The Computer Oracle

How does Windows' security warning "do you want to run this file.." work?

--------------------------------------------------
Rise to the top 3% as a developer or hire one of them at Toptal: https://topt.al/25cXVn
--------------------------------------------------

Music by Eric Matyas
https://www.soundimage.org
Track title: Book End

--

Chapters
00:00 How Does Windows' Security Warning &Quot;Do You Want To Run This File..&Quot; Work?
01:40 Accepted Answer Score 28
02:59 Answer 2 Score 3
03:35 Thank you

--

Full question
https://superuser.com/questions/323933/h...

--

Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...

--

Tags
#windows #windowsxp #googlechrome

#avk47


ACCEPTED ANSWER

Score 28


Several versions ago, Internet Explorer introduced the concept of "security zones" – Internet, local intranet, "trusted", "restricted". Later, this was extended to the Windows Explorer shell (and a "My Computer" zone was added).

After downloading the file, the browser – both IE and Chrome – adds an "alternate stream" to it, named Zone.Identifier, which says that the file came from the "Internet" zone. When you double-click a file in Windows Explorer, it checks if such a stream is present, and asks for confirmation if necessary. This is not restricted to executables – any file tagged this way will require confirmation.

Alternate streams are a feature of Windows and the NTFS filesystem, and are stored on disk as part of the file. (In NTFS, the actual contents of a file is in fact an unnamed stream too.) If you want to see or edit the contents of Zone.Identifier, run in command line:

notepad MyDownloadedApp.exe:Zone.Identifier

When you uncheck the "Always prompt..." box, or when you click "Unblock" in the file properties window, the Zone.Identifier stream is deleted and Explorer won't require confirmation anymore. To delete all streams from many files at once you can use Streams or a graphical tool.

If you want to disable the zone tagging, refer to this post for Google Chrome.



ANSWER 2

Score 3


So this is a security setting for windows. To disable it, go the registry and change the following key values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download]
"CheckExeSignatures"="no"
"RunInvalidSignatures"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"LowRiskFileTypes"=".zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov
;.mp3;.m3u;.wav;"

As always when editing the registry, make a backup first.

Source

Note: This will disable it for all files regardless of location. I would not recommend doing it in general, but it seems to be what you want to do.