Sponsored: Don't leave you and your family vulnerable to data breaches! Go to aura.com/thiojoe to get a 14-day free trial to Aura.

Priest right before an exorcism: "I'm so sorry. This child bears the Mark of the Web. There's nothing I can do."

"I don't like that feature." Fair enough

I wasn't aware of this, and I use 7-Zip.

That's Igor Pavlov, the CREATOR AND MAINTAINER OF 7-ZIP... WTF

While now everybody focuses on unarchival software, there are other ways how downloaded files may end up without a MOTW. For example, by downloading to a FAT32 formatted USB key, by using anything but IE/Edge/Firefox/Chrome to download it (are there others? curl/wget/PowerShell do not add a MotW), or by copying/renaming the file on an OS that is not Windows. Also many backup software tools do not restore MotW when restoring files from a backup. Also, extracting a file from a downloaded .ISO or .VHDX file does not propagate MotW, even when you use Microsoft's tools for that. For me, the whole MotW looks like a kludge that *may* help you when you are using mainstream software only, but still then you have to keep your common sense. And, like some security attributes written by Cygwin-based software, it clutters your filesystem with many "useless" small files. So, I can understand that authors are reluctant to add it (My personal choice would have been, preserve MotW if the user has hidden Standard File Extensions, to protect the ignorant, but probably that would be even harder to explain).

present me: i should really change that setting to "yes" past me: idk what that does or mean, but i'll set it to "yes" anyway

"The Mark of the Web" sounds like a saying before a ritual happens

It's very important.

MacOS has something similar called a Quarantine bit that is added to some files you download. However MacOS will often say this file is damaged and to send it to the Trash even though the file is perfectly fine but since it's not signed it doesn't know. A Right-Click --> Open will usually let you run the app or open the file. In some extreme cases you have to manually remove the Quarantine Bit using the Terminal. Also if a file has been marked as dangerous the OS will refuse to let you run the app or open the file and there is nothing you can do. I've only encountered this once with the installer for FileZilla and the file was actually dangerous as it would try to install a bunch of Adware if you weren't paying attention to each step of the installer.

This seems to be related to a Word feature (probably other MS-Office apps too; I haven't checked) I observed in Word 2019. Whenever you open a DOC or DOCX file, Word detects whether it has come from the internet and if so, opens it in "Protected display mode" (or whatever it actually says in English; my version is in another language and I'm translating). This disables editing and saving the file. There is a button to Enable editing; click that and it reverts to normal. When I watched your video, I first thought Word was counting on this MOTW to do its thing, and deleting it if the user clicks Enable editing. Well, yes and no. I still think the MOTW is how Word can detect the file provenance in the first place, but the enabling is done by other means. As I knew before, enabling editing is only effective if the file remains in the same folder with the same name; move or rename it, and the warning comes back. I guess Word records each enablement somewhere (the Registry, maybe), by name and folder. I don't see why Microsoft doesn't rely on deleting the MOTW for that. After all, if the user has given that file a free pass, it should hold wherever it is and however it's named. Do Office developers and Windows developers work for the same company, I wonder…

It's weird and funny at the same time because I got to know about that yesterday when I tried copying files I downloaded using my edge browser into my home folder in WSL. WSL does not hide the Zone ID files and exposes them. I felt very uneasy about those files being visible in my wsl filesystem and went on to research about them and their significance. I did realize that they were a security implementation by windows for files but I didn't know they were called mark of the web, and hadn't ever noticed that unblock option in the properties of files. Thanks for the video. It was very informative.

I work with a lot of LAN files. Marking them as zone 3 creates all kinds of annoyances. Until now my only option was to turn off every security feature I could find. I'll dig into the issue a little more now, maybe whitelisting my LAN will allow me to re-enable some of those security options.

You should one day make some universal wizard app that would go trough all those security, utility and so options in windows from all those videos/years you do that (and note some in other apps like this) with relevant tips/information and let users choose/set them up so its all in one place and easily appliable in case you change computer and so :))

I never knew those hidden files existed. I did know about the checkbox.

Windows warned me about my own app. Didn't use third party libraries even.

WOW! i never opended properties of any downloaded files and i see first time.

I really appreciate you putting subtitles

I just adjusted the setting in 7z. I probably don't need it because nothing happened in the past few years that would have been avoidable with the tagging, but more security is always good. Thank you xD

That's so interesting. I changed the configurations of my 7-zip right away. Thank you.

