Change to an NTFS partition on your system, and type
echo "stream message" > afile.txt:myPrivyA file has been created named afile.txt - there is no afile.txt:myPrivy file. Now, try type afile.txt and you’ll
get nothing! Hmmm… If you list the folder’s content’s you’ll notice that afile.txt has got a 0 bytes size but
more < afile.txt:myPrivyshows that myPrivy has indeed got “stream message” in it!
This is actually a little known feature of NTFS that’s been there since its very first incarnation, NT 3.1, but has
never been much touted by Microsoft. myPrivy is a named stream of the file, while its normal contents go to the
unnamed stream and that is the stream that all applications - even dir - seem to be aware of. Have a look at this
article, which appeared in Microsoft Systems Journal, November 1998.
It may have been
originally devised for storing thumbnails and user changes but it looks to me more suitable for trojan horses and DOS
attacks or, as the authors of this article say, “for some geeky party games where you can allocate a large stream in
a file on a friend’s disk”.