|Developer(s)||Microsoft, Charles Dye|
|Operating system||MS-DOS 6, SpartaDOS X, FreeDOS, Windows 9x|
When IBM and Microsoft introduced PC-DOS 1.0 and MS-DOS 1.0, subdirectories were not yet supported. This state of affairs was remedied with the release of DOS 2.0, which introduced support for subdirectories and directory nesting; however, it had no built-in facility for deleting entire subdirectory trees. Through the release of MS-DOS 5.0, removing nested subdirectories required removing all of the files in the lowest subdirectories, then removing the subdirectory itself, then repeating the process up the directory tree. By 1991 at least one competing product, DR-DOS, had introduced a well-received utility that enabled recursive file deletion. With the introduction of MS-DOS 6.0, Microsoft regained parity by adding the DELTREE command.
DELTREE was retained in Windows 9x but was not shipped in Windows NT family of operating systems. Instead, the
rd) command removes a subdirectory along with all its files if the
/S command-line switch is given.
In MS-DOS, PC-DOS and Windows 9x, DELTREE was implemented as an external command, with its functionality kept in a separate file outside of COMMAND.COM. Normal operation prompted the user for verification that the specified directories were indeed intended to be removed, but this safeguard could be suppressed with a command-line option. Unlike most other commands that operated on the file system, multiple directories could be passed to the command at one time. An undocumented feature allowed the user to append a trailing "/" character to a directory name in order to preserve the directory but remove everything underneath it. In theory, deleted material could be recovered.
The command-syntax is:
Use in malware and sabotageEdit
DELTREE was designed to ignore all file and directory attributes, such as hidden, read-only and system. The command was described as "potentially dangerous" and "capable of wiping out hundreds of files at a time". Combined with the PURGE command (which prevented data recovery), it became an example of a worst-case payload for malware as well as figuring in one of the early computer sabotage trials.
Contributing to the problem is the fact that MS-DOS and Windows 9x do not support discretionary access control to mitigate this issue. The Windows NT family does. Furthermore, starting with Windows Vista, mandatory access control and User Account Control further mitigate the issue.
- SpartaDOS X 4.48 User Guide
- Dickinson, John (May 28, 1985). "Stalking the Elusive Subdirectory Path". PC Magazine. p. 231.
- Glass, Brett (July 8, 1991). "MS-DOS 5: Reigning OS improves its value". InfoWorld. pp. 64–66.
- Cooper, Jim (2002). Using MS-DOS 6.22 (3rd ed.). Que. pp. 120–121. ISBN 0-7897-2573-8.
- No DELTREE Command? - MalekTips Archived March 17, 2010, at the Wayback Machine
- Crayton, Christopher (2008). The A+ Exams Guide: Preparation Guide for the CompTIA Essentials. CompTIA. p. 336. ISBN 978-1-58450-566-2.
- Mueller, John Paul (2007). Windows Administration at the Command Line for Windows Vista, Windows 2003, Windows XP, and Windows 2000. Wiley. pp. 28–29. ISBN 978-0-470-04616-6.
- Rubenking, Neil J. (November 19, 1996). "User-to-User". PC Magazine. p. 247.
- Glass, Brett (May 2, 1994). "How to safely defuse an ANSI bomb; video scan converters". InfoWorld. p. 40.
- Gaudin, Sharon (2000). "Case Study of Insider Sabotage: The Tim Lloyd/Omega Case" (PDF). Computer Security Journal. 16 (3): 1–8.[permanent dead link]
- Lange, Michele C. S.; Nimsger, Kristin (2004). Electronic Evidence and Discovery: What every Lawyer Should Know. ABA. p. 15. ISBN 1-59031-334-8. The case was litigated as United States v. Lloyd, 269 F.3d 228 (3rd Cir. 201).