On 2007-12-30, at 13:10, Steff wrote:
Mind you, I don't think I've ever seen a legitimate piece of software make use of the "alternate data stream" feature of NTFS which many pieces of malware use(d to use) to conceal themselves.
That's because they didn't hack an emulation of it into FAT32, and too many laptops need to be FAT32 for various hateful reasons.
I'm struggling to think of anything more hateful than a major piece of OS functionality which is exclusively of use to black hats.
One that's useful to black hats and ALSO necessary for some other purpose so you can't disable it or otherwise treat anything using it as hostile. :p
Peter da Silva pe...@taronga.com
