Constant questions about security when loading MP4 videos

[jw]

I have XP on my laptop. I often go to a WIFI spot and save a whole
batch of youtube videos to view later at home on my desktop system.
My desktop computer runs Windows98se so I dont have this hassle.
However, when I try to view these MP4 videos on the laptop, everytime
I click on them I get a security alert which says something like "This
file was downloaded from another computer and may not be safe, do you
want to continue?". There is a box to uncheck so that I dont get this
error message again on THIS SAME FILE. This is very annoying. How
can I stop this?

This has to be XP doing it, because this laptop came with Anti-virus
software, and I disabled it the first day I bought the refurbished
computer. While I realize anything can contain malware, I do not
install anything downloaded without scanning it on another computer.
I only use this laptop to read email and download videos when I am at
a WIFI spot.

Anyhow, how can I stop XP from asking this annoying question for every
(and ALL) MP4 files. Videos are pretty safe and I dont need this
annoyance.

PS. This is one main reason I like Win98 better. XP likes to annoy
people with stupid questions..... Even with it set to the classic
mode.

This usenet message has reached it's end, would you like to close it?
Press YES or NO

Are you aware that this message could be a security threat?
Press YES or NO to continue.

You pressed YES, are you sure you want to close this messasge?
Would you like to re-read it instead?
Press YES or NO

Are you sbsolutely sure you want to close this message?
Press YES or NO

You have chosen to close this message. To close the message, please
type the code in the image to your left to close this message

*** CODE ***

pRx7Ty3Z


Thank You.

Would you like to read another message?
Press YES or NO

Are you aware that the next message could be a security threat?
Press YES or NO to continue.

You pressed YES.
Are you sure you want to read another message?
Press YES or NO

You pressed YES.
Are you absolutely sure you want to read another message?
Press YES or NO

You pressed YES.
Are you absolutely positively sure you want to read another message?
Press YES or NO

 

[Paul]

I have XP on my laptop. I often go to a WIFI spot and save a whole
batch of youtube videos to view later at home on my desktop system.
My desktop computer runs Windows98se so I dont have this hassle.
However, when I try to view these MP4 videos on the laptop, everytime
I click on them I get a security alert which says something like "This
file was downloaded from another computer and may not be safe, do you
want to continue?". There is a box to uncheck so that I dont get this
error message again on THIS SAME FILE. This is very annoying. How
can I stop this?

This has to be XP doing it, because this laptop came with Anti-virus
software, and I disabled it the first day I bought the refurbished
computer. While I realize anything can contain malware, I do not
install anything downloaded without scanning it on another computer.
I only use this laptop to read email and download videos when I am at
a WIFI spot.

Anyhow, how can I stop XP from asking this annoying question for every
(and ALL) MP4 files. Videos are pretty safe and I dont need this
annoyance.

PS. This is one main reason I like Win98 better. XP likes to annoy
people with stupid questions..... Even with it set to the classic
mode.

This usenet message has reached it's end, would you like to close it?
Press YES or NO

Are you aware that this message could be a security threat?
Press YES or NO to continue.

You pressed YES, are you sure you want to close this messasge?
Would you like to re-read it instead?
Press YES or NO

Are you sbsolutely sure you want to close this message?
Press YES or NO

You have chosen to close this message. To close the message, please
type the code in the image to your left to close this message

*** CODE ***

pRx7Ty3Z


Thank You.

Would you like to read another message?
Press YES or NO

Are you aware that the next message could be a security threat?
Press YES or NO to continue.

You pressed YES.
Are you sure you want to read another message?
Press YES or NO

You pressed YES.
Are you absolutely sure you want to read another message?
Press YES or NO

You pressed YES.
Are you absolutely positively sure you want to read another message?
Press YES or NO

The keyword for this behavior is "unblock".

http://www.petri.co.il/unblock-files-windows-vista.htm

The NTFS file system supports "alternate streams". Not only is there the
normal data in a file, but they can store an attribute in parallel with the
data. They decided it would be cool, if every time a modern computer
"downloaded" a file, to pretend it was coming from an "untrusted zone".
That means, the file, having come from "outside", could have malware in
it. By recording an alternate stream with the file, they keep track
of its "foreign" nature.

