NTFS vs. FAT

ONE GREAT STRENGTH OF WINDOWS NT is its ability to support multiple filesystems. This ability stems from NT's modular approach to file system support.To support each file system, NT uses a low-level driver that's part of theWindows NT Executive. So creating support for additional file systems is as easyas developing and installing a new driver. (The sidebar, "Windows NT File Systems," on page 96, shows the file systems available under NT andprovides a general description of each.)

An important decision in setting up an NT system is choosing a primary filesystem. With NT 3.5x, you had a choice of three file systems: NT File System(NTFS), File Allocation Table (FAT), and the OS/2 High-Performance File System(HPFS). In addition to support for the NTFS and FAT file systems, NT supportsthe CD-ROM File System (CDFS) for accessing data on PC-compatible CD-ROMs. NT4.0 supports NTFS and FAT (to see how to make HPFS work with NT 4.0, see thesidebar, "Using HPFS with NT 4.0," page 98).

To decide what's right for your situation, you need to understand NTFS's andFAT's capabilities, advantages, and disadvantages. The sidebar, "Choosingan NT File System," on page 100, presents the pluses and minuses of bothfile systems. Let's start this look at file systems by clarifying somedisk-related concepts and terms.

Disky Business
Every disk can contain partitions, or structural divisions. The twotypes of drive partitions are primary and extended. A primary partition is the only type that can contain an OS. You canassign a drive letter to each of up to four primary partitions on one physicaldrive. An extended partition is a special type of partition that you cansubdivide into one or more logical drives. Each logical drive can haveits own drive letter. You can have only one extended partition per physicaldrive, but the extended partition can have multiple logical drives (the numberof logical drives on an extended partition has no practical limit). Each primarypartition and each logical drive is formatted independently and can use adifferent file system.

A volume is a primary partition or logical drive that you formatwith a file system. In fact, any medium you can format, including a removabledisk such as a floppy or CD-ROM, can be a volume.

System and Boot Partitions
NT gives special names to particular disk partitions. For example, the systempartition contains hardware-specific files for booting the system. Thesefiles include the NT Boot Manager and boot.ini, ntdetect.com, and ntldr (osloaderon RISC-based systems). The system partition can contain the NT installationdirectory.

On Intel x86-based computers, you can format the system partition with FATor NTFS. On RISC-based computers, you must format the system partition with FAT.FAT partitions don't have NTFS's security capabilities, so NT 4.0 includes a newfeature to secure the FAT system partition on a RISC-based NT system. From theNT Disk Administrator's partition menu, choose Secure System Partition.The system asks you to confirm the request. Click OK, and reboot the system toactivate security on the system partition. With this feature, onlyAdministrators group members can access the FAT system partition.

Another NT disk partition is the boot partition. Despite its name,this partition isn't necessarily the drive the system boots from. Instead, itcontains the NT installation directory you choose during NT setup. The term bootrefers to the files required to start NT, not the computer. The boot partitioncan be the same as the system partition. On RISC and Intel NT systems, the bootpartition can be on a FAT or NTFS partition.

For maximum system security, administrators of RISC-based systems will wantto consider separate partitions for the boot partition and the system partitionand consider securing the system partition with the Secure System Partitionoption. This approach puts the NT system files on an NTFS partition (for bettersecurity and protection from data corruption than with FAT) and prevents accessto the NT system files if the system boots from a DOS floppy, unless you useNTFSDOS (a shareware utility that can access an NTFS drive)--for information onNTFSDOS, see Mark Russinovich and Bryce Cogswell, "NTFSDOS Poses LittleSecurity Risk," and Joel Sloss, "That Depends on Your Definition ofSecure," September 1996).

The FAT File System
FAT is the granddaddy of all PC file systems. Several flavors of FAT haveemerged over time, but the core technology is largely unchanged.

Features
Experienced DOS users will recognize some distinguishing characteristics ofthe FAT file system. It uses the file allocation table (FAT's namesake) to trackfiles and directories. The system stores this table near the beginning of theFAT volume. To prevent corruption, the system automatically maintains a secondcopy of the table on the disk and can access this copy if the primary tablebecomes corrupt. The table and the volume's root (main) directory must be inspecific locations on the disk so the system can access files needed to bootfrom a FAT volume.

The table needs constant updating, which requires that the hard drive headscontinually return to the beginning of the volume. As a result, FAT cancause a severe performance hit on large volumes­the larger the volume, thegreater the performance penalty.

