when configuring SAS for a scan, what is "scan alternate data streams"?

is it better to leave it checked or unchecked?

Happy chewing;)
http://www.windowsecurity.com/articles/Alternate_Data_Streams.html

FWIW worth i have seen Bots using ADS stream and also Rustock B loads it driver into ADS and then filters all ADS to hide itself.

Also some CWS infections utilized ADS dwelling bots.Do a search for this file "svchost.exe:exe.exe" and see what google turns up ;)

IMO opinion any scanner that does not scan ADS is missing a part of the malware habitat spectrum so in short best keep it enabled:thumb:

Working example;D

IceSword ADS scan detects>>>
197861


SAS full scan including ADS scanning enabled>>>
197862

Now how many other Botkillers/AntiTrojan softwares do you think can preduce that trick;)

I'm game for testing as long as it dose'nt cost:thumb:

HTH:)

PS Adaware2007+Spybot+AVG ASW+ a2 are first on the hitlist for testing.

Thanks

Always checked it, but never really questioned what it did:-\ ...good to know I was doing the right thing...:thumb:

I don't see the ADS selection in SAS. Where is it?

Preferences button --> Scanning control tab --> Scanner options -->4th box from bottom

-{ Quote: "I don't see the ADS selection in SAS. Where is it?" }-

Click on preferences then scanning control.

LoneWolf
I've never used SAS so few questions:
1) does it have "real time" malware blocking/removal line Spy Sweeper ?
2) is it overall better than SS ?

Hi daniel2007,

1) The paid version of SAS has real-time (active) protection. The free version of SAS is an on-demand scanner only.
2) I'm not sure, SAS is supposed to be pretty good though.

-{ Quote: "LoneWolf
I've never used SAS so few questions:
1) does it have "real time" malware blocking/removal line Spy Sweeper ?
2) is it overall better than SS ?" }-

Paid version SAS (Pro) has real time protection(guard)
Free version SAS has on demand only.
Better then SS?, IMO it is.
I had SS a long time ago, would'nt touch it now with a ten foot pole. ;D

-{ Quote: "
I've never used SAS so few questions:
1) does it have "real time" malware blocking/removal line Spy Sweeper ?
2) is it overall better than SS ?" }-
1) The Pro version does.
2) SAS is arguably the best anti-spyware/adware/trojan app on the market. Not only does it have superior detection/removal capabilities over SS, it uses less system resources and has virtually zero impact on system performance. You also get excellent support direct from Nick who frequents various forums, as well as his staff that handles the email support.

FWIW I still have an active SS subscription, but I quit using it about a year ago due to excessive bloat and lackluster detection/removal. SAS is my "go to" app for hosed machines along with CF, RF, SFF, and AVP.

@jtcst & LoneWolf, thanks for the directions to find ADS.

Btw LoneWolf, looking at your Scanning Options screen-capture I noticed they are slightly different than mine (e.g., Use Direct Disk Access, which I don't have)! Which version-build are you running? ???

-{ Quote: "@jtcst & LoneWolf, thanks for the directions to find ADS.

Btw LoneWolf, looking at your Scanning Options screen-capture I noticed they are slightly different than mine (e.g., Use Direct Disk Access, which I don't have)! Which version-build are you running? ???" }-

4.0.1136
It's not final but very stable. :thumb:

-{ Quote: "
PS Adaware2007+Spybot+AVG ASW+ a2 are first on the hitlist for testing." }-

Started testing tonight;D

Results as gathered>>>
http://www.wilderssecurity.com/showthread.php?t=201015

-{ Quote: "4.0.1136
It's not final but very stable. :thumb:" }-
That explains it. I'm still on 3.9.x... Do you find 4.0.x better/faster?

-{ Quote: "That explains it. I'm still on 3.9.x... Do you find 4.0.x better/faster?" }-

Other then a few new options and maybe a little bit faster scanning, seams to be the same to me........Excellant. ;D

-{ Quote: "Other then a few new options and maybe a little bit faster scanning, seams to be the same to me........Excellant. ;D" }-
Well, we are speaking about 50% time less, so I would say a bit more than "a little bit faster" ;D

Thanks, Everyone !
SS seems to be getting a little long-in-the-tooth and isn't evolving, so SAS could be just the ticket i've been looking for.

~d~

SAS 4 is excellent. I have tested it on vista and on xp. runs faster scans, uses less memory and i give it a 10!.
It should be coming out in final in a few days.
It has saved me hundreds of hours trying to get trojans off clients computers. I believe nothing compares to it.
Robin

Hi,

I have a question: what´s DDA all about? Is this something unique?

-{ Quote: "Direct Disk Access (DDA) technology bypasses all of the Windows API/Kernel to detect and remove difficult spyware" }-