This would be a different treatment, than if the file was created locally.
If I open Notepad and save a note to myself as "dog.txt" on the NTFS file
system, that file is "trusted" because it is of local origin.

Now, if a file is temporarily stored on FAT32, the FAT32 doesn't support
alternate stream stores, so you could think of that as the "rinse cycle"
for a file. On the one hand, FAT32 can't handle individual files larger
than about 4GB or so (and some videos could be larger than that). But on
the other hand, FAT32 lacks alternate streams and doesn't handle attributes
and permissions quite the same way as NTFS. So it has its usage as a
"breaker of nuisance permission issues". Or, if you're lucky, you can
stop such behaviors on a computer, by finding the appropriate registry
entry.

So continue your search for an answer, using the word "unblock". Maybe
you can find enough registry entries to tune the behavior the way you
want. (Since my WinXP is installed on a FAT32 partition, I don't normally
see that kind of stuff.)

Paul

 

[Mayayana]

It's not XP, exactly. As Paul said, ADS files on NTFS
make the ongoing nag possible, by adding a hidden marker
file to your download, but it's more specifically IE
that's the problem. Each version of Windows ges more
restrictive. Each version of IE follows suit. If you stop
using IE you won't get the nags. See here if you're interested
in a more extensive explanation:

http://www.jsware.net/jsware/iewacky.php5

Also see the nagfixer download on that page:

http://www.jsware.net/jsware/iewacky.php5#nagfix

or the XPFix utility:

http://www.jsware.net/jsware/xpfix.php5

I don't remember for sure offhand, but I think one
of the "tweaks" in those tools is to shut off the
download nags.

Another option is to install XP to FAT32. That's what
I always do. I don't use "users" on my PC and have no
use for NTFS restrictions. XP on FAT32 is much simpler.
Some would say that it's a security risk. That's a valid point,
but it's really coming from a corporate network security
approach. It's a difference in preference between locking
the front door and having one's house comfortable (the
SOHo computer approach), or leaving the front door open
and having locks on every door and cabinet (the corporate
workstation approach). Microsoft is increasingly moving
toward applying the corporate workstation template to all
Windows versions, so you increasingly have to show your
pass card and learn the lock combination before you can
get food from the kitchen cabinet or use the "executive"
bathroom.

The lockdown approach has accelerated since XP SP2.
In fact, MS even uses that term: Local Machine Lockdown
was instigated with SP2, which basically redefines the local
PC as an IE security zone more dangerous than the Internet.

It gets confusing because MS has always tried to present
IE as synonymous with the Internet: The "Internet Options"
applet in Control Panel is just IE settings... Explorer is connected
to IE even though they're not the same thing... That all goes back
to Active Desktop and Microsoft's successful attempt to shut
out Netscape by building IE into Windows. (As Bill Gates so famously
put it: "We're going to shut off Netscape's air supply.")

IE is not *really* built into Windows, and Explorer is not *really*
the same thing as IE, but MS tied the two together enough to
make a mess of both. As a result, if you use IE you're unavoidably
using what might better be called the "Windows Internet Viewer".
IE hasn't really been a browser in its own right since before Active
Desktop. That makes IE very useful in some ways offline, but it's a big
risk online. In addition to traditional problems like script and ActiveX,
the tie-in with Explorer is very real. If you install a Browser Helper
Object or Browser Extension, like a Google toolbar, say, that component
has full access to every page you view and every folder you open.
Windows programming treats them as the same thing! Any BHO or
Extension can watch/edit/change any folder or webpage you load.
Then there are protocol handlers and mime filters. Those are two other
components that can *completely* control what you see in IE. And
unlike BHOs/Extensions, they are not listed in the IE add-ons window.
IE is designed first for corporate IT needs and second for commercial
exploitation online. IE is *not* designed for your needs.

