Misc Links
Forum Archive
News Archive
File DB
 

Ads
 

Advertisement
 

Latest Forum Topics
wow 56 k modems are
Posted by Red Squirrel
on Oct 14 2013, 11:52:23 pm

I Need A Program
Posted by rovingcowboy
on Sep 23 2013, 5:37:59 pm

having trouble witn lan
Posted by rovingcowboy
on Sep 23 2013, 5:40:56 pm

new problem for me
Posted by rovingcowboy
on Sep 23 2013, 5:54:09 pm

RBC Royal Bank
Posted by Red Squirrel
on Aug 13 2013, 6:48:08 pm

 

Big Brother and Ndisuio.sys
A new Internet phenomenon?
By Red Squirrel


Ndisuio.sys, a very mysterious system file is present in Windows XP and is a driver for wireless things such as wi-fi and bluetooth. However, there have been many issues with this file downloading immense amounts of data and perhaps causing activity that is "big brother"ish.

The fact that hardly any information on this file downloading data is available by Microsoft makes things quite suspicious about it. It has even been noted that it looked as if it was transferring data to major companies like Comcast, Road Runner, Time Warner, BTC and Verizon.

The good news is, it turns out this file duplicates data that is sent/received, so wherever you go, it will also transfer the data to that file but it does not leave the computer/network so it's not spyware. So it's not as much of a big brother situation then it looks like. It simply performs internal communication tasks and stands for NDIS user I/O, hence, NDISUIO. NDISUIO is also used as a driver by many developers as it makes certain wireless network tasks easier such as implementing it for 802.11x connections. Some firewalls also use it as it can get the data in order to filter it.

But duplicating this data can hog resources for no reason, so disabling it is the best thing to do. The data rate of this file's received data is huge, so that indicates that the data transfer is not over the Internet, but locally. So it's just a duplicate of network activity but because it's local everything transfers faster but uses more resources then casual internet usage as there's more data involved at a given time span of 1 second, for example.

To disable this file, go to the control panel, administration tools, services, Wireless Zero Configuration, double click and disable it. This file is probably required to run if you use any linksys wireless devices.

Because I use win2k and not XP I have never experienced anything with this file myself, so this is only a summary of what this file does and what it is for and not based on my own experience but researched information.

-Red Squirrel
IceTeks Owner


Here are a few links having to do with this file:

This was a thread here at Iceteks discussing about this file's strange network behavior.
http://www.iceteks.com/forums/show.php/showtopic/1290

NDIS User Mode I/O (NDISUIO) Version Dependencies
http://www.ndis.com/pcakb/KB01010301.htm

DHCP Does Not Obtain a New Address When EAP Reauthenticates Across Access Points with IP Subnets That Differ
http://support.microsoft.com/default.aspx?kbid=822596

NDIS User-mode I/O Driver
http://msdn.microsof...fndisuser-modeiodriver.asp




spacer
27007 Hits Pages: [1] 12 Comments
spacer


Latest comments (newest first)
Posted by Red Squirrel on July 07th 2005 (23:38)
Yeah its' crap, dont trust it. Disable it and get something else. mind you, I've seen it where installing a firewall gives you the dreaded STOP error at startup when you reboot, so image your drive before installing the firewall in case you need to rollback, since BSODs are unescapable in most cases,on NT based OSes.

Oh and the firewall conflict is an XP thing, in 2000 all is smooth.

spacer
Posted by weakzero on July 07th 2005 (21:30)
QUOTE (Red Squirrel @ Jun 28 2004, 01:04 PM)
Hmm well it is a network-enabled driver, so it could be there are security flaws that allow this.

Also, you may want to look at this article: http://iamnotageek.com/articles.php?aid=10...&topic=Firewall

It's about the XP firewall being... well... microsoftish, it does not always work.

Wait. The MICROSOFT firewall doesn't always work? Are you serious? blink.gif

spacer
Posted by kris on May 05th 2005 (20:31)
Hi,
recently i logged my laptop to a local intranet and the admin had used
ndisuio.exe and ntokrnl.exe to control my comp. - atleast according to Sygate firewal
ndisuio.exe- Sygate says was used to find out all the running applications
and ntokrnl was used to enable th UDP -this i'm not sure what UDP is used for,
i have blocked it using sygate now,
bye

spacer
Posted by Wren on January 01th 2005 (19:04)
I don't think there's a paranoid one of us in the bunch. tongue.gif As far as Linux goes...I'm to old to care. laugh.gif
spacer
Posted by Red Squirrel on September 09th 2004 (17:34)
I think it's just becase that file duplicates network activity, so if you've been to that site then it makes it look like it's trying to connect there.
spacer
View all comments
Post comment


Top Articles Latest Articles
- What are .bin files for? (669062 reads)
- Text searching in linux with grep (161180 reads)
- Big Brother and Ndisuio.sys (150471 reads)
- PSP User's Guide (139547 reads)
- SPFDisk (Special Fdisk) Partition Manager (117240 reads)
- How to Use MDADM Linux Raid (188 reads)
- What is Cloud Computing? (1225 reads)
- Dynamic Forum Signatures (version 2) (8769 reads)
- Successfully Hacking your iPhone or iTouch (18714 reads)
- Ultima Online Newbie Guide (35906 reads)
corner image

This site best viewed in a W3C standard browser at 800*600 or higher
Site design by Red Squirrel | Contact
© Copyright 2017 Ryan Auclair/IceTeks, All rights reserved