FAT stores files on a first-come, first-served basis: The system writesfiles to disk in the first available area. Over time, this method can result inheavy file fragmentation (files are in multiple, noncontiguous disk blocks) onFAT volumes and is another performance killer. To remedy this problem, you haveto run a disk defragmentation program.

As of this writing, the only NT disk defragmentation tool is ExecutiveSoftware's DISKEEPER for Windows NT. No one utility can work with all the NTversions and service packs, and DISKEEPER is no different. With NT 3.5x,fragmentation utilities had to be specific to a particular NT version or servicepack. If you use such a utility on a different version or service pack level,you can corrupt data. NT 4.0 solves this problem by including a diskdefragmentation API. You can expect to see several new NT defragmentation toolsavailable in the near future.

Another disadvantage to FAT is that its directory structure has no formalorganization, so FAT can't automatically sort folders and filenames in adirectory. Locating a file on a large FAT volume can take longer than searchingan NTFS volume with automatic directory sorting.

Uses for FAT Volumes
So why use FAT? It is the most popular and widely used PC filesystem because it's been the only choice for millions of DOS users worldwidesince DOS arrived in the early 1980s.

Even on systems, such as NT, that can support additional file systems, FATcan be the best choice. Multiboot systems (those with more than one OSinstalled) usually have at least one FAT volume because many OSs, includingMS-DOS, Windows 3.x, Windows for Workgroups, Windows 95, OS/2, and NT, supportFAT. It can be the best choice for small volumes because its simple nature andlow overhead make it fast on these volumes. This advantage is also why FAT isthe only choice for floppy disk formats in NT.

NT can access FAT volumes of up to 4GB, but MS-DOS can recognize FATvolumes of only up to 2GB. Therefore, keep the volume size to 2GB or smallerwhen you create FAT volumes for use by both DOS and NT.

If you use FAT with another OS and switch to NT, you can keep your volumesformatted as FAT until you're ready to switch to NTFS. However, after youconvert a FAT volume to NTFS, you can use that volume only with NT­youcan't convert that volume back to FAT without backing up, reformatting, andrestoring the volume.

To convert a FAT volume to NTFS, type CONVERT at the command prompt. Theformat of the CONVERT command is CONVERT /FS: NTFS [/V], where is the designation of the drive you want to convert. The /V option tells CONVERTto run in verbose mode, which gives detailed command output.

A final advantage of FAT is its ability to store programs that you canaccess when the system boots under DOS. These programs include setup utilitiesfor configuring hardware devices and peripheral cards.

When you consider these advantages, don't forget FAT is not as secure asNTFS. You can easily access FAT volumes with a DOS boot floppy, and FAT providesonly limited directory-level access security. For these reasons, I do notrecommend FAT for network shared volumes. Instead, consider NTFS, which hasfile-level security and superior protection from physical access.

If you maintain a disk volume larger than 400MB, consider FAT's potentialto affect performance and usable disk space. Every FAT and NTFS volume usesclusters, the basic unit of allocation to store disk files. FAT can have largeminimum cluster sizes that reduce the usable storage space on the volume.

Regardless of how small a file or part of a file is, it must take up atleast one cluster of disk space. When a file doesn't take up an entire cluster,the portion of the cluster that contains no data is wasted. The larger thecluster, the larger the waste. The amount of disk space wasted by minimumcluster sizes on FAT volumes becomes exaggerated the larger the volume is.Larger volumes have larger minimum cluster sizes. Therefore, large volumes thatstore many small files will lose a lot of storable space because of the minimumcluster size problem.

Table 1 lists the default minimum cluster sizes for various FATvolume sizes. With large FAT volumes (256MB to 2048MB), the wasted drive spaceis substantial and is reason enough to choose NTFS for these volumes.

NTFS File System
When NT came out, it included a new file system that Microsoft intended tobe robust, secure, and fast. This system, NTFS, has several advantages overother file systems.

Security
NTFS's integration with NT security makes NTFS the best choice for volumesrequiring high levels of security. NTFS provides file-level security for settingpermissions on folders and files. These permissions make the most of theexisting local or domain NT accounts database, and you can have differentpermissions on different files in the same folder.

Several types of file and folder permissions are available. They includeNo Access, which excludes a specified user or group from any access to afile or folder, and Full Control, which grants full control overa file or folder, such as the ability to set permissions and take ownership ofit. File and folder permissions use the accounts database of the local NTcomputer or domain. You can apply permissions to individual users, user groups,or everyone.