Sorry to go on so long, but I think this info. is worth repeating
periodically. Most people have no inkling of how uniquely risky
IE is in terms of both security and privacy. The hassles with security
nags are just the tip of the iceberg.


|I have XP on my laptop. I often go to a WIFI spot and save a whole
| batch of youtube videos to view later at home on my desktop system.
| My desktop computer runs Windows98se so I dont have this hassle.
| However, when I try to view these MP4 videos on the laptop, everytime
| I click on them I get a security alert which says something like "This
| file was downloaded from another computer and may not be safe, do you
| want to continue?". There is a box to uncheck so that I dont get this
| error message again on THIS SAME FILE. This is very annoying. How
| can I stop this?
|
| This has to be XP doing it, because this laptop came with Anti-virus
| software, and I disabled it the first day I bought the refurbished
| computer. While I realize anything can contain malware, I do not
| install anything downloaded without scanning it on another computer.
| I only use this laptop to read email and download videos when I am at
| a WIFI spot.
|
| Anyhow, how can I stop XP from asking this annoying question for every
| (and ALL) MP4 files. Videos are pretty safe and I dont need this
| annoyance.
|
| PS. This is one main reason I like Win98 better. XP likes to annoy
| people with stupid questions..... Even with it set to the classic
| mode.
|
| This usenet message has reached it's end, would you like to close it?
| Press YES or NO
|
| Are you aware that this message could be a security threat?
| Press YES or NO to continue.
|
| You pressed YES, are you sure you want to close this messasge?
| Would you like to re-read it instead?
| Press YES or NO
|
| Are you sbsolutely sure you want to close this message?
| Press YES or NO
|
| You have chosen to close this message. To close the message, please
| type the code in the image to your left to close this message
|
| *** CODE ***
|
| pRx7Ty3Z
|
|
| Thank You.
|
| Would you like to read another message?
| Press YES or NO
|
| Are you aware that the next message could be a security threat?
| Press YES or NO to continue.
|
| You pressed YES.
| Are you sure you want to read another message?
| Press YES or NO
|
| You pressed YES.
| Are you absolutely sure you want to read another message?
| Press YES or NO
|
| You pressed YES.
| Are you absolutely positively sure you want to read another message?
| Press YES or NO
|

 

[jw]

It's not XP, exactly. As Paul said, ADS files on NTFS
make the ongoing nag possible, by adding a hidden marker
file to your download, but it's more specifically IE
that's the problem. Each version of Windows ges more
restrictive. Each version of IE follows suit. If you stop
using IE you won't get the nags. See here if you're interested
in a more extensive explanation:

http://www.jsware.net/jsware/iewacky.php5

Also see the nagfixer download on that page:

http://www.jsware.net/jsware/iewacky.php5#nagfix

or the XPFix utility:

http://www.jsware.net/jsware/xpfix.php5

I don't remember for sure offhand, but I think one
of the "tweaks" in those tools is to shut off the
download nags.

Another option is to install XP to FAT32. That's what
I always do. I don't use "users" on my PC and have no
use for NTFS restrictions. XP on FAT32 is much simpler.
Some would say that it's a security risk. That's a valid point,
but it's really coming from a corporate network security
approach. It's a difference in preference between locking
the front door and having one's house comfortable (the
SOHo computer approach), or leaving the front door open
and having locks on every door and cabinet (the corporate
workstation approach). Microsoft is increasingly moving
toward applying the corporate workstation template to all
Windows versions, so you increasingly have to show your
pass card and learn the lock combination before you can
get food from the kitchen cabinet or use the "executive"
bathroom.

The lockdown approach has accelerated since XP SP2.
In fact, MS even uses that term: Local Machine Lockdown
was instigated with SP2, which basically redefines the local
PC as an IE security zone more dangerous than the Internet.

It gets confusing because MS has always tried to present
IE as synonymous with the Internet: The "Internet Options"
applet in Control Panel is just IE settings... Explorer is connected
to IE even though they're not the same thing... That all goes back
to Active Desktop and Microsoft's successful attempt to shut
out Netscape by building IE into Windows. (As Bill Gates so famously
put it: "We're going to shut off Netscape's air supply.")

IE is not *really* built into Windows, and Explorer is not *really*
the same thing as IE, but MS tied the two together enough to
make a mess of both. As a result, if you use IE you're unavoidably
using what might better be called the "Windows Internet Viewer".
IE hasn't really been a browser in its own right since before Active
Desktop. That makes IE very useful in some ways offline, but it's a big
risk online. In addition to traditional problems like script and ActiveX,
the tie-in with Explorer is very real. If you install a Browser Helper
Object or Browser Extension, like a Google toolbar, say, that component
has full access to every page you view and every folder you open.
Windows programming treats them as the same thing! Any BHO or
Extension can watch/edit/change any folder or webpage you load.
Then there are protocol handlers and mime filters. Those are two other
components that can *completely* control what you see in IE. And
unlike BHOs/Extensions, they are not listed in the IE add-ons window.
IE is designed first for corporate IT needs and second for commercial
exploitation online. IE is *not* designed for your needs.

