Ipanema
@net.br
| reply to jmorlan
Re: Kaspersky, You lost me at ISwift..
said by jmorlan  : I want an NTSF identifier removal tool... »www.microsoft.com/technet/sysint···ams.mspx
Usage: streams [-s] [-d] file or directory |
|
representing
5th Sniper
join:2001-01-20
Prince George, BC
 ·TELUS
| Not sure why there is so much issue....as a user i felt that purchasing the 'Ghost' Software was worth it...Fresh Install + updated drivers...and i take an image n label it...i have since made an image after every software install...if i decide to remove something i just format the drive and restore the image from DVD...then install whatever is leftover from backup drives....Seems this could all be avoided with some prep time before blindly installing something...lol |
|
salzan
Experienced Optimist
Premium
join:2004-01-08
WA State | reply to StraitShoot
If I understand this correctly, the identifiers are not copied by Acronis TI. What happens if you uninstall KAV, take an image and restore the image?
I would do this using the recovery CD, not from within Windows. |
|
jmorlan
Hmm... That's funny.
Premium
join:2001-02-05
Pacifica, CA
·Pacific Bell - SBC
1 edit | reply to Ipanema
That can remove ADS, but has nothing to do with NTSF object identifiers placed in your file system by ISwift. At this time there is no tool which can delete these identifiers.
For a description of the NTFS object identifiers and a possible programing solution see here. |
|
Blue2
Premium
join:2004-04-14
France
| reply to representing
said by representing :.Seems this could all be avoided with some prep time before blindly installing something...lol Sorry, I think that misses the point. I have backup drives and computers, but that doesn't release a manufacturer from acting "responsibly".
All this would be simply avoided if software manufacturers like Kaspersky didn't blindly install something in the first place without permission. Remember DRM?. Why should it be a user responsibility to protect against this? I agreed to install software, nothing more. Where did I agree to have permanent system changes made that can't be undone even when the software is uninstalled?
Imagine installing a light bulb and having it change your entire electrical system forever, optimized for those brands of light bulbs but wreaking havoc if another brand is used. Call it unfair business practices, restraint of trade, etc. but the point is that it's my computer and any manufacturer that wants to make permanent changes that might disable its use should be forced to disclose this. |
|
Don Pelotas
join:2004-12-10
2 edits | reply to cork1958
said by cork1958 :I'm ass-uming this is using KAV 7, as I have KAV6 installed on 5 of my machines and have never even seen ISwift. Knew there had to be another reason for not updating to newest version.  This could rather devaststing for Kaspersky's reputation, whether it's their fault or not! Don't let scaremongers affect your choice, that is exactly what they are out to do
6.0 & 7.0 are basicly the same with a different GUI and better heuristics in 7.0. So if you like 6.0 you will most likely like 7.0 because it is IMO nicer and lighter on resouces for most that have used it already.  |
|
jmorlan
Hmm... That's funny.
Premium
join:2001-02-05
Pacifica, CA
·Pacific Bell - SBC
| said by Don Pelotas :Don't let scaremongers affect your choice, that exactly what they are out to do It's not scaremongering to point out that KAV/AVS makes permanent changes to the NTFS file system which have unwanted side-effects. Calling it "scaremongering" does not help KAV resolve what is rapidly turning into a public relations fiasco.
Actually I like KAV. I think it's the best at detection and the best at rapid updating. I have no interest in making people move to another AV. I'm just interested in having KAV address this issue in a substantive way and fixing it. |
|
clocks11
join:2002-05-06
00000
| reply to Don Pelotas
"Don't let scaremongers affect your choice, that is exactly what they are out to do"
Wake up. This is a real issue. I realize you work for Kaspersky, but fact is many do not like their hard drive being messed with. This issue has occurred on more than a few PCs. |
|
Don Pelotas
join:2004-12-10
| I wide awake and do not work for Kaspersky. I'm not saying it might not be an issue, i'm saying someone who are not seeing an issue should not be scare by those trying to blow this up to a scale which is totally out of porportion even is it does not seem like if you take anything posted in this thread as gospel. That is what i'm saying and i'm right. Again i'm saying if you have used Kaspersky 6.0 for a year without issue's and are otherwise happy............then ignore the rants and continue. |
|
clocks11
join:2002-05-06
00000
| Any time a post about Kaspersky pops up, you are there, no matter what website. Also, you are a moderator on the Kaspersky forums. So in a way, you are working for Kaspersky. You are at the very least far from being a neutral party.