NTFS also has better protection from unauthorized physical access than FAT:Users can't access NTFS volumes by booting the system from a DOS diskette. Thisrestriction is because the NTFS driver that allows access to an NTFS volumeloads with NT.

Despite these security features, NTFS volumes are far from impervious tointrusion. Utilities such as NTFSDOS and even one that works under LINUX (a UNIXvariant) can grant unauthorized access to NTFS volumes. NTFS can't prevent physicalaccess to files on NTFS volumes; instead, you have to physically lock away thecomputer containing the data or use file encryption, which NTFS doesn't support.However, third-party products such as Genio USA's CrypEdit or Regnoc Software'sSafe Program let you encrypt data on NTFS volumes.

Another NTFS security-related feature is preventing users from undeletingfiles or folders removed from NTFS volumes. Even if the files exist on thedrive, NT doesn't give undelete programs physical disk access to work on an NTFSvolume. (You can, however, use a third-party DOS-based undelete program such asSymantec's Norton Utilities and Microsoft's Undelete on FAT volumes. Theseprograms can recover deleted files but make no guarantees.) Although NTFS'ssecurity features can be inconvenient for users with few or no security needs,these features are central to NTFS and NT security and required for NT'sC2-level security certification.

Reliability
In addition to its extensive memory and application protection features,NTFS is a reliable file system. When storing data to disk, NTFS records file I/Oevents to a special transaction log. If the system crashes or encounters aninterruption, NT can use this log to restore the volume and prevent corruptionfrom an abnormal program termination or system shutdown. NTFS doesn't commit anaction to disk until it verifies the successful completion of the action. Thisprecaution helps prevent corruption of an NTFS volume and makes NTFS especiallysolid for data storage on standalone systems and network file servers.

NTFS also supports hot-fixing disk sectors, where the OS automaticallyblocks out bad disk sectors and relocates data from these sectors. Thishousecleaning happens in the background. An application attempting to read orwrite data on a hot-fixed area will never know the disk had a problem.

Performance
NTFS is also built for speed. NTFS provides impressive disk I/O performanceon large volumes such as those on file servers or advanced workstations and isthe best file system for such machines. This performance gain applies only tovolumes larger than 400MB because of NTFS's overhead from its security andreliability features.

NTFS uses a binary tree structure for all disk directories, which reducesthe number of times the system has to access the disk to locate files. Thissystem is best for large directories, and NT easily outperforms FAT in thesesituations. In addition, NTFS automatically sorts files in a folder on the fly.

Another performance-related feature is NTFS's resistance to filefragmentation. NTFS uses a special process of writing files to disk. Thisprocess minimizes file fragmentation by making intelligent choices about whereto store file data on the disk. In contrast to FAT's first-available method,NTFS's method of writing files reduces, but does not eliminate, the problem offile fragmentation on NTFS volumes.

NT also gains an edge over FAT by using relatively small disk allocationunits (cluster sizes) for NTFS volumes. Smaller clusters prevent wasted diskspace on volumes, especially those with numerous small files. Table 2 lists thedefault cluster sizes for various NTFS volumes sizes.

As Table 2 shows, the largest NTFS cluster size is 4KB, even on volumeslarger than 2GB. Because NTFS uses small clusters better and has a moreefficient design, its performance doesn't degrade with large volumes, incontrast to FAT's.

When you format an NT volume, NT chooses a cluster size to fit the volumesize. With NTFS, you can select the cluster size for the volume when you use theFORMAT command from the NT command prompt (this solution is not possible fromDisk Administrator). To set the cluster size, use the /A switch with the FORMATcommand as follows: FORMAT /FS:

Despite the flexibility this feature provides, you generally won't need tospecify manual NTFS cluster sizes. NT can automatically configure them for you.NT works best with volumes at the settings it specifies, and changing thesesettings can adversely affect your system's performance.

File and Folder Compression
Another important NTFS feature, which was new with NT 3.51, is the abilityto selectively compress individual files and folders on a disk. You can alsocompress an entire NTFS volume by compressing the volume's root folder. With NT3.5x, you compress files and folders through File Manager. In NT 4.0, you selecta file's or folder's Properties dialog by right-clicking the file or folder andchoosing Properties. You can also compress a file or folder with thecommand-line utility compact.exe.

No one file system is perfect for all situations. To choose a file systemfor a given volume, you have to consider how you will use the volume and whatthe security needs will be for information on the volume. Will the volumerequire NTFS's file-level security? Do you need to access the volume under DOSor OS/2? With the information in this article, the information in the sidebar, "Choosingan NT File System," can help you answer these and other questions.