-
Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!
Alternate Data Streams not deleting under Windows 8.1 and Windows 10
- Thread starter c627627
- Start date
- Joined
- Dec 27, 2008
There has been concern that the Intel ME chip on the motherboard allows them to remotely control your computer and has potential for great evil in the wrong hands. Though, there is no real evidence that it has been used for any evil purposes to this point. Let me see if I can find that article I read recently.
- - - Updated - - -
Here: http://hackaday.com/2016/01/22/the-trouble-with-intels-management-engine/
Not sure it was the original article I was referring to but it will suffice. The ME is a very mysterious technology cloaked in secrecy.
- Joined
- Aug 14, 2014
Thread i started 3 months ago also had this link about IME security : https://boingboing.net/2016/06/15/intel-x86-processors-ship-with.html?fk_bb
OP
- Joined
- Feb 18, 2002
- Thread Starter
- #25
Yea, it's always the same thing.
It's not whatever they come up with - it's that they don't let us choose to have it or not.
With Alternate Data Streams, I an install Windows 8.0 or lower on another partition, reboot into it, remove them, done.
You can't do anything about hardware limitations except not upgrade.
And we can do that, but for how long?
This is a losing game.
It's not whatever they come up with - it's that they don't let us choose to have it or not.
With Alternate Data Streams, I an install Windows 8.0 or lower on another partition, reboot into it, remove them, done.
You can't do anything about hardware limitations except not upgrade.
And we can do that, but for how long?
This is a losing game.
Last edited:
I just checked with a friend in the anti-malware arena, who says that it's possible with FRST, additions.txt section of the FRST tutorial at GeeksToGo: http://www.geekstogo.com/forum/topi...o-use-farbar-recovery-scan-tool/#entry2350720
Though I suspect for the usage you envisage, booting from a WinPE or similar and stripping them may be easier.
I'd suggest that you also check why all downloads have ADS, might it be from usage of HTTPS Everywhere or similar, perhaps from IE/Edge and SmartScreen?
Though I suspect for the usage you envisage, booting from a WinPE or similar and stripping them may be easier.
I'd suggest that you also check why all downloads have ADS, might it be from usage of HTTPS Everywhere or similar, perhaps from IE/Edge and SmartScreen?
OP
- Joined
- Feb 18, 2002
- Thread Starter
- #27
01. Download ADSScannerSetup.exe from http://www.pointstone.com/products/ADS-Scanner/
2. Create folder named (for example) 1 on C: drive and copy ADSScannerSetup.exe to that folder. In other words, copy ADSScannerSetup.exe to folder C:\1
Now clean the contents of folder C:\1
If you are successful, file ADSScannerSetup.exe inside C:\1 will no longer have ADS.
But the same file you originally downloaded still will.
2. Create folder named (for example) 1 on C: drive and copy ADSScannerSetup.exe to that folder. In other words, copy ADSScannerSetup.exe to folder C:\1
Now clean the contents of folder C:\1
If you are successful, file ADSScannerSetup.exe inside C:\1 will no longer have ADS.
But the same file you originally downloaded still will.
Last edited:
Okay, I was furtively using someone else's notebook somewhere between 04:00 and 05:00 here - W10 Home (1511, I think) on the slowest NTFS SSD-equipped notebook in the County: the ADS Scanner setup file did not download with ADS. Of the 37 files in the Downloads folder, AlternativeStreamView flagged 34 as having ADS, ADSScannerSetup was not one of them.
AlternativeStreamView appeared to have no trouble removing ADS from the files in the Downloads folder, no confirmations required, no Permissions errorss, nothing.
As you might imagine, I'm now pretty puzzled and all I can think at the moment of goes back to this:
AlternativeStreamView appeared to have no trouble removing ADS from the files in the Downloads folder, no confirmations required, no Permissions errorss, nothing.
As you might imagine, I'm now pretty puzzled and all I can think at the moment of goes back to this:
- Joined
- Aug 14, 2014
Ok so, downloaded videos/images/mp3/programs from several websites and the program successfully deleted ADS (not all files had them). I then copied them to another folder and my system did not add anything to them. Re-downloaded a few programs to the Downloads folder for troubleshooting and they were successfully deleted as well. I use Firefox and my addons consist of Ublock Origin and Magic Actions for Youtube (HTTPS Everywhere and Decentraleyes break quite a few websites i usually go to so i stopped using them for now).
EDIT: a "select all" button would be a nice feature to this program.
EDIT: a "select all" button would be a nice feature to this program.
Last edited:
OP
- Joined
- Feb 18, 2002
- Thread Starter
- #31
I found out that Comodo Firewall freeware is the culprit, after Nirsoft owner wrote me back to say that he can remove ADS from Windows 10.
