alternate data stream (ADS)

An alternate data stream (ADS) is a feature of Windows New Technology File System (NTFS) that contains metadata for locating a specific file by author or title.

An alternate data stream (ADS) is a feature of Windows New Technology File System (NTFS) that contains metadata for locating a specific file by author or title. ADS is supported by all versions of Windows beginning with Windows NT through the current version, Windows 7.

When it comes to security, the danger of ADSes lies in the fact that the information they contain does not alter any noticeable characteristics of the particular file to which they are attached. For example, adding additional "title" data to a file's ADS will not increase the file's size or change its functionality. This makes ADSes, for most intents and purposes, hidden. And this makes them a valuable place for attackers, particularly rootkit builders, to hide their tools.

As of March, 2010, free, open source tools such as StreamArmour are available to detect potentially malicious ADSes on Windows systems.

This was first published in September 2010

Continue Reading About alternate data stream (ADS)

Glossary

'alternate data stream (ADS)' is part of the:

View All Definitions

Dig deeper on Windows Security: Alerts, Updates and Best Practices

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close