As much as Kaspersky tries to sweep this problem under the rug, it is still effecting people. KAV and KIS are for the most part great packages. I just wish they would fix this issue, instead of pretending it does not exist. |
|
Don Pelotas
join:2004-12-10
| said by clocks11 :Any time a post about Kaspersky pops up, you are there, no matter what website. Also, you are a moderator on the Kaspersky forums. So in a way, you are working for Kaspersky. You are at the very least far from being a neutral party. As much as Kaspersky tries to sweep this problem under the rug, it is still effecting people. KAV and KIS are for the most part great packages. I just wish they would fix this issue, instead of pretending it does not exist. That is untrue...flattering to a point, but untrue, i participate in three forums (Kaspersky included), so altough i appreciate you need to put a spin on things.....that simply is not true, i simply do not have the time to be even remotely close to post "everywhere" even in those forums. Yes, i'm not neutral, but that doesn't mean i'm a liar and it doesn't mean i can't be right even if my opinion is not what you like to hear.
Yes, if there is something to fix it should be fixed, on that we can certainly agree and nobody "tries to sweep this problem under the rug", like hpguru said: "how they are supposed to fix an issue they cannot reproduce."? |
|
jmorlan
Hmm... That's funny.
Premium
join:2001-02-05
Pacifica, CA
·Pacific Bell - SBC
| said by Don Pelotas :...Yes, if there is something to fix it should be fixed, on that we can certainly agree and nobody "tries to sweep this problem under the rug", like hpguru said: "how they are supposed to fix an issue they cannot reproduce."? It's remarkable that they cannot reproduce this issue which has now been so well documented by so many users that it ceased to be controversial a long time ago.
But regardless of reproducing the symptoms, we want a tool to remove the NTSF object identifiers which KAV's iSwift has left on our system even after the program has been uninstalled. There is no question at all that these object identifiers are left over after uninstallation. KAV admits as much. If they don't cause reproducible symptoms for them, that doesn't mean they shouldn't do the right thing and restore our file systems to the way they were.
We need a removal tool and the time is long past for KAV to provide such. I have no interest in arguing with you or anybody in customer support about whether you have symptoms. I know I have symptoms and I know who caused it.
What possible harm is there to giving affected customers a working removal tool? |
|
clocks11
join:2002-05-06
00000 | reply to Don Pelotas
Don - All it takes is a google search to see that you are responsible for KAV public relations. |
|
jeisenberg
New Year's Eve
join:2001-07-06
Windsor, ON
 ·Cogeco Cable
 ·Cogeco Voip
1 edit | reply to jmorlan
said by jmorlan :What possible harm is there to giving affected customers a working removal tool? I'm very new to this problem and this discussion.
First, is it possible for a file to have MULTIPLE object identifiers associated with a file (and wouldn't that make it potentially dangerous to try to remove them).
Second, wouldn't Kaspersky be releasing potentially useful information to malware authors if they were to release a utility that identifies and removes their object identifiers? Surely, this would make it easier for future malware to maliciously remove and/or alter these identifiers.
Edit: Third, if it's true that simply copying/deleting/restoring a file will remove the object identifier, shouldn't it be relatively easy to create third party utilities (not created by Kaspersky) that will simply traverse an entire disk volume and do that kind of cyclical operation? |
|
jmorlan
Hmm... That's funny.
Premium
join:2001-02-05
Pacifica, CA
·Pacific Bell - SBC
| No, there is only one tracking identifier per file. A description of object tracking file identifiers is here:
»msdn2.microsoft.com/en-us/librar···997.aspx
quote:
Object Identifiers
The link tracking service maintains its link to an object by using an object identifier (ID). An object ID is an optional attribute that uniquely identifies a file or directory on a volume.
An index of all object IDs is stored on the volume. Rename, backup, and restore operations preserve object IDs. However, copy operations do not preserve object IDs, because that would violate their uniqueness.
You can perform the following operations on object IDs:
* Creation
* Deletion
* Query
When you create an object ID, you establish the identity of the file to the link tracking service. Conversely, when you delete an object ID, the link tracking service stops maintaining links to the file. For a list of the file system control codes that perform operations on object IDs, see File Management Control Codes..
The distributed link tracking service tracks link sources for shell shortcuts and OLE links within NTFS file system volumes. The link client can fix a broken link with updated information on the new location of the link source.
You can eliminate the object IDs in a number of ways including ordinary copy operations. Dantz has documented that it is possible to rid a system of these NTSF-identifiers by copying them to another drive. Deleting the originals and copying them back. Interestingly, this also fixes the CHKDSK issue!
Exactly how iSwift tracks changes to files is proprietary, but it appears that file object identifiers are compared to a database stored in the hidden system file fidbox.dat. If they don't match, then KAV/AVS scans the file assuming it's either new or has changed since the last scan.
For malware to do an end-run would require them to read the data from Fidbox.dat and then put the correct identifier back on the file index after changing it. I'm not clear on how easy that would be to do. But removing the identifiers would just cause KAV/AVS to scan all the files all over again and put new NTSF identifiers in their indexes.
