WinRAR 7.10 was launched yesterday with quite a few options, resembling bigger reminiscence pages, a darkish mode, and the flexibility to fine-tune how Home windows Mark-of-the-Net flags are propagated when extracting recordsdata.
WinRAR is a well-liked file archiver and compression software for Home windows that enables customers to create, extract, and handle compressed recordsdata, primarily in RAR, ZIP, and plenty of different file codecs. The creator claims that the software is utilized by 500 million folks worldwide.
Yesterday, win.rar GmbH launched the ultimate model of WinRAR 7.10, itemizing quite a few new options that enhance the efficiency and value of this system.
These new options embrace enabling bigger reminiscence pages for elevated efficiency, a reworked settings interface, and a long-awaited darkish mode.
Supply: BleepingComputer
One new characteristic that stood out is a brand new setting that allows you to strip info that could be thought-about a privateness danger from the Mark of The Net alternate information stream.
“‘Zone worth solely’ possibility in “Settings/Safety” dialog controls if archive Mark of the Net propagation contains solely the safety zone worth or all obtainable fields,” reads the WinRAR 7.10 launch notes.
“Whereas extra fields, resembling a obtain location or IP deal with, would possibly assist to establish a file supply, they could be a privateness concern if file is shared with different individuals.”
For these unfamiliar with the Mark-of-the-Net (MoTW), it’s an alternate information stream named “Zone.Identifier” that’s added to recordsdata downloaded from the Web, together with from web sites and e-mail.
This identifier tells Home windows and supported purposes that the file was downloaded from one other laptop or the Web and, subsequently, could possibly be dangerous to open.
When trying to open a downloaded file, Home windows will examine if a MoTW exists and, if that’s the case, show extra warnings to the consumer, asking if they’re certain they want to run the file.
Supply: BleepingComputer
Microsoft Workplace may even examine for the Mark-of-the-Net, and if discovered, it’s going to open paperwork in Protected View, with the file in read-only mode and macros disabled.
To examine if a downloaded file has the Mark-of-the-Net, you may right-click it in Home windows Explorer and open its properties.
If the file incorporates a MoTW, you will note a message on the backside stating, “This file got here from one other laptop and is likely to be blocked to assist safety this laptop.”
Trendy file archives will propagate the MoTW present in archives to extracted recordsdata, permitting these recordsdata to even be protected with the Home windows safety characteristic.
MoTW is a robust safety characteristic that’s generally focused by risk actors who try to search out zero-day flaws that permit their malicious recordsdata to bypass Home windows’ safety warnings.
Nonetheless, some could take into account it a privateness concern, as if the file is shared with one other particular person, the “Zone.Identifier” incorporates info that might reveal delicate details about the place a file was downloaded from.
It is because the Zone.Identifier flag incorporates a whole lot of details about a downloaded file, together with the Web Zone (ZoneID) it was downloaded from, the URL to the file, the URL referring to the file, and in some instances, the IP deal with of the host it was downloaded from.
Supply: BleepingComputer
As a part of WinRAR 7.10, a brand new setting is enabled by default referred to as “Zone worth solely” that strips all info from MoTW alternate information streams apart from the ZoneId when it’s propagated to extracted recordsdata.
Supply: BleepingComputer
This enables the Mark-of-the-Net safety characteristic to proceed to work with extracted recordsdata, however the alternate information stream can now not be used to study the place the file was downloaded.
For many who want to allow full propagation of MoTW information, you’ll need to enter the WinRAR settings > Safety and uncheck “Zone worth solely.”
Whereas this new setting could hamper digital forensics, it’s a welcome characteristic for many who need the strictest privateness.
