Security message with opening an exe file...

[imported_Somnus]

Everytime I goto open an exe file after installing SP2 I get the following popup:

Screen Shot

Does anyone know how to get rid of it?

I have tried unclicking the little box, removed the security center via services, and looked in the security policy editor. Nothing seems to get rid of this thing.

Any help would be greatly appreciated.

 

[CTho9305]

When you download a file from an untrusted zone using IE, it attaches an alternate data stream (a cool feature of NTFS) to the file, noting that the file came from an untrusted source. When you run the file using various apps (explorer, some SP2-aware apps), you get warned. There is some work going on to add support for this to Mozilla.

edit: And no, I don't know how to disable it .

 

[bsobel]

Originally posted by: CTho9305
When you download a file from an untrusted zone using IE, it attaches an alternate data stream (a cool feature of NTFS) to the file, noting that the file came from an untrusted source. When you run the file using various apps (explorer, some SP2-aware apps), you get warned. There is some work going on to add support for this to Mozilla.

edit: And no, I don't know how to disable it .

Add the sites you download from to your trusted zone (or write an app to set the zone id in the ads.. )

Bill

 

[drag]

Is it true that the ADS stuff was originally made to support HFS (apple filing system) files?

One of the nicer features of ADS, as I understand it, is that you can embed executable files and scripts into otherwise innocuious files... (like a normal text file), and it's not detectable by normal file system utilities..

Does SP2 do anything to fix this?

 

[bsobel]

Is it true that the ADS stuff was originally made to support HFS (apple filing system) files?

It was originally implemented to solve a number of issue, but yes, HFS compatibility (specifically MAC resource forks) where one of them.

One of the nicer features of ADS, as I understand it, is that you can embed executable files and scripts into otherwise innocuious files... (like a normal text file), and it's not detectable by normal file system utilities.. Does SP2 do anything to fix this?

There is nothing to fix, the file system is working like documented. Saying it's not detectable isn't really true, you have to enumerate the data streams not not presume that only the default data stream is the only present. For AV purposes, those streams are scanned if they are launched. Short of the user directly lauching them there needs to be some bootstrap code in the default data stream that would load and transfer control to the ADS. So, by scanning the default stream you can find those attacks.

People have used the ability to 'hide' data on the file system, but there are plenty of utilities that will show you what is really there.

Bill

 

[Psych]

Several bugs were described with this new SP2 feature that could disable it, but who knows, Microsoft might actually fix the bugs.