With an NTSF-identifier removal tool, it would up to the user whether they wanted the changes to the file system to be permanent. That's a choice I think we should have. |
|
StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA
3 edits | reply to Don Pelotas
said by Don Pelotas :said by cork1958 :I'm ass-uming this is using KAV 7, as I have KAV6 installed on 5 of my machines and have never even seen ISwift. Knew there had to be another reason for not updating to newest version. This could rather devaststing for Kaspersky's reputation, whether it's their fault or not! Don't let scaremongers affect your choice, that is exactly what they are out to do 6.0 & 7.0 are basicly the same with a different GUI and better heuristics in 7.0. So if you like 6.0 you will most likely like 7.0 because it is IMO nicer and lighter on resouces for most that have used it already. Fellas, it seems that the KAV Fanboys like Mr. Pelotas here and a couple of others are joining in this thread. Desperate to say anything to save Kaspersky, because the folks at Kaspersky are NOT doing the right thing by correcting their mistake, instead all I hear are two basic lines of thought...
1. Why are you making it a big deal? Everything is "a-Okay=Rosy". Just ignore it, or do this Mickey Mouse'sweep it under the rug".. solution...
and 2. Anyone who dare speak ill of Kav is a KAV scaremonger!
Hey, HOW ABOUT DOING THE RIGHT THING AND ...
1. Fix the problem!
2. Warn future users!
I should have known with KAV 5... SHeeesh...
I don't care, this issue is a serious, oh, SERIOUS breach of trust with Kaspersky and the general public. It's disgusting how they treat the issue and the user at Kaspersky...
I'm stunned; Spyware companies are sometimes kinder...
--
"Who Loves Ya Baby?" |
|
Dr Tweak
join:2004-09-23
Chesapeake, VA
| This is the absolute worst forum that I read and post on, members such as yourself StraightShoot cannot stay on topic for anything. Do you even read what others post? Did you read what I have posted? The questions I have asked? All you want to do is bash others and call them "fan boys". I have stated the truth, what I have seen, which is never seeing this issue with hundreds of installs. I have wondered since I have seen others complain about this for quite some time what is different about the installs I have done or what is the common denominator that causes this issue. And so far it seems from the few that have answered my questions that it is related to system restore. I'm not denying others have had this issue, just wondering why I have never seen it and looking for a solution. But members such as yourself take things so far off topic and turn the thread into a fight that nothing ever gets resolved. As others have stated here, why not help look for a solution rather then just complain? There aren't many software makers that are as open as Kaspersky Labs when it comes to support, anyone can speak directly to their developers by posting on their forums.
|
|
Dogwood
Premium
join:2001-01-14
Texas
clubs: 
| reply to StraitShoot
I have KAV 6 installed on 2 PCs and just ran "chkdsk on next restart" with no problem on both, I checked to 2 boxes "auto fix" and "repair".
The time to complete is unknown, because I have better things to do than sit and watch it.
I let KAV install with default settings.
I have not run a full system scan though on 1 PC, I think I'll do that now and re-run chkdsk, just to see.
I'm no expert, but shouldn't a problem such as mentioned here be present on all systems with KAV, or else it's some other program on the affected PCs that causing it.
--
Proud Member of Team Discovery |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| said by Dogwood :I have KAV 6 installed on 2 PCs and just ran "chkdsk on next restart" with no problem on both, I checked to 2 boxes "auto fix" and "repair". The time to complete is unknown, because I have better things to do than sit and watch it. if there is nothing to fix chkdsk will run relatively fast, minute or two, could be less, depending on hd perfomance.
Cudni
--
"Mercifully, he hit him with the soft end of the pistol." Help yourself so God can help you.MVP, Microsoft Windows Security 2006-2007 |
|
StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA
4 edits | reply to Dr Tweak
KavUser,
Give me a break..Don Pelotas started the problem by calling us disgruntled and upset customers "Scaremongers"...
Can you provide me with a removal tool?
I read the forums both here and at the KAV forum. Seems to me all they are doing there at Kaspersky is just barely acknowledge the problem even exists, and they probably hope the problem will go away.
After I finish re-imaging my systems, KIS 6 will go away forever, BUT I WON'T!
Who am I? Who are you? Who is Don Pelotas?
Look, here's the deal; If Kaspersky released KIS 6 or Kav 6 with the knowledge (and they knew) that once someone installs their software their "file identifiers" were going to stick to all the files of a user, and there is NO solution to remove them, then they should NOT have released KAV or KIS6.0 with it's ISwift technology.
Oh, I forgot, if they did that then they would have a very slow KAV or KIS6, is that right?
That justification doesn't mean they are right. Mele20, myself, and everyone else should have been told.
Case closed...and have a nice day!
--
"Who Loves Ya Baby?" |
|
