Friday, July 4, 2008

Annoying Open File Security Warning in Windows

So I grabbed some files off the net (using Firefox 3) and immediately found a new annoyance:
Open File - Security Warning
(No I am NOT using Vista. This is VTP in action)

On EVERY single file I grabbed, the system will keep showing this annoying "Open File - Security Warning" until I remove that checkbox and open it once (Cancelling will not work). Quite obviously, this is unacceptable. At first, I thought it was because "My Computer" had somehow gotten put into the "Internet" zone. I open up security options, and sure enough - "My Computer" was gone... I soon found that this had happened in Windows XP Service Pack 2. You can bring it back using the method outlined here, but that is NOT the solution to the problem.

A little more exploring led to this interesting finding: Windows XP contains an Attachment Manager. This largely controls the behavior of Explorer in relation to double clicking on files downloaded off the net. If you have access to gpedit.msc (Group Policy Editor), present in Windows XP Professional, you can tweak the settings to make it stop showing this warning for a particular file or entiely for the system.

Attachment Manager can be accessed from Start > Run > gpedit.msc > Local Computer Policy > User Configuration > Administrative Templates > Windows Components > Attachment Manager. Enabling the "Do not preserve zone information in file attachments" will make new downloads stop showing the message, but old ones will still show it until the chckbox is removed. Adding a file type to the list of low risk file types will stop that file type from showing the message, period.

But how does the Attachment manager know about whether a file has been created on your system, or if it has been downloaded? Well this information, along with other meta-data is stored in the NTFS file system (you can see some of it by clicking the summary tab on a file's properties) The information is ONLY stored on NTFS. So one solution to older downloads showing the error is to copy them to a Flash drive (usually Fat32) and then copy them back to remove this information.

Thsi information in Windows parlance is called "Streams." These streams can be used in many interesting ways. For e.g. to store one file inside another. Lets say you have two EXE files, Fresh.exe and Stream.exe. Then you can store Stream.exe inside of Fresh.exe using the following command (in the cmd window):
type Stream.exe > Fresh.exe:Stream.exe
Fresh.exe size will remain the same (it will use more space on the hard disk, but Windows wont tell you that) If you double click Fresh.exe, it will show whatever it used to show before. The only way to access the hidden file is using:
start Fresh.exe:Stream.exe

Massive potential for abuse you say? Well, remember this information is only available on NTFS files. Downloaded files, files from an archive, from a thumb drive etc will normally not have this information. Still the potential for abuse does exist...

You can view the streams inside of a file using this utility. One last point - why did this only start happening to me now? Well I never use IE for downloads, (I always use Firefox) and Firefox I believe did not store zone information into the file system, until Firefox 3. Ergo my annoyance :)
Post a Comment