4:14 I actually saw those Zone.Identifier things after building a Docker image on WSL and saving it as a TAR file.

This is really interesting! When I was using WSL 2, I noticed those zone identifier files in the ls output when copying files from windows to the linux folder. So thats what those were

I can't remember what the process was exactly, but I did something with my nas so Windows would stop throwing a fit about untrusted files every time I touch my nas

I always strive to get rid of the MOTW as soon as possible (right after downloading anything). And the guy is explaining how to actually preserve it 🤣

1 more reason I use WinRAR over .7z Thanks for pointing that out!! WinRAR will open ANY .ZIP file, whereas, most of the others lack this capability.

I'm just wondering why the section with the unblock checkbox doesn't use those urls to say where it was downloaded from so the user can see before they unblock it

Isn't just Archive tools. Alt Data Streams will get "deleted" when copy a file to CD, FAT and FAT32, Maybe ExFAT and other formats because just don't support ADS and other things in NTFS and you may not get any warning when you copy between media formats. Most USB Flash still use FAT32 or ExFAT.

I change this behavior in group policy as it is quite a pain with some custom software and particularly if a vendor is sending you file based patches. I run in a controlled environment, though and it doesn't concern me. It was even blocking downloads from a safe site where I pull radio edits of music to add for broadcast. It was just too much. It was blocking dll's from vendors, wav files, almost everything I needed.

If you know about this and know very well how it works, you are probably like me and have added an "Unblock" option to the context menu 😂

Question about Win settings "app and browser" control: do these controls (smartscreen, etc.) only apply to Edge browser - or other browsers I downloaded as well (e.g. Firefox)?

Never knew this. Thanks, Thio. Great video!!!

"The mark of the web" sounds like a Spiderman movie

Very interesting, great video! I assume that if you copy / move the file to another location, the companion MOTW file gets copied / moved as well. Right?

thanks joe i am now a phd level expert on the mark of the web 💯

Great video as always! Could you make a video about Windows Admin Center, it lets you manage Windows 10/11 devices on a web server, not just windows server!

It was really funny to hear that Igor Pavlov is "one of the developers" of 7-zip. Author really knows what he is talking about.

0:25 Damn! I always knew that Simon Whistler is actually a criminal hacker man!

Very useful!

How is this has only 19K views? Everyone should watch this.

JC was here

Yup, it’s one of my messages that I send out.. it’s just a security feature that we do

ThioJoe! Thank you very much!

Thanks for another great video thio

LOL @ suggesting notepad instead of staying in the command line with "more

What's the point of this feature? Why do you want your computer blocking you from doing stuff on it? Why do you want archiving programs adding extra junk when you extract files? You're going to press Yes on that pop-up anyway. Remember that this is the same guy that told people to send their browsing data to Google and say that it's for their "security."

MikuMikuDance ppl love this checkbox

hey, i want to ask about something....i'm usin a windows 10 but when i open a game for example or watched a movie...my computer just shut down automaticly..my central unit looks like still working and the voice continue a bit before changing into a loud and annoying beep so i want to know if the problem is in my windows or in the computer itself, please

tell me more about that "you can even attach a hidden image file to a text file" thing

Yes, unfortunately Windows doesn't have the "exec bits" in its permissions system. They are constantly having to work around the fact that they got this wrong in the design. In Unix, Apple, Android and Linux, there is this bit so that files you may be able to read, you can't execute keeping those two classes of files apart.

Typical Microsoft "solution": make insecure products, claim you can't fix it because of "backwards compatibility" and then dump the responsibility onto the user, who is confronted with a myriad of useless check boxes, before he can get any work done.

that 7zip dev is hilarious

Having upgraded to Linux.... 😉🐧

Whenever I do a file transfer in Windows 10/11, it starts transferring quickly and the speed suddenly drops in between. I also notice that the memory usage will increase during transfer and the data stored in memory will be slowly written to disk after the transfer completes. This is called write caching. But I think it has a cache limit till which it will be cached in memory and after that it doesn't get cached, resulting in drops in transfer speeds. How do I Increase the FIle transfer cache? I have tried changing various registry values like LargeSystemCache and many others, but none of them seemed to work and they also made the OS components to be unstable. Please give me a proper and working solution to this issue.