I felt bad for unjustifiably going after Microsoft.
It turns out that new Auto-Sandboxing feature of Comodo Firewall labels every file you download by default.
Once disabled, future downloads will not be labeled by Comodo Firewall attaching Alternate Data Streams to them... HOWEVER existing ADS cannot be removed until Comodo Firewall is completely removed from the system.
I found all this out by undertaking a massive project of completely reinstalling everything on my system after Nirsoft guy told me Microsoft was NOT to blame.
I now have several threads going at Comodo forums about Comodo's dirty little secret.
Their moderators told me to "just" take ownership of every file and every folder in order to remove ADS from them... an impractical ridiculous concept.
Instead, I will remove Comodo 8 completely and install Comodo 7 where this is not a problem.
Comodo intercepts both incoming and outgoing phone home attempts so that is why it was always an invaluable program. Almost all other Firewalls incredibly and most unbelievably ONLY intercept incoming traffic but not outgoing attempts from programs to phone home with our personal data. That is the only reason why I stuck with Comodo ever since switching away from Windows XP where ZoneAlarm 5 was the only program in the world, again INCREDIBLY which could intercept an app phoning home. ZoneAlarm 5 didn't work on OS after WinXP where I still use it to this day, and so since ZoneAlarm 6 and later was a problem to use, enter Comodo
This entire experience has been a sobering life lesson on thinking twice before unleashing your anger unjustifiably.
I falsely accused Microsoft.
Now I have to beg Bill for forgiveness?
Or maybe we are even now for all the other legitimate problems they caused, haha?
I felt bad for unjustifiably going after Microsoft.
It turns out that new Auto-Sandboxing feature of Comodo Firewall labels every file you download by default.
Once disabled, future downloads will not be labeled by Comodo Firewall attaching Alternate Data Streams to them... HOWEVER existing ADS cannot be removed until Comodo Firewall is completely removed from the system.
I found all this out by undertaking a massive project of completely reinstalling everything on my system after Nirsoft guy told me Microsoft was NOT to blame.
I now have several threads going at Comodo forums about Comodo's dirty little secret.
Their moderators told me to "just" take ownership of every file and every folder in order to remove ADS from them... an impractical ridiculous concept.
Instead, I will remove Comodo 8 completely and install Comodo 7 where this is not a problem.
Comodo intercepts both incoming and outgoing phone home attempts so that is why it was always an invaluable program. Almost all other Firewalls incredibly and most unbelievably ONLY intercept incoming traffic but not outgoing attempts from programs to phone home with our personal data. That is the only reason why I stuck with Comodo ever since switching away from Windows XP where ZoneAlarm 5 was the only program in the world, again INCREDIBLY which could intercept an app phoning home. ZoneAlarm 5 didn't work on OS after WinXP where I still use it to this day, and so since ZoneAlarm 6 and later was a problem to use, enter Comodo
This entire experience has been a sobering life lesson on thinking twice before unleashing your anger unjustifiably.
I falsely accused Microsoft.
Now I have to beg Bill for forgiveness?
Or maybe we are even now for all the other legitimate problems they caused, haha?
Last edited:
OP
- Joined
- Feb 18, 2002
- Thread Starter
- #32
Further information in this issue.
First of all and once again Microsoft was NOT to blame. Apologies to the Microsoft Corporation. Labeling downloaded files to track user habits is not what Microsoft does!!
[That is what Windows 10 Telemetry is for,
lol]
So back to the real culprit - Comodo Firewall. This was the best rated Firewall for a very long time. There simply was no competition. It intercepts anything trying to get in. It intercepts apps phoning home. It intercepts anything trying to get out without you permission. Great software. Then, as is custom, they started introducing fishy new features. One of them was to by default turn on file source tracking. It labels all your downloads. There is a very difficult to get to option that turns that off.
Right click on the Comodo icon in the task bar > Open... > Tasks [upper right] > Advanced Tasks [lower left] > Open Advanced Settings [lower right] >
> Security Settings > Defense+ > Sandbox > Auto-Sandbox > UNCHECK: Enable file source tracking > OK
[otherwise each downloaded file will be labeled with Alternate Data Stream data]
Does that qualify as a hidden feature? Lots of steps and easy to not be aware it is there.
Well turning this feature off really does stop Comodo from tracking your future downloads.
But the kicker is, you can never remove the labels from already labeled files (!)
You have to remove Comodo from the system to do that.
SO I push this and I push this and there are two things.
1. It's hard to get people to just say, YES that is a bug. It should be fixed.
2. Posters are offering workarounds, remove Comodo 8, now you CAN remove Alternate Data Streams, install Comodo 10.
AS IF this is about a file or two that you want ADS removed from and not about the ability to ALWAYS remove ADS whenever you want.
