provided by the Microsoft operating system. When an application or hardware component is installed, if the system administrator suspects that the original, protected, digitally signed system file or startup program has been illegally modified or replaced, then the tool can be used to check for The existence of this situation. Although this tool already exists in previous versions of the operating system, it has been ignored by everyone. This tool has been improved a lot in Windows 7, especially in terms of performance. After the author's test, in the Windows 7 operating system, this tool runs several times faster than the previous version of the operating system. In addition, this tool has also been improved in functionality. For example, in the previous operating system, only the system files were detected, and the drivers were not detected. For now, this tool will detect system files and driver files at the same time to ensure that all files have Microsoft digital signatures. When the tool detects a file version that is not signed or inaccurate, it will inform the administrator of the relevant information file name, modification time, version number, and so on. This information is also kept in the system-related logs for subsequent queries by the system administrator.

However, after I use it, I feel that there is still an inconvenient place, that is, I cannot import this information directly into a text file or directly copy it. If the tool now has a problem with a file, such as tcpip.sys this file has a problem. Now system administrators may need to find out the specific purpose of this file on the Internet, and whether anyone has encountered this problem before. But what makes me discouraged is that I can't directly copy the file name. Now when I want to ask others about the purpose of this file, I have to manually input it, not by copying and pasting. The author suggests that Microsoft's design experts can be more humane in this regard. Finally, you can export this information directly to a text file in this window or you can copy and paste directly. Instead of opening a log file to do these behaviors.

Another thing to note is that this tool does not fix the problematic files yourself. So running this tool does not require administrator privileges. In other words, ordinary users can also run this program to check if the system files have been maliciously changed.