Filesystem fragmentation--A security threat

By Chad Perrin, Special to ZDNet Asia
Tuesday, March 17, 2009 01:37 PM
It may not be immediately apparent, but filesystem fragmentation is more than just a minor annoyance; it can also up the level of risk to your system and data security.
Filesystem fragmentation is a problem with which many computer users are familiar. Many, however, are not.
They don't know that filesystem fragmentation reduces performance so that they have to wait longer for their applications to respond. Gaming in particular can suffer--probably the most common high performance need for home computer users.
Those who know these basic problems presented by filesystem fragmentation usually know about defragmentation programs, and they sometimes even use them. A lot of people don't use them nearly enough. That can be especially important considering the security implications.
The list of immediate security concerns is short, but considering the relative ease with which defragmentation can (usually) be accomplished, they're important enough to go to the trouble when you need it.
Security problems include three key issues:
  1. disaster recovery: If your system suffers some kind of filesystem corruption, and you need to recover the data, many recovery tools can do so using a file allocation table. If that is corrupt, though, a longer and more difficult process needs to be used--and if your filesystem was significantly fragmented, that can increase the difficulty of a successful recovery quite a lot, as recovery tools will tend to have a harder time reconstructing complete files. Obviously, you should have good, up-to-date backups, but if the filesystem is corrupted between when critical data arrived and when the next backup was scheduled, this may be a very real problem for your data security.
  2. I/O activity: The more fragmented the data on your drive, the more physical operations a drive has to make to read the data your system needs and write data you wish to save. This can consume more power, generate greater heat, and degrade your system more quickly because of wear on the moving parts. Standard SSDs (solid-state drives) are limited to a particular number of write operations due to integral design characteristics required to make them maintain state when power is cut, which means that greater fragmentation can reduce operational lifespan as well, though the defragmentation process itself will also reduce the life of an SSD. Such circumstances can threaten data security in the long run due to the growing likelihood of an eventual crash.
  3. performance: You may think that reduced performance is just an annoyance, but it isn't. It also affects the speed, efficiency, and effectiveness of security software such as application layer firewalls and virus scanners. Virus scanners in particular are affected, because they are not only directly affected when the scanner applications and their virus definitions are fragmented, but also because they have to be able to scan the entire filesystem regularly to provide complete protection. Making backups can also suffer.
Of course, a better approach is simply to use a filesystem that doesn't get notably fragmented. Most filesystems in use on modern operating systems today are, in fact, very resistant to fragmentation. Filesystems such as UFS, ext3, and ZFS have pretty much solved the problem of fragmentation entirely. The two most common filesystems that still suffer significant fragmentation are NTFS and FAT32 (which is still used on many external storage devices).
MS Windows, as the primary user of NTFS and FAT32, comes with a defragmentation utility in default installs. Third-party defragmenters can do a better job, and if you run large networks of MS Windows computers that do a lot of I/O, it is probably worth your while to research them for the best combination of price, functionality, reliability, efficiency, and speed for your purposes. Be aware, though, that even the best defragmentation utilities for MS Windows begin to have difficulty performing effectively as your drive starts running out of space.
Modern non-Microsoft operating systems use non-fragmenting filesystems: FreeBSD uses UFS, most Linux distributions use ext3, and OpenSolaris uses ZFS. Other filesystems often used by these OSes and others that do not generally fragment include reiserfs, XFS, and JFS, for example.
The only time that any significant fragmentation starts occurring on such filesystems is when the filesystem starts getting too full to be able to efficiently manage data distribution on the storage device (over 98 percent full, generally). In such rare circumstances, however, complete filesystem defragmentation can be achieved by using tools such as dump and restore to quickly rebuild the filesystem.
One way or another, you should keep your filesystems as free of defragmentation as reasonably possible--not just for performance, but also for security. The preferred method would of course be to use a filesystem that isn't susceptible to file fragmentation, but failing that, regular defrag operations can help you protect the security of your data and make the process of protecting yourself against malicious security crackers and malware more tolerable.
Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.