"VanguardLH" wrote in message
In addition, Windows Explorer will never show you the size of Alternate
Data Streams (ADS) added to a file. For example, I can create a .txt
file whose primary data stream chews up only, say 5KB but then add an
alternate data stream that is gigabytes in size. Windows Explorer,
'dir', and other normal file utilities will only show you the size of
the primary data stream.
You know the implication of this is that a hacker who gains control of your
system could hide an entire encrypted partition inside the ADS of a single
file and most users would never have any clue that this existed.
Given that it would surely be useful to have a service running 24x7 that
looked for abnormally large files or ADS streams on specified partitions and
sent out a warning when any are found.
There are utilities to add-on to Windows Explorer to let users see the
streams, if any (other than the default/primary one), attached to a
Haven't used it so cannot comment on its usefulness. There are probably
other shell extensions that make it convenient to check for and view
streams on folders or files using Windows Explorer.
Gets even worse in Windows 7, and later, where Microsoft decided to use
this NTFS feature to further block file access by even admin-level users
(whether they are in the Administrators group using their own account or
even if using the Administrator account). See:
Their NT6 Fix utility sounds a lot like the Take Ownership utility that
I installed that appears as a context menu entry when I right-click on a
folder or file.