Is this not where malware can hide?
New: NAPS2 (Feb 24, 2025), Platform 29.5.3 (Jun 27, 2024)
1,100+ portable packages, 1.1 billion downloads
No Ads!, Please donate today
New: NAPS2 (Feb 24, 2025), Platform 29.5.3 (Jun 27, 2024)
1,100+ portable packages, 1.1 billion downloads
No Ads!, Please donate today
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
What is a file stream?
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
Well I'm not an engineer but my understanding is once you remove an alternate data stream from a file it (the file) may no longer work so it's probably best if they don't exist at all particularly for this kind of get up.
Files you download from the web don't have streams in them. Streams can only be created within NTFS once a program has been run. If there is a stream in the installer itself, that means something else on your system may have infected it.
Sometimes, the impossible can become possible, if you're awesome!
Both IE and Firefox support the Internet Zones of Windows. What this means is that by default (you can disable it in Firefox but not in IE), both browsers will add an alternate data stream to a downloaded executable. This stream is responsible for the 'this file has come from another computer, are you sure you want to run it' message that you see when you try and run a file after downloading it.
You can see if this is the particular stream that you have in your file by right clicking the file in Explorer, going into Properties and checking if the 'unblock' button is active. If so, click it and if that stream is the one you are seeing, it should be removed from the file once you click Ok to exit from Properties. If the button is not active, or the button is (but the stream is still present after you click unblock), then the file has another stream.
I used to have a sig...until one of the mods ate it
I was not aware of that. Checking with AlternateStreamView brought some further clarity on that (alternate stream name is :Zone.Identifier:$DATA for all downloaded pafs so no problem here).
I'd never even thought of that, but it explains something I didn't even question for years...
Thanks - I had forgotten the name of the ADS added by the browsers, but the :Zone.Identifier:$DATA that you mention is in fact the name of it. A utility like AlternateStreamView will also remove that particular ADS if you prefer not to have to click the 'unblock' button on multiple downloaded files.
Not all browsers respect the Zone settings, but I think (please don't quote me on this) Chrome does as well. IE and Firefox most certainly do as I mentioned above. Opera - I don't believe it does (99% sure). The other major browser (Safari) I don't know about.
I used to have a sig...until one of the mods ate it