Connect with us

Cyber Security

7-zip now supports Windows ‘Mark-of-the-Web’ security feature

Published

on

7-zip has finally added support for the long-requested ‘Mark-of-the-Web’ Windows security feature, providing better protection from malicious downloaded files.

When you download documents and executables from the web, Windows adds a special ‘Zone.Id’ alternate data stream to the file called the Mark-of-the-Web (MoTW).

This identifier tells Windows and supported applications that the file was downloaded from another computer or the Internet and, therefore, could be a risk to open.

When you attempt to open a downloaded file, Windows will check if a MoTW exists and, if so, display additional warnings to the user, asking if they are sure they wish to run the file.

Launching a downloaded executable containing a MoTW
Launching a downloaded executable containing a MoTW
Source: BleepingComputer

 Microsoft Office will also check for the Mark-of-the-Web, and if found, it will open documents in Protected View, with the file in read-only mode and macros disabled.

Word document opened in Protected View
Word document opened in Protected View
Source: BleepingComputer

To check if a downloaded file has the Mark-of-the-Web, you can right-click on it in Windows Explorer and open its properties.

If the file contains a MoTW, you will see a message at the bottom stating, “This file came from another computer and might be blocked to help protection this computer.”

File property indicator for the Mark-of-the-Web
File property indicator for the Mark-of-the-Web
Source: BleepingComputer

If you trust the file and its source, you can put a check in the ‘Unblock‘ box and click on the ‘Apply‘ button, which will remove the MoTW from the file.

Furthermore, running the file for the first time and allowing it to open will also remove the MoTW, so warnings are not shown in the future.

7-zip adds support for Mark-of-the-Web

7-zip is one of the most popular archiving programs in the world, but, until now, it lacked support for Mark-of-the-Web.

This meant that if you downloaded an archive from the Internet and extracted it with 7-zip, the Mark-of-the-Web would not propagate to the extracted files, and Windows would not treat the extracted files as risky.

For example, if you downloaded a ZIP file containing a Word document, the ZIP file would have a MoTW, but the extracted Word document would not. Therefore, Microsoft Office would not open the file in Protected View.

Over the years, numerous security researchers, developers, and engineers have requested that the 7-Zip developer, Igor Pavlov, add the security feature to his archiving utility.

Pavlov said he doesn’t like the feature as it adds extra overhead to the program.

“The overhead for that property (additional Zone Identifier stream for each file) is not good in some cases,” explained Pavlov in a 7-zip bug report.

However, this all changed last week after Pavlov added a new setting in 7-zip 22.00 that enables you to propagate MoTW streams from downloaded archives to its extracted files.

To enable this setting, search for and open the ‘7-Zip File Manager,’ and when it opens, click on Tools and then Options. Under the 7-Zip tab, you will now see a new option titled ‘Propagate Zone.Id stream’ and the ability to set it to ‘No,’ ‘Yes,’ or ‘For Office files.’

Set this option to ‘Yes’ or ‘For Office files,’ which is less secure, and then press the OK button.

New Propagate Zone.Id stream in 7-Zip
New Propagate Zone.Id stream in 7-Zip
Source: BleepingComputer

With this setting enabled, when you download an archive and extract its files, the Mark-of-the-Web will also propagate to the extracted files.

With this additional security, Windows will now prompt you as to whether you wish to run downloaded files and Microsoft Office will open documents in Protected View, offering increased security.

To take advantage of this new feature, you can download 7-zip 22.0 from 7-zip.org.

Source: https://www.bleepingcomputer.com/news/microsoft/7-zip-now-supports-windows-mark-of-the-web-security-feature/

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO