XP SP2 using Alternate Data Streams for Security Warnings

Posted Sunday, April 24, 2005 1:38 PM by CumpsD
A while ago I blogged about Alternate Data Streams and how they are hidden from the users.

At that time, you could presume when an ADS was present, it was something special, because not many normal files have an ADS attached to it.

But yesterday I got an interesting question about XP SP2 showing a Security Warning when you want to execute something downloaded from the internet.

We guessed Alternate Data Streams were used, so I checked this out and it turns out XP SP2 indeed adds an ADS when you download a file from the Internet.

This stream is called Zone.Identifier and contains the following information:

D:\Tmp>more < TestZip.zip:Zone.Identifier
[ZoneTransfer]
ZoneId=3

Since SP2 did this, it probably means it's a modification to Internet Explorer.

So, I got the Firefox 1.0.3 and downloaded a file with the default settings, and as I guessed, no ADS with Zone.Identifier.

(I believe Firefox doesn't have such thing as Zones, but it would be nice if Firefox added this ADS to let the new Security Warning, informing you it's a downloaded file, come up).
Filed under: , ,

Comments

# re: XP SP2 using Alternate Data Streams for Security Warnings

Monday, April 25, 2005 3:45 PM by BertG

Didn't they include that to be compatible with the MAC file system...
If so, te apple adepts wiill have a "again redmond copy's" frenzy :p

# re: XP SP2 using Alternate Data Streams for Security Warnings

Wednesday, March 07, 2007 1:15 PM by peter henry

Try my bulk unblocker script

// Script to "UNBLOCK" all files in the current directory by pete.at.redtitan.com

// (c) RedTitan Technology 2007

// http://www.pclviewer.com

var shell=new ActiveXObject("WScript.Shell");

fso=new ActiveXObject("Scripting.FileSystemObject");

var total=0;

var f=fso.GetFolder('.');              // Current folder

var fc=new Enumerator(f.files);

for (; !fc.atEnd(); fc.moveNext()){

 var fileName=fc.item().Name+':Zone.Identifier';

 try

 {

   f1 = fso.OpenTextFile(fileName,2); // If the Zone Identifier does not exist ..

   total++;

   f1.Close();

 }

 catch(e){}                           // .. we don't care

}

shell.Popup('Unblocked '+total+' files');

# Samba file transfer creates zone identifier files... - openSUSE Forums

Thursday, July 17, 2008 8:49 AM by Samba file transfer creates zone identifier files... - openSUSE Forums

Pingback from  Samba file transfer creates zone identifier files... - openSUSE Forums