AlternateStream ,is dangerous to delete them?

Hi

looking for an useful @ nirsoft

i found AlternateStreamView v1.32
@
-http://www.nirsoft.net/utils/alternate_data_streams.html

i scanned my windows paritions and it found 2000 items on my xp

they are mostly jpg , pdf ,mp3 and so on

the program is able to scan , to export and to delete

is dangerous to delete them?

never understood what are these alternatestreem , are they necessary for the os ?
in short i did a search about , but did not find a simple answer

thanks
cheers

 

The simple answer is you can probably delete them.

A drive formatted in FAT32 does not have ADS, and windows has ran fine on that for a long time. ADS needs drives formatted NTFS to work.

An ADS is essentially a "file" that is attached to a file. Its most common use is to be a marker to indicate where the file came from, such as the internet or intranet or a zone (like an IE zone). Mechanisms in the OS can look at the ADS data, and then do things like display a prompt that says "this file came from the internet, do you want to allow it to run?".

It is even possible to include an executable as an ADS. That is the down side to ADS, and some fear they will be used maliciously. I like ADS personally, as I can manipulate them and actually like the prompt that asks me if I want to execute something that came from the internet.

HTH.

Sul.

 

thanks Sul

the meaning is deleting could mess up my windows?

 

Delete is perhaps not the right word in this case, as you don't really delete an ADS. Rather, you remove the ADS by copying the file to a FAT 32 drive, then copy it back, or you modify the ADS to contain nothing. That nirsoft tool might allow deleting it, never tried that.

I cannot recall right now where, but I am certain there is an option to turn creation of ADS off, at least some of them. Likely in one of the threads Kees or I started regarding integrity levels and his 1806 setting. If I find time I will try to dig that out.

Sul.

 

As far as i'm aware, you can Actually delete them

But if some App etc requires them you "might" be in trouble. For eg: Kaspersky used to stupidly store data in the ADS in a previous version, which caused ALL sorts of problems for people

If you're SURE no App of yours uses the ADS, then delete away If you then can turn them off as Sully intimates Check with your ADS tool/s

Malware writers caught on to being able to hide code in the ADS, including Rootkits, about 5 years ago I've always formatted my comps in FAT32 = No ADS

 

Maybe check out StreamArmor.

 

do you use it ?
did you delete them ?
thanks

do you delete sometime them ?

thanks

 

I remember back some years when KAS did that indeed. I hope that the new versions do not include ADS anymore correct?

To the op, you should be ok to delete them but do you have a reason to? I would imagine you could backup and then try it just to be safe. YMMV however.

Cheers.

 

AFAIK they are safe to delete. CCleaner can do it for you these days. In options->settings you can see the options for wiping ADS, along with cluster tips and MFT free space. I’ve never had a problem using it, but as they say, YMMV.

 

Same here. Not long ago, I picked up 2 XP pro units that were formatted NTFS, and immediately converted both to FAT32.

 

I have 2 partitions on my HD, my C Drive is with FAT32, on it is Windows/Data/Apps etc etc. My D Drive has to be NTFS as XP doesn't "seem" to allow the C Drive FAT32 partition to be larger than 32GB, & my HD is larger than that.

But there is Nothing on my D Drive that is openly private etc, only music/PDF's Tech stuff etc etc. Anything of a private nature is encrypted with either TrueCrypt or Axcrypt

So i've never bothered to delete the ADS on my D Drive, but since you mentioned it, i did a scan with ADSSpy. The 1st screenie is with IGNORE checked, the 2nd is with IGNORE unchecked



Only 1 ADS found, but no big deal privacy wise. I wouldn't delete that one though, as it says Licence That's why i mentioned about checking before deleting



Although an additional 239 were found, they are also no big deal privacy wise.

If you're unsure, i would say Don't !

Bearing in mind what i had to do above, how did you do it ? TIA

 

I've tried StreamArmor before. I don't recall if I've removed any streams with it.

 

The PowerQuest version of Partition Magic can convert existing NTFS partitions into FAT32. Don't know if Symantec removed that ability or not when they bought them out, but they no longer offer it for download.