Not to mention that version 10 which is still in Beta very much prevents you from removing ADS too.
So then I just said
I now have a feeling that the developers have been aware of this issue for some time.
If we can move to accepting that this is a side-effect of having Comodo software installed, that it is the price we pay for having Comodo installed, it would then be nice if someone posted something about the background of this problem.
Why it is happening and why it cannot be fixed.
At first there was a concern that all these workarounds served to prevent this issue from being taking seriously and finally resolved, but I am leaning towards this being a long-term problem and that it has been for a while.
Have you seen anyone post on the forums what the background story is, why does Comodo prevent ADS removal? What is it that makes this not an option you can tick?
Because labeling files is a way to track things, track people, by definition.
Explaining why Comodo blocks removal of ADS would prevent people from incorrectly assuming there are other reasons for keeping those Alternate Data Streams attached to people's personal files.
Because of Microsoft's new business model, evident in Windows 10, I incorrectly thought that it was Microsoft and not Comodo who was responsible.
Telemetry is front and center business model for Microsoft now. Data Mining. Microsoft is now doing what Google was doing all these years. Targeted advertising is big business.
Tracking people's habits is central in that business model and that it why it wasn't out of place to think it was Microsoft.
But it wasn't Microsoft. It is Comodo.
So in conclusion, an explanation of why this is happening would go a long way in countering any discussion that Comodo has a hand in the telemetry-related world we live in today.
In other words, is blocking ADS removal a bug or is this by design?
First of all and once again Microsoft was NOT to blame. Apologies to the Microsoft Corporation. Labeling downloaded files to track user habits is not what Microsoft does!!
[That is what Windows 10 Telemetry is for,
lol]So back to the real culprit - Comodo Firewall. This was the best rated Firewall for a very long time. There simply was no competition. It intercepts anything trying to get in. It intercepts apps phoning home. It intercepts anything trying to get out without you permission. Great software. Then, as is custom, they started introducing fishy new features. One of them was to by default turn on file source tracking. It labels all your downloads. There is a very difficult to get to option that turns that off.
Right click on the Comodo icon in the task bar > Open... > Tasks [upper right] > Advanced Tasks [lower left] > Open Advanced Settings [lower right] >
> Security Settings > Defense+ > Sandbox > Auto-Sandbox > UNCHECK: Enable file source tracking > OK
[otherwise each downloaded file will be labeled with Alternate Data Stream data]
Does that qualify as a hidden feature? Lots of steps and easy to not be aware it is there.
Well turning this feature off really does stop Comodo from tracking your future downloads.
But the kicker is, you can never remove the labels from already labeled files (!)
You have to remove Comodo from the system to do that.
SO I push this and I push this and there are two things.
1. It's hard to get people to just say, YES that is a bug. It should be fixed.
2. Posters are offering workarounds, remove Comodo 8, now you CAN remove Alternate Data Streams, install Comodo 10.
AS IF this is about a file or two that you want ADS removed from and not about the ability to ALWAYS remove ADS whenever you want.
Not to mention that version 10 which is still in Beta very much prevents you from removing ADS too.
So then I just said
I now have a feeling that the developers have been aware of this issue for some time.
If we can move to accepting that this is a side-effect of having Comodo software installed, that it is the price we pay for having Comodo installed, it would then be nice if someone posted something about the background of this problem.
Why it is happening and why it cannot be fixed.
At first there was a concern that all these workarounds served to prevent this issue from being taking seriously and finally resolved, but I am leaning towards this being a long-term problem and that it has been for a while.
Have you seen anyone post on the forums what the background story is, why does Comodo prevent ADS removal? What is it that makes this not an option you can tick?
Because labeling files is a way to track things, track people, by definition.
Explaining why Comodo blocks removal of ADS would prevent people from incorrectly assuming there are other reasons for keeping those Alternate Data Streams attached to people's personal files.
Because of Microsoft's new business model, evident in Windows 10, I incorrectly thought that it was Microsoft and not Comodo who was responsible.
Telemetry is front and center business model for Microsoft now. Data Mining. Microsoft is now doing what Google was doing all these years. Targeted advertising is big business.
Tracking people's habits is central in that business model and that it why it wasn't out of place to think it was Microsoft.
But it wasn't Microsoft. It is Comodo.
So in conclusion, an explanation of why this is happening would go a long way in countering any discussion that Comodo has a hand in the telemetry-related world we live in today.
In other words, is blocking ADS removal a bug or is this by design?
