7-Zip Now Includes Mark-of-the-Web Security Feature Support

Recognizing the need for labeling internet-downloaded files, 7-Zip now includes support for the ‘Mark-of-the-Web’ security feature. That means the software will alert users when downloading potentially malicious or suspicious zipped files.

7-Zip To Support ‘Mark-of-the-Web’ Feature

Starting from 7-Zip 22.0 version, the popular file compression utility will support the ‘Mark-of-the-Web’ (MotW) security feature.

Briefly, Windows introduced MotW as a dedicated feature to identify malicious files. Under this security feature, the system marks files downloaded from the internet with a unique “zone.id” alternate data stream. This identifier lets the user downloading a file know that the file has been downloaded over the internet or from another computer. (The UAC window may also display a separate message in this regard.)

Windows has also introduced this feature in its Microsoft Office. Hence, if a user downloads an Office file in zipped format, a second prompt would appear on the screen when opening that file. This two-way alert approach empowers the user to recognize the potential threat and make a careful decision regarding the file.

Despite its usefulness, 7-Zip, a popular archiving utility among Windows users, lacked this feature. So, while a user might see a warning when downloading the archive, no further alerts would appear after unarchiving the embedded files. Thus, users remain exposed to unknowingly downloading malicious files.

But now, with version 22.0, 7-Zip has introduced the support for this Mark-of-the-Web security feature. Hence, users would see the prompts, where necessary, when interacting with files downloaded from the internet.

In the latest software version, users can manually enable this setting after opening the app via Tools > Options. Next, under the 7-Zip tab, find the “Propagate Zone.Id stream” option, and select “Yes” from the dropdown menu beside it. Users can also choose the option “For Office files” instead of “Yes” to enable the setting specifically for Office files. But it will be a less secure setting. Then, clicking the “OK” button will apply this setting for the selected files.

Let us know your thoughts in the comments.

Related posts

Match Systems publishes report on the consequences of CBDC implementation, led by CEO Andrei Kutin

Cypago Announces New Automation Support for AI Security and Governance

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites