KAV got some bad press not long ago when it was bashed because supposedly their new release fragged the heck out of files, in particular System Restore files and supposedly it messed them up enough that sys restore got whacked. Speculation was this was due to how the new version of KAV was handling ADS. I don't know what that it is. I chose not to evaluate KAV because of this. I now have my laptop configured with AVG (I like it) and SPF (like that too). Here's the funny part ... I'm evaluating PerfectDisk and it defrags my system to ZERO percent fragmentation. After a few security scans ... AVG, Ad-Aware, S&D, TH, etc., the disk is fairly fragged. Guess what files are the most fragmented? Yep, sys restore. Maybe whatever is happening isn't unique to how KAV handles ADS and maybe it's not ADS at all. Bottom line for me is this: do security scans, you get fragged.

ADS is a way to infect WinNT systems that is very difficult to kill... I don't know the details about it and probably someone who knows more about the inner workings of Windoze can tell you... I do know it makes cleaning some computers extremely difficult...

I got off my lazy duff and did a wee bit of looking. You are, of course correct. What started out as a "feature" in Windoze and is still used by legit developers is a nice security weakness ... go figure. From what little I read you, a developer, or anyone can append (they use the term fork) one file onto another and leave almost no trace--no change in the original filename, size, etc. For example, you could append a file onto notepad.exe or calculator.exe. The only thing that may change is the time/date stamp. Then what you appended (i.e., hacker tools) can be executed/manipulated without the owner/admin knowing it was ever there. Clever. :eek: