This post was recovered from archive.org. It was origionally posted on Wednesday, August 18, 2004

Michael Schwarz had some comments on security in Windows XP SP2 http://weblogs.asp.net/mschwarz/archive/2004/08/18/216697.aspx Talking about the Zone.Identifier file that’s attached to all the files you download in from internet.

This Zone.Identifier file is just something attached to the alternant data stream (ADS) of a file. ADS’s have been around since NTFS first came about. You can add, delete or modify ADS’s just like another file.

He says this is a security issue but I don’t think it’s that big of a deal. This feature of SP2 appears to be geared towards users that don’t know better by simply prompting them to let them know this file came from the internet… This issue appears to already be solved in future versions of windows with WinFS from what I’ve seen anyway. This is just something to hold us over.

Some computer savvy people will be very annoyed by this and will probably want to remove the ADS at some point in time (Like me). Something would have to already be running on your machine watching for these and removing them to get you to open “evil” files without prompting you so I would think this would be the least of your concerns.

If I missed something here feel free to let me know, these where just my original thoughts

If you want to play with ADS’s you can read up on them here: http://patriot.net/~carvdawg/docs/dark_side.html

There is also a tool that will list files that contain ADS's you can download here http://www.heysoft.de/nt/ep-lads.htm

If you’re interested in using them in your own programs you can but the file stream in .Net 1.0 and 1.1 doesn’t support them (maybe in 2.0?) so you’ll need to use PInvoke to the Windows API for that (I have a sample of this someware.. I'll post it when I find it).

Read the complete post at http://dukk.org/blogs/justins_development_adventures/archive/2004/08/18/windows-xp-sp2-security-issues.aspx