What's so bad about ADS streams? everyone seems to want to remove them... can someone enlighten me cuz i'm lost...i know they make a imprint of ur files but makes the scanning process faster, so why delete the streams?

Hi yodafan, ;)

DiamondCS has a very nice write up on ADS Streams and their Security Risks - http://www.diamondcs.com.au/index.php?page=archive&id=ntfs-streams

I've C&P'd a portion of that page here for you, but do read all the info provided by DCS, it is quite interesting. -{ Quote: "Why is ADS a security risk?

The primary reason why ADS is a security risk is because streams are almost completely hidden and represent possibly the closest thing to a perfect hiding spot on a file system - something trojans can and will take advantage of. Streams can easily be created/written to/read from, allowing any trojan or virus author to take advantage of a hidden file area. But while streams can easily be used, they can only be detected with specialist software. Programs such as Explorer can view normal parent files, but they can't see streams linked to such files, nor can they determine how much diskspace is being used by streams. Because ADS is virtually unknown to many developers, there are very few security programs available that are ADS-aware. As such, if a virus implants itself into an ADS stream, your anti-virus software will probably not be able to detect it. In addition, streams cannot be deleted - to delete a stream you must delete its parent. Streams are of particular importance to law enforcement agencies as important data can sometimes be hidden in these covert file system channels." }-Steve

-{ Quote: "What's so bad about ADS streams? everyone seems to want to remove them... can someone enlighten me cuz i'm lost...i know they make a imprint of ur files but makes the scanning process faster, so why delete the streams?" }-
It's more of an issue of KAV not deleting them when you uninstall it. A lot of users want everything to be removed when they uninstall. Most of the time, it doesn't really have any side-effects that I am aware of.

and there is a ads uninstaller for this purpose i have used it and it works very well. it is a command line program. get it in the kav forum (im sorry but dont have the exact link). it works great used it to uninstall kav then to install nod.
it is called stream remover.

For me, KAV ADS was a pain when I was running other AT programs, such as rootkit detectors or TDS-3, which kept getting confused by the KAV's ADS. Even after I uninstalled KAV 5.0 PRO, and ran several of the ADS removal utilities, there still were ADS left behind that were associated with system files. Finally, I did a full image restore and re-installed KAV 4.5.

As far as I am concerned, the whole KAV 5.0 line is an architectural disastor, and I am not surprised they are leaving it behind with a revamped 6 version sans ADS and hopefully a decent design (e.g. a reasonable differentiation between Personal and Pro editions). At least Kaspersky knows a bad idea when they see it. BTW, there is no way to keep KAV 5.0 from creating ADS since the "switch" is only available after KAV 5.0 PRO is installed. For some unfathomable reason this is different from KAV Personal which does have an option at install time to kill the ADS facility. What a mess. If heads didn't roll on this one - someone was awfully lucky.

Rich

you can turn them off upon install if you check the box at the beginning it asks you to enable istreams or icheckers or to disable them