SAS question

when configuring SAS for a scan, what is "scan alternate data streams"?

is it better to leave it checked or unchecked?

 

Happy chewing
http://www.windowsecurity.com/articles/Alternate_Data_Streams.html

FWIW worth i have seen Bots using ADS stream and also Rustock B loads it driver into ADS and then filters all ADS to hide itself.

Also some CWS infections utilized ADS dwelling bots.Do a search for this file "svchost.exe:exe.exe" and see what google turns up

IMO opinion any scanner that does not scan ADS is missing a part of the malware habitat spectrum so in short best keep it enabled

Working example

IceSword ADS scan detects>>>



SAS full scan including ADS scanning enabled>>>


Now how many other Botkillers/AntiTrojan softwares do you think can preduce that trick

I'm game for testing as long as it dose'nt cost

HTH

PS Adaware2007+Spybot+AVG ASW+ a2 are first on the hitlist for testing.

 

Thanks

Always checked it, but never really questioned what it did ...good to know I was doing the right thing...

 

I don't see the ADS selection in SAS. Where is it?

 

Preferences button --> Scanning control tab --> Scanner options -->4th box from bottom

 

Click on preferences then scanning control.

 

LoneWolf
I've never used SAS so few questions:
1) does it have "real time" malware blocking/removal line Spy Sweeper ?
2) is it overall better than SS ?

 

Hi daniel2007,

1) The paid version of SAS has real-time (active) protection. The free version of SAS is an on-demand scanner only.
2) I'm not sure, SAS is supposed to be pretty good though.

 

Paid version SAS (Pro) has real time protection(guard)
Free version SAS has on demand only.
Better then SS?, IMO it is.
I had SS a long time ago, would'nt touch it now with a ten foot pole.

 

1) The Pro version does.
2) SAS is arguably the best anti-spyware/adware/trojan app on the market. Not only does it have superior detection/removal capabilities over SS, it uses less system resources and has virtually zero impact on system performance. You also get excellent support direct from Nick who frequents various forums, as well as his staff that handles the email support.

FWIW I still have an active SS subscription, but I quit using it about a year ago due to excessive bloat and lackluster detection/removal. SAS is my "go to" app for hosed machines along with CF, RF, SFF, and AVP.

 

@jtcst & LoneWolf, thanks for the directions to find ADS.

Btw LoneWolf, looking at your Scanning Options screen-capture I noticed they are slightly different than mine (e.g., Use Direct Disk Access, which I don't have)! Which version-build are you running?

 

4.0.1136
It's not final but very stable.

 

Started testing tonight

Results as gathered>>>
https://www.wilderssecurity.com/showthread.php?t=201015

 

That explains it. I'm still on 3.9.x... Do you find 4.0.x better/faster?

 

Other then a few new options and maybe a little bit faster scanning, seams to be the same to me........Excellant.

 

Well, we are speaking about 50% time less, so I would say a bit more than "a little bit faster"

 

Thanks, Everyone !
SS seems to be getting a little long-in-the-tooth and isn't evolving, so SAS could be just the ticket i've been looking for.

~d~

 

SAS 4 is excellent. I have tested it on vista and on xp. runs faster scans, uses less memory and i give it a 10!.
It should be coming out in final in a few days.
It has saved me hundreds of hours trying to get trojans off clients computers. I believe nothing compares to it.
Robin

 

Hi,

I have a question: what´s DDA all about? Is this something unique?