Jeff said:
I doubt that many users of Win7 are using FAT32.
What file system does the CD/DVD media use?
What file system does the USB thumb/flash drive typically use?
If you use online storage, how did you transport the file to there?
Are you saying that it is not possible to copy a file containing an ADS
to an external NTFS-formatted drive and retain the ADS? I haven't been
able to find that info - have you a ref for it? If true, what would be
the point of "infecting" a file via ADS with *.exe malware if it
couldn't be copied from, eg, an internet server to a home computer?
I badly stated what I meant to say. Forks in a file system (aka ADS for
NTFS) often don't survive transport of the forked file. You have to be
careful regarding transport of the file between file systems and hosts
to ensure survival of the forked content (the alternate data stream).
Transport to a file system that doesn't support forked files results in
stripping or separation of the forked content. Zipping the file into an
..zip archive file will strip out the forked content. I haven't tested
FTP but suspect that will strip the forked content as the '[m]get'
command probably only gets the primary stream.
The malware or its installer, when ran, can hide some of its code in an
ADS. If your security software doesn't scan the ADS of files, it may
miss its signature for the code stored there. However, that also means
the security software missed the parent process that executed to then
store some code in an ADS. It's not just malicious code that gets
hidden in an ADS. In the past, there have been trojans whose function
was to disable your computer buy consuming all its disk space which it
did by appending huge randomly generated bytes in the ADS onto many
files. Even if you deleted the malware, its effect remained in place
with all the disk consumption for the ADS. I don't know how much
malware utilitizes the ADS and if they mostly use it to store code
(which still requires a parent process to load which means being
susceptible to detection by security software now or later) or if they
mostly use it to bloat file sizes that are invisible to the user with
the normal tools provided in Windows to consume the disk. I've seen
only a couple cases where code was stored in the ADS but seen more of
the bloated file cases.
I've also seen an anti-virus program (Kaspersky) that uses the ADS.
They would scan a file and then save some hash value (checksum) in the
ADS. On subsequent AV scans, the ADS content was used to determined if
the file had been modified and, if not, would skip that file since it
hasn't changed and has already been scanned. This was their "smart"
scan that would bypass previously scanned files.
http://www.kaspersky.com/news?id=177718126
"Kaspersky Anti-Virus products use NTFS Alternate Data Streams to hold
checksum data about files on the user's system: if a checksum remains
unchanged from one scan to another, Kaspersky Lab's products know the
file has not been tampered with and do not, therefore, require a repeat
scan."
That article was dated 6 years ago so I don't know if Kaspersky is still
using ADS to store its checksums to short-circuit later scans.
The OP just wanted some way to store information with his mpg files.
ADS can do that.
Yes, ADS is "some way". It's not a good stable way except within the
same file system on a host. Files that carry along their own metadata
do that for a reason: the metadata remains intact *in* the file no
matter where the file gets copied.
After over a decade of availability of NTFS with its ADS feature (to
support forked file content), Microsoft still fails to provide an easy
means for users to see if there is an alternate data stream on a file
and what it contains. Windows Explorer has yet to even indicate there
is a non-empty ADS attached to a file.
I agree with you. I guess the best way to get round the problem is to
copy the file to a FAT32 disk, which would strip off any ADS from the
file, then copy the file back to your NTFS disk.
But if you know about ADS (which is required for you to doing the
"strip" by copying between different file systems) then you also know
there are 3rd party tools to manage the ADS. Rather than produce a 2nd
generation copy of a file to get rid of its ADS, use a tool to just
strip the ADS without touching the primary stream.
Not sure what you mean by this. I would assume that the OP would name
the ADS file in the same way any normal file would be named. Even if
the ADS file name had been forgotten, use of something like LADS would
reveal it.
The OP would have to design some template for the data he stores in the
ADS for all his media files. Then there be a uniform layout to that
data so it is recognizable every time he looks at the ADS for each file.
He could make it free-format but he will have to read it himself versus
using it to monitor or control his media files.
Plus the OP will need to provide a means of editing the file, attaching
it as an ADS, and then later extracting the ADS and open in the editor
again. Yes, that can be done but it isn't a simple setup. It certainly
won't be any information that the OP will see as a column in Windows
Explorer or as data presented in the Properties sheet for a file (but
then not all metadata can be presented there, anyway).
For EXIF, there are many 3rd party viewers that can be easily used to
view the metadata. I haven't bothered to investigate if there is an
all-in-one metadata viewer that will show metadata for all filetypes
(that support metadata). It also appears the OP wants to edit the
metadata. For some filetypes, editing is easy but for some a change in
metadata means reencoding the file. The MPG files the OP asked about
don't have metadata in them.
I have seen programs that provide additional info on files. They run as
a background process. For a file, you use this other software to add
notes or comments for the file. Then later you can review those notes.
Alas, I've never bothered to use such file tracking software to add
comments to them so someone else would have to comment on such software.
