Friday, July 4, 2008

Annoying Open File Security Warning in Windows

So I grabbed some files off the net (using Firefox 3) and immediately found a new annoyance:
Open File - Security Warning
(No I am NOT using Vista. This is VTP in action)

On EVERY single file I grabbed, the system will keep showing this annoying "Open File - Security Warning" until I remove that checkbox and open it once (Cancelling will not work). Quite obviously, this is unacceptable. At first, I thought it was because "My Computer" had somehow gotten put into the "Internet" zone. I open up security options, and sure enough - "My Computer" was gone... I soon found that this had happened in Windows XP Service Pack 2. You can bring it back using the method outlined here, but that is NOT the solution to the problem.

A little more exploring led to this interesting finding: Windows XP contains an Attachment Manager. This largely controls the behavior of Explorer in relation to double clicking on files downloaded off the net. If you have access to gpedit.msc (Group Policy Editor), present in Windows XP Professional, you can tweak the settings to make it stop showing this warning for a particular file or entiely for the system.

Attachment Manager can be accessed from Start > Run > gpedit.msc > Local Computer Policy > User Configuration > Administrative Templates > Windows Components > Attachment Manager. Enabling the "Do not preserve zone information in file attachments" will make new downloads stop showing the message, but old ones will still show it until the chckbox is removed. Adding a file type to the list of low risk file types will stop that file type from showing the message, period.

But how does the Attachment manager know about whether a file has been created on your system, or if it has been downloaded? Well this information, along with other meta-data is stored in the NTFS file system (you can see some of it by clicking the summary tab on a file's properties) The information is ONLY stored on NTFS. So one solution to older downloads showing the error is to copy them to a Flash drive (usually Fat32) and then copy them back to remove this information.

Thsi information in Windows parlance is called "Streams." These streams can be used in many interesting ways. For e.g. to store one file inside another. Lets say you have two EXE files, Fresh.exe and Stream.exe. Then you can store Stream.exe inside of Fresh.exe using the following command (in the cmd window):
type Stream.exe > Fresh.exe:Stream.exe
Fresh.exe size will remain the same (it will use more space on the hard disk, but Windows wont tell you that) If you double click Fresh.exe, it will show whatever it used to show before. The only way to access the hidden file is using:
start Fresh.exe:Stream.exe

Massive potential for abuse you say? Well, remember this information is only available on NTFS files. Downloaded files, files from an archive, from a thumb drive etc will normally not have this information. Still the potential for abuse does exist...

You can view the streams inside of a file using this utility. One last point - why did this only start happening to me now? Well I never use IE for downloads, (I always use Firefox) and Firefox I believe did not store zone information into the file system, until Firefox 3. Ergo my annoyance :)


Anonymous said...

Thank you so much! I was experiencing exactly this problem in WinXP and it was driving me *insane*.

Anonymous said...

Nice post, and thanks for helping solve my problem. That pop up window gets very annoying, very fast!

I just got the problem today, but I've not used this computer for a fair while so I had no idea what had caused the problem to start as I've been updating lots of things. I assumed it must have been a windows update, but alas it was Firefox.

I don't like the fact that Firefox now uses windows zone information, but what can you do. I stopped the messages by disabling automatic virus scanning in Firefox preferences as I always manually scan downloads anyway.

Type about:config into the address bar, then put into the filter box and change the value to false. It seems to be working, and saves changing Windows settings.

Ashish Vashisht said...

That's interesting! I installed DownThemAll! recently, that seems to help too :)

Anonymous said...

Thanks! Your solution worked for me, and your explanation made a lot of sense.

Parviziyi said...

Commenter Martin, above, has it right: This is a Firefox 3 problem that should be fixed in Firefox 3 by typing about:config into the address bar then changing to FALSE the configuration parameter

For further info, see the following official Firefox documentation:

Unknown said...

Thank you :)

I always go searching for this thread whenever I'm rebuilding a new machine lately..

This dialogue annoys me to tears.

They haven't fixed it in Windows 7 either - totally pathetic and unacceptable for power users.

Unknown said...

Great Article
Cyber Security Projects

projects for cse

Networking Security Projects

JavaScript Training in Chennai

JavaScript Training in Chennai

The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training