Streamarmor Scanner.

http://rootkitanalytics.com/userland/streamarmor.php

Available in both x32 and x64 version.

Alternate Data Stream (ADS) is the lesser known feature of Windows NTFS file system which provides the ability to put data into existing files and folders without affecting their functionality and size. Any such stream associated with file/folder is not visible when viewed through conventional utilities such as Windows Explorer or DIR command or any other file browser tools. It is used legitimately by Windows and other applications to store additional information (for example summary information) for the file. Even 'Internet Explorer' adds the stream named 'Zone.Identifier' to every file downloaded from the internet.

StreamArmor has built-in advanced file type detection mechanism which examines the content of file to accurately detect the file type of stream. This makes it great tool in forensic analysis in uncovering hidden documents/images/audio/video/database/archive files within the alternate data streams. StreamArmor is the standalone, portable application which does not require any installation. It can be copied to any place in the system and executed directly.

 

Downloading and testing now.

 

Great, tell us how it goes.

 

The bad:

1)slows down my pc and lagged my google chrome and winamp
2) takes too much time to scan (18m on my laptop)

The good:

1) easy to use
2) no installation required
3) nice gui

The unknown (since it didn't find anything on my pc):

1) I don't know how reliable the results are
2) I don't know how how good it is to remove threats

Overall, it's a nice addon to have to scan from time to time.

update: why does Defense+ says it tries to access my disk when i try to close it, while it's not doing anything..weird, blocked it.

 

Hello Guys,

Thank you for evaluating our tools. I enjoyed reading the good and the bad, and definitely the bad. We actually noticed both the drawbacks during the beta test, but wanted more users to test it to determine if it was global or local to our testbed. We also wanted to know further if someone here is techically strong, in terms of threading to determine where the exact memory leak is [if there is one], because we apparently could not find the leak. Also, we tested for security issues with this leak, and there are none.

This is not as significant as the gigantic AV's, but although I shouldn't compare since these are specific tools to do specific jobs. Let me know if you could determine more reviews on it, especially the bad ones so that we could fix it.

To answer "update: why does Defense+ says it tries to access my disk when i try to close it, while it's not doing anything..weird, blocked it.", I would like to say that he is right. We clean up the TEMP files that we create during the scanning process. Hence, it is best if you allow it to do file system access, to allow the cleaning to proceed.

Also, we were thinking of garbage collecting process of collecting unused threads, or threads already used by our tool to perform throttling to ensure that we do not utilize all your processing power. Something similar to what they have explained in: http://stackoverflow.com/questions/230003/thread-vs-threadpool

I was also wondering if this had anything to do with paging optimization. Let me know if you have any reviews on that.

If you want faster response, kindly email us directly at contact.fingers @ gmail.com. Thank you

Cheers,
EF

 

Seems like a great program to me as is. Scanned my system pretty quickly. That said the features you suggested don't seem like a bad idea.

The only bad I see when I clicked "Check Online" it didn't do anything. I went to options, saw that virustotal was the only one checked, so I checked the other two.

Clicked the button again, and threatexpert and malware hash windows came up, but it basically just directed me to the website. It didn't pass anything along.

 

I see, thanks for the clarification on that matter.

 

Thanks altruist, Thanks for the info. We are definitely working on it.

Also, I need to rephrase a statement in my previous post. The true cause of the load is because CPU is being utilized to 90% since we wanted the tool to be efficient. Although, this makes the tool efficient this would be hungry to drink the threads that is out there, hence other apps becomes slow. Altruist, it might have been fast in your case since you might have run the StreamArmor alone, instead of running it when Firefox or MediaPlayer or any other memory intensive app is running.

Gen, you are most welcome and thank you so much on your report on Good and Bad. We really liked it and appreciate your work. Feel free to add as much comments as you like on both good and bad, so that we would know what to keep and what to change.

Thank you once again guys.

 

Feel free to shoot us any features that according to you is important for Stream Analysis or detection and that you would like us to add. Based on the following constraints we would prioritize the stuff and add it to the list [you do not have to answer these questions below, but what I am trying to say is that we try to question ourselves with the following, to know if the feature you have requested is going to be added to next immediate release]:

How many people does it help if we add it? Based on the numbers, we get to know if it is useful to all, or useful to some.

Is this doable? It is possible to integrate within existing tool, or should we do a totally different tool to add the functionality you have requested.

Is it going to be quick enough to be added into list for the next immediate release, or is it a long term thing we are looking at?

Is it something that we already have in our list of "Things to do" or is it something new, and if it is something new, does it satisfy all the above points. If yes, we would proceed immediately.

There are various other things that add on or gets removed when we try to prioritize. Fortunately or unfortunately, since we are not a business "yet", we do not do it according to the money flow. But even if we become a business, we would not close the tools that have been openly released, and that are about to be openly released.

If you have any further questions or concerns, feel free to reach us at any point of time at contact.fingers@gmail.c om.

Thank you for your time & concern.