[vezzy-fnord]

The utility of such a feature relative to its security, integrity and astonishment costs can be debated, however. ADS in NTFS has long been a subject of pain, for instance, though I'm unaware of its present status.

[gnu8]

I think it is chiefly used by malware developers at this time.

[ADSstreamsthrow]

It's used widely by popular applications (Adobe / Microsoft software products).

[mst]

Which are, in my experience, more ransomware than malware.

[makomk]

To be fair, it's also used by DRM schemes and those aren't technically malware as such.

[kennu]

I agree that they could probably be deprecated and removed nowadays. There used to be a transition time when people ran old Mac OS applications on OS X.