{"id":19406,"date":"2022-06-22T06:10:06","date_gmt":"2022-06-22T14:10:06","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/06\/22\/news-13139\/"},"modified":"2022-06-22T06:10:06","modified_gmt":"2022-06-22T14:10:06","slug":"news-13139","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/06\/22\/news-13139\/","title":{"rendered":"7-Zip gets Mark of the Web feature, increases protection for users"},"content":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Wed, 22 Jun 2022 13:28:30 +0000<\/strong><\/p>\n<p>One of the most popular zip programs around, 7-Zip, <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/7-zip-now-supports-windows-mark-of-the-web-security-feature\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">now offers support<\/a> for &#8220;Mark of the Web&#8221; (MOTW), which gives users better protection from malicious files.<\/p>\n<p>This is good news. But what does that actually mean?<\/p>\n<p>In the bad old days, opening up a downloaded document could be a fraught exercise. Malicious files would often have full permission from the system to do whatever they wanted. Compromised PCs were the inevitable end result, and infected attachments were extremely popular. Outside of regular security tools, there often wasn&#8217;t much else available to help stop the flow.<\/p>\n<p>Microsoft&#8217;s <a href=\"https:\/\/office-watch.com\/2007\/file-block-functionality-in-office-2007-office-2003\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">file block feature<\/a> in 2007 meant network administrators could lock down any attempt to open specific file types. Unfortunately, this was a <a href=\"https:\/\/www.word-2010.com\/microsoft-word-2010-protected-view\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">little too restrictive<\/a> for some users. Files couldn&#8217;t be opened, even in cases where the user knew they were safe.<\/p>\n<p>Microsoft changed things up a little in 2010, with Protected View.<\/p>\n<h2>Protected View: what is it?<\/h2>\n<p>Every time you download a spreadsheet or Word document and open it up, <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/what-is-protected-view-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">some checking takes place<\/a> in the background. Downloaded files produce a yellow bar with the following message:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p><em>Protected View: Be careful. Files from the internet can contain viruses. Unless you need to edit, it&#8217;s safer to stay in Protected View.<\/em><\/p>\n<\/blockquote>\n<p>This isn&#8217;t too different to the old file block feature, with a few key differences. Firstly, you can actually look at the document you want to open. As it is locked into a read-only mode, it can&#8217;t do anything malicious to your system. Secondly, users now have the option to enable editing. While there are other potentially dangerous aspects to opening downloaded files, Microsoft has <a href=\"https:\/\/blog.malwarebytes.com\/reports\/2022\/02\/microsoft-takes-macros-out-of-the-equation-for-five-office-apps\/\">solutions for those too<\/a>. There is, of course, something telling these programs to warn you about potentially dangerous files. This is where MOTW comes into play.<\/p>\n<h2>How does Mark of the Web help?<\/h2>\n<p>MOTW is perhaps most recently known for <a href=\"https:\/\/nolongerset.com\/motw-blocks-all-vba\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">blocking VBA code<\/a> from running in Office. When a file is downloaded, Windows adds a ZoneId to the file which is responsible for the warning message(s). When the system detects the mark, the yellow bar is replaced by a red one. Unlike it&#8217;s yellow counterpart, there is no enable content button. Those files are done, with no way back.<\/p>\n<p>Right click a file you&#8217;ve downloaded, and in General properties you should see a message which reads:<\/p>\n<blockquote class=\"wp-block-quote\">\n<p><em>This file came from another computer and might be blocked to help protect this computer.<\/em><\/p>\n<\/blockquote>\n<p>This exists thanks to MOTW.<\/p>\n<p>The mark <a href=\"https:\/\/nolongerset.com\/mark-of-the-web-details\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">doesn&#8217;t exist<\/a> on the file itself, which is left untouched. Originally an <a href=\"https:\/\/outflank.nl\/blog\/2020\/03\/30\/mark-of-the-web-from-a-red-teams-perspective\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Internet Explorer security feature<\/a>, you&#8217;ll now find it keeping you from harm&#8217;s way across the Microsoft product range. <\/p>\n<h2>Is this new addition a benefit for a zip program?<\/h2>\n<p>Absolutely. As noted by Bleeping Computer, MOTW didn&#8217;t apply to files extracted with 7-Zip. As a result, you&#8217;d have Office files opening as if you&#8217;d created them yourself with no Protected View in sight.<\/p>\n<p>With this now enabled in the <a href=\"https:\/\/www.7-zip.org\/download.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">latest version<\/a> of 7-Zip, some key Windows security precautions are now back in place.<\/p>\n<p>There are some caveats to this story. As we know, <a href=\"https:\/\/www.theguardian.com\/technology\/2015\/feb\/24\/people-ignore-security-warnings-browsing-web\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">not everybody pays attention<\/a> to security warnings. Computer users routinely ignore all manner of security alerts from their operating system, browser, and security tools. The <a href=\"http:\/\/www.ideas42.org\/blog\/problem-computers-security-warnings\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">design and placement<\/a> of warnings can further deter people paying attention to them. On top of all that, <a href=\"https:\/\/www.itprotoday.com\/mobile-management-and-security\/how-spot-fake-microsoft-security-warning\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">bogus security warnings<\/a> can further make things confusing for users.<\/p>\n<p>No matter how many warning messages are displayed, some people will still click &#8220;Enable&#8221; on files they shouldn&#8217;t. Even so, opening downloaded files with restrictions applied from the get-go can only be a good thing. <\/p>\n<\/p>\n<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/privacy-2\/2022\/06\/7-zip-gets-mark-of-the-web-feature-increases-protection-for-users\/\">7-Zip gets Mark of the Web feature, increases protection for users<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/privacy-2\/2022\/06\/7-zip-gets-mark-of-the-web-feature-increases-protection-for-users\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Wed, 22 Jun 2022 13:28:30 +0000<\/strong><\/p>\n<p>Popular zipfile program 7-Zip now supports Microsoft&#8217;s Mark of the Web feature. What is it, and how does it work?<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/privacy-2\/2022\/06\/7-zip-gets-mark-of-the-web-feature-increases-protection-for-users\/\">7-Zip gets Mark of the Web feature, increases protection for users<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[26644,15174,25828,24883,5897,26340,26645],"class_list":["post-19406","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-7-zip","tag-block","tag-mark-of-the-web","tag-motw","tag-privacy","tag-protected-view","tag-zip"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19406","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19406"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19406\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19406"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19406"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}