Friday, August 20, 2004

XP SP2 ADS Feature No Cause For Alarm

F-Secure's AntiVirus Research Weblog has a good article explaining one of the less publicized features of SP2. Now, whenever you download a file through IE, it creates an Alternate Data Stream (ADS) attached to that file that specifies which network zone the file came from. The idea here is that if you download an executable file from an untrusted zone (ie, the Internet) and save it on your hard drive, the system won't later let you run it unless you first submit to a popup dialog acknowledging that you know it might be dangerous.

This feature only works on NTFS filesystems, so floppy disks and USB dongles are still vulnerable, but it seems like a good idea overall. Unfortunately, as this advisory points out, there are ways to get around this restriction.

Thanks to joatBlog for pointing out the F-Secure article.

No comments: