Feature request: protection from ADS

[MSAS Fan]

Just wondering if Microsoft Antispyware have ADS
protection? for more info on ADS check here:
http://www.pcworld.com/news/article/0,aid,118781,00.asp

ADS is a highly technical way to hide images, data, or
code in a file and can be used to hide malicious code.
The hidden content is impossible to detect using
regularly-available tools, such as Windows Explorer.

Spysweeper 4.0 has this as a new features: Alternate Data
Stream (ADS) Execution Shield.

maybe microsoft should consider adding such feature.

 

[Bill Sanderson]

Microsoft Antispyware definitely targets malware which has attributes of a
rootkit. It removes at least one such piece of code, although I don't
recall whether that one uses ads.

I can't answer this one authoritatively, but I'll say that although there is
a line between spyware and virus that I don't know how it is drawn, I would
expect that a piece of software which meets the coverage criteria of
Microsoft Antispyware and which makes use of ads to do its dirty work, would
be targeted.

 

[Guest]

Will Microsoft antivirus on Window Onecare have the
advantage over all the antivirus compnany, since
microsoft know how to detect rootkits.

 

[Bill Sanderson]

The antivirus companies know how to detect rootkits too--google on
F-secure's blacklight tool, which is still in free beta status, I believe.

You're definitely highlighting a significant issue though--most folks agree
that the old standard of virus detection via signatures won't do the job in
the future, and that such detection needs to be smarter. Microsoft
Antispyware's real-time protection partly models one way to improve on the
old model, and I expect that an antivirus solution from Microsoft will also
be smarter. Witness the Malicious Software Removal tool about which the
EULA is the most visible part--but I know they collect stats about how many
bugs that cleans on a monthly basis.

--