Fun fact: That setting was already enabled by default on my PC.

Awesome video, ThioJoe. Really love these deep dives into the interworkings of Windows.

I don't get it. Downloaded Zip files were never blocked for me, I was always able to unpack them and install their contents. I only recently noticed this warning, every one of my archive files had it, I had never checked the box until then LOL

We need TrolloJoe again Who cares about tech tips when you can fool people

Love 7 zip, these stupid windows features blocking my legitimate use.

I wish I could disable this feature. Even after adding my NAS to the "trusted zones", every file I try to copy or run via my home network results in this darn "THIS FILE IS KNOWN TO CAUSE CANCER TO CALIFORNIANS!" warning.

Are ThioJoe and Kevin Stratvert the same person? They do look similar, or is it just my eyes playing tricks on me?

I agree, i also don't like this feature.

Now it make sense why i copy my files into subsystem Linux in windows and it shows zone identifier zone file along with it.

is it just me or is youtube laggin around/stil pre-re processing the video in some weird ways but even after nuking cache i.e and restart everything it looks like the video is just you doin some "generic mouth movements" while having the audio overlay just rolling over a random stock video scene lol xD

Ngl I have yet seen anyone saved by the MotW to this day. Bad cyber hygiene and the atrociously designed default Windows privilege settings are the major culprits. Yet M$ refuses to do anything meaningful regarding the latter.

What the difference between aura and deleteme

I would be glad if anyone can help me everything in my pc is working fine except gaming in witcher 3 I get 80-100 fps suddenly I barely get 55 and kinda similar with every game except valorant I changed my motherboard gpu and cpu but the problem remains after upgrading my hardware the problem disappeared for couple of weeks but then again came back I have also tried wiping my disks etc is it because of any virus or is there any other reason

as a .NET developer, i get TypeLoadException everytime my program wants to load a downloaded DLL file that has not been unblocked. So yeah, it matters.

Interestingly enough, Firefox removes the Mark of the Web when downloading files

I don't think I've ever seen that before...

I checked my 7-zip and it was set yes as default. Maybe the last update set default as yes.

I ALWAYS turn this off in Group Policy, and have done since it came into XP SP2. I found it a pain more than anything.

I hate this option. I wish i could keep every file unblocked. Its very annoying when you have to go through several files a day

Using packaging programs is 1990. If you want 100pro be hacked, use them.

Does RAR do this too? Edit: nice it does

Turned this off as soon as it got in my way the first time. I downloaded this thing on purpose, it's my problem if it causes havoc.

If you don’t get his sponsor, then you have no aura

I don't even have that option in 7-zip

I've just turned off my pc and now this video popped up on my feed 😐

Hi thiopookie ily

Is this really useful?

Wooo. someone else that has a winrar license

You recommend changing "propogate zone id" to yes in 7-zip. No, i WILL NOT do that. I do like my files unsoiled with those stupid "mark of the web".

my winrar doesnt have that option, it could be i use the free trial 🤔

I don't need or want Windows checking images I download for its hash. And I see the need to remove the Zone Identifier. Also I pronounce URL as 'earl.'

I used to hate you when I was younger, now you're one of the top tech channels. How times have changed

Hi Joe

Nice

most beta opensource programs will do this

I ignored it

Noice

Local intranet

0:28 ok but why does that guy look kinda like lawbymike?

that security checkbox bricked one of my USB flash drives when i was trying to flash an ISO onto it using rufus! xD

I don't really care that much

No. Not today. I don't want file explorer to freeze for 1 minute thanks to this "security feature" when I want to open a ISO which has this "file comes from another pc" flag in the file. ACTUALLY share your opinion about this feature rather than something stupid

Are alternate data streams unique to NTFS formatted drives? For example, can you bypass the entire "mark of the web" ecosystem by saving your downloads to an exFAT of FAT32 formatted USB flash drive?

🙏

ADS is supported in NTFS but not e.g. FAT32. Simplest way to remove MOTW or any ADS is to copy the file(s) to a FAT32 formatted USB drive, then copy it back.

ok

Any chance in the future for videos like this but about Linux instead of Windows? Linux is gaining more users every day, and Windows is getting less appealing as Microsoft stuffs more ads and monetization into what is a premium, paid for OS.