In addition to the intended uses, ADS can be used to hide data/files -- which is not necessarily an especially good idea for most users most of the time. The hidden files are not reported by most conventional utilities. Windows tools are inconsistent in their handling of ADS files. For example DIR ignores them, but TYPE will list their content. Special utilities that are intended to detect ADS files do not always succeed if the ADS files are appended to something other than an existing visible file -- for example to a directory. This may be ameliorated in future Windows releases
ADS files are somewhat similar in intent to Windows metafiles. ADS files are not the same as Windows metafiles which are prefixed with a $ and are also hidden in many contexts. Windows meta files are used by the Windows XP operating system to store OS specific information. Syntactically, metafiles start with a $. ADS file names are prefixed with a file name (the associated file name) followed by a colon -- e.g. C:\ASSOCIATED_FILE:HIDDEN_ADS_FILE.TXT. ADS files are preserved in copies/moves of the associated files between/within NTFS systems. The files are lost in a copy/move to a file system such as FAT (e.g. a floppy) that does not support ADS files.
Some analysts have some reservations about the wisdom of Windows ability to carry along hidden files -- possibly executable -- attached to crtitical system files. The concern seems to be that difficult to detect and remove malware might use this feature.
Return To Index Copyright 1994-2016 by Donald Kenney.