SAS question

Discussion in 'other anti-malware software' started by HURST, Feb 19, 2008.

Thread Status:
Not open for further replies.
  1. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    when configuring SAS for a scan, what is "scan alternate data streams"?

    is it better to leave it checked or unchecked?
     
  2. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Happy chewing;)
    http://www.windowsecurity.com/articles/Alternate_Data_Streams.html

    FWIW worth i have seen Bots using ADS stream and also Rustock B loads it driver into ADS and then filters all ADS to hide itself.

    Also some CWS infections utilized ADS dwelling bots.Do a search for this file "svchost.exe:exe.exe" and see what google turns up ;)

    IMO opinion any scanner that does not scan ADS is missing a part of the malware habitat spectrum so in short best keep it enabled:thumb:

    Working example:D

    IceSword ADS scan detects>>>
    IS.jpg


    SAS full scan including ADS scanning enabled>>>
    sas.jpg

    Now how many other Botkillers/AntiTrojan softwares do you think can preduce that trick;)

    I'm game for testing as long as it dose'nt cost:thumb:

    HTH:)

    PS Adaware2007+Spybot+AVG ASW+ a2 are first on the hitlist for testing.
     
    Last edited: Feb 19, 2008
  3. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Thanks

    Always checked it, but never really questioned what it did:doubt: ...good to know I was doing the right thing...:thumb:
     
  4. Aaron Here

    Aaron Here Registered Member

    Joined:
    Jun 4, 2006
    Posts:
    1,205
    Location:
    USA
    I don't see the ADS selection in SAS. Where is it?
     
  5. jtcst

    jtcst Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    30
    Preferences button --> Scanning control tab --> Scanner options -->4th box from bottom
     
  6. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Click on preferences then scanning control.
     

    Attached Files:

  7. daniel2007

    daniel2007 Registered Member

    Joined:
    Feb 14, 2008
    Posts:
    25
    LoneWolf
    I've never used SAS so few questions:
    1) does it have "real time" malware blocking/removal line Spy Sweeper ?
    2) is it overall better than SS ?
     
  8. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Hi daniel2007,

    1) The paid version of SAS has real-time (active) protection. The free version of SAS is an on-demand scanner only.
    2) I'm not sure, SAS is supposed to be pretty good though.
     
  9. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Paid version SAS (Pro) has real time protection(guard)
    Free version SAS has on demand only.
    Better then SS?, IMO it is.
    I had SS a long time ago, would'nt touch it now with a ten foot pole. :D
     
    Last edited: Feb 20, 2008
  10. EliteKiller

    EliteKiller Registered Member

    Joined:
    Jan 18, 2007
    Posts:
    1,138
    Location:
    TX
    1) The Pro version does.
    2) SAS is arguably the best anti-spyware/adware/trojan app on the market. Not only does it have superior detection/removal capabilities over SS, it uses less system resources and has virtually zero impact on system performance. You also get excellent support direct from Nick who frequents various forums, as well as his staff that handles the email support.

    FWIW I still have an active SS subscription, but I quit using it about a year ago due to excessive bloat and lackluster detection/removal. SAS is my "go to" app for hosed machines along with CF, RF, SFF, and AVP.
     
  11. Aaron Here

    Aaron Here Registered Member

    Joined:
    Jun 4, 2006
    Posts:
    1,205
    Location:
    USA
    @jtcst & LoneWolf, thanks for the directions to find ADS.

    Btw LoneWolf, looking at your Scanning Options screen-capture I noticed they are slightly different than mine (e.g., Use Direct Disk Access, which I don't have)! Which version-build are you running? o_O
     
  12. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    4.0.1136
    It's not final but very stable. :thumb:
     
  13. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
  14. Aaron Here

    Aaron Here Registered Member

    Joined:
    Jun 4, 2006
    Posts:
    1,205
    Location:
    USA
    That explains it. I'm still on 3.9.x... Do you find 4.0.x better/faster?
     
  15. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Other then a few new options and maybe a little bit faster scanning, seams to be the same to me........Excellant. :D
     
  16. Giwex

    Giwex Registered Member

    Joined:
    May 30, 2007
    Posts:
    9
    Well, we are speaking about 50% time less, so I would say a bit more than "a little bit faster" :D
     
  17. daniel2007

    daniel2007 Registered Member

    Joined:
    Feb 14, 2008
    Posts:
    25
    Thanks, Everyone !
    SS seems to be getting a little long-in-the-tooth and isn't evolving, so SAS could be just the ticket i've been looking for.

    ~d~
     
  18. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    SAS 4 is excellent. I have tested it on vista and on xp. runs faster scans, uses less memory and i give it a 10!.
    It should be coming out in final in a few days.
    It has saved me hundreds of hours trying to get trojans off clients computers. I believe nothing compares to it.
    Robin
     
  19. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Hi,

    I have a question: what´s DDA all about? Is this something unique?

     
Thread Status:
Not open for further replies.