Alaric
New Member
- Joined
- Dec 4, 2011
- Location
- Satan's Colon, US
I wouldn't sweat the M$ guilt. They are partly to blame for the assumption. If it looks like a duck, quacks like a duck, and is frequently seen in the company of ducks, it is reasonable to assume the avian in question is indeed a duck.
I'm old enough to remember all the warnings from "crackpots" about the massive intrusions in to our personal lives technology would bring. That was 40 years ago. Their vindication was slow, but it is here.
I'm old enough to remember all the warnings from "crackpots" about the massive intrusions in to our personal lives technology would bring. That was 40 years ago. Their vindication was slow, but it is here.
OP
- Joined
- Feb 18, 2002
- Thread Starter
- #34
The plot thickens.
Comodo released a brand new version and it still blocks ADS removal.
FROM COMODO SUPPORT FORUMS:
I just wanted to point this out to anyone reading this:
If you are talking about Alternate Data Streams, many experienced posters on Comodo forums will answer you as if you are talking about ADS added by Comodo, which it used to do by default... This is a typical example posted just now as an answer in the Comodo 10 announcement thread:
Do you see where it says, "No new ADS will need to be created by CIS 10" ?
9/10 times you have to actually go out of your way to remind people that Alternate Data Streams can be and are created by *other* people using *other* programs, to hide malicious and dangerous code, not just Comodo software, which used to to this by default.
So, since security is why we are all using Comodo, it's a bit of a surreal situation of us having to explain the importance of removing Alternate Data Streams... to Comodo (!)... The questions that come out of all this are "do they really think only Comodo adds ADS" "do they really not know the dangers of ADS used by people trying to compromise our systems" and most importantly "what is the real reason Comodo continues to block ADS removal" because other than attacks, are Alternate Data Streams a privacy concern?
When Comodo itself used to add ADS to every single download we made, could that have been used as a privacy issue, and by that I don't mean the illegal kind, but Windows 10 telemetry kind, kind of like Microsoft collecting private data from us under Windows 10 by default, and as we all know there are hundreds or thousands of news articles pointing out privacy issues that come with Windows 10 Telemetry.
So in short: Comodo is making sure that Alternate Data Streams cannot be removed routinely, quickly, easily.
Can they be doing so for reasons other than simply not being good programmers to allow us to do this?
Theoretically, does Comodo have any interest in making sure Alternate Data Streams, which they used to add to *every* single download we ever made (by default) - remain attached to our downloaded files, compromising our privacy, legally or illegally (that part doesn't matter - Windows 10 Telemetry is legal, and it very much compromises people's privacy, and that is a fact, not an opinion.)
Is Comodo compromising our privacy in any way?
Does Comodo block ADS removal because of a bug or is this done on purpose, by design?
Comodo released a brand new version and it still blocks ADS removal.
c627627 said:
FROM COMODO SUPPORT FORUMS:
I just wanted to point this out to anyone reading this:
If you are talking about Alternate Data Streams, many experienced posters on Comodo forums will answer you as if you are talking about ADS added by Comodo, which it used to do by default... This is a typical example posted just now as an answer in the Comodo 10 announcement thread:
mouse1 said:
Do you see where it says, "No new ADS will need to be created by CIS 10" ?
9/10 times you have to actually go out of your way to remind people that Alternate Data Streams can be and are created by *other* people using *other* programs, to hide malicious and dangerous code, not just Comodo software, which used to to this by default.
So, since security is why we are all using Comodo, it's a bit of a surreal situation of us having to explain the importance of removing Alternate Data Streams... to Comodo (!)... The questions that come out of all this are "do they really think only Comodo adds ADS" "do they really not know the dangers of ADS used by people trying to compromise our systems" and most importantly "what is the real reason Comodo continues to block ADS removal" because other than attacks, are Alternate Data Streams a privacy concern?
When Comodo itself used to add ADS to every single download we made, could that have been used as a privacy issue, and by that I don't mean the illegal kind, but Windows 10 telemetry kind, kind of like Microsoft collecting private data from us under Windows 10 by default, and as we all know there are hundreds or thousands of news articles pointing out privacy issues that come with Windows 10 Telemetry.
So in short: Comodo is making sure that Alternate Data Streams cannot be removed routinely, quickly, easily.
Can they be doing so for reasons other than simply not being good programmers to allow us to do this?
Theoretically, does Comodo have any interest in making sure Alternate Data Streams, which they used to add to *every* single download we ever made (by default) - remain attached to our downloaded files, compromising our privacy, legally or illegally (that part doesn't matter - Windows 10 Telemetry is legal, and it very much compromises people's privacy, and that is a fact, not an opinion.)
Is Comodo compromising our privacy in any way?
Does Comodo block ADS removal because of a bug or is this done on purpose, by design?
Similar threads