Sorry to go on so long, but I think this info. is worth repeating
periodically. Most people have no inkling of how uniquely risky
IE is in terms of both security and privacy. The hassles with security
nags are just the tip of the iceberg.

Thanks to both of you guys for the detailed replies.
To begin, I will mention that I do NOT use IE. It's installed, I only
used it once. That was the day I bought the computer. I went to a
WIFI spot and downloaded Firefox with it. Used FF ever since. I only
use FF and K-Meleon browsers on my Win98 desktop computer, so I use
the same on my laptop. I never liked IE anyhow.

With FF, I use an addon called "Download Helper" to save the videos
off youtube. I prefer playing them at home on the desktop puter so I
can play the sound thru my stereo. Those laptop speakers sound like
shit. However, when I'm on the road, I often play the saved videos
when I'm at a reststop. I have a program called "Media Player
Classic" (NOT the MS media player). It's an excellent video player
for all video formats. That's where the problem occurs. Every damn
video gives me those naggy security messages.

I did find by accident that if I click on properties, I can "unlock"
the file and not get the nag message. But I have to do each file one
at a time. Last week alone I downloaded over 70 videos. All I want
to do is unlock ALL of them with one motion, but there dont seem to be
a way.

However, correct me if wrong, but from these replies I see that if
they are copied to a FAT partition, they will all be unlocked. Does
this mean that if I move all of them to a flash stick (formatted FAT
or FAT32), then copy or move them back to the harddrive, that they
will all be unlocked? I can do that easily, even on the road.

The you guys taught me that the whole problem is not XP in itself, but
that goddamn NTFS formatting. That explains why this never happens in
Win98, or on another computer I have with Win2000, nor when I played
them on a friends computer with XP, but she has a FAT32 drive.

I said I'd never use NTFS on any computer. Main reason being that if
I have a computer failure, I can still access a FAT(32) partition
using Dos, and thus save or copy data to another media.

The reason I have NTFS on this laptop is because it came that way.
It's a refurbished computer, came complete with a legal copy of XP
Pro, but without any install CDs. Originally I wanted to see if I
could change the format to FAT32, and wondered if Partition Magic
could do it without losing data or the OS. But without any install
CD's I did not want to risk it. I decided that since this laptop is
only for use "on the road" everything I save to it is transferred to
my desktop computer as soon as I get home. Thus the laptop has no
valuable personal data stored on it.

Now knowing how annoying NTFS can be, once again I want to get rid of
it. So I ask, is there a way to change the drive to FAT32 using
Partition Magic or something else, WITHOUT having to reinstall the OS
and other programs? I'm ready to do this...... I changed XP to the
classic menu immediately. As much as some people can not understand
this, I'm still a Win98 user...... Why? because I like to be in
control of my computer, not the other way around. XP initially turned
me off in a big way with all the nags and stupid questions, and I know
Vista was worse even though I never really used it other than try it
on a friend computer. I hear Win7 is even worse.

Unfortunately, Win98 is getting harder and harder to make work for
much of the newer browsers and stuff, so I may have to get to using XP
more often. For the longest time I used Win2000 for things that would
not work in Win98 (USB support in particular). But I'm trying to
learn to tolerate XP. But this NTFS format has got to go....

Thanks for the help

 

[Paul]

The you guys taught me that the whole problem is not XP in itself, but
that goddamn NTFS formatting.

They wanted to keep track of the "zone" each file came from. A convenient
way to do it, was to add a feature via NTFS. NTFS didn't start with that
idea in kind, but the alternate stream capability, makes adding the feature
easy to do.

A previous usage of alternate streams, was by a Kaspersky AV product. They would
keep track of whether files had been scanned, or keep a checksum, so the tool
could easily tell if a file had changed. As far as I know, that's the first
third-party usage of NTFS in that way.

You should be able to use a FAT32 partition to store your downloads,
and that might mean less work for you. You don't have to use a USB
stick, if there is room to add a partition to the hard drive. With
the usage of "logical" partitions, you can have more than four
partitions on a hard drive.

If a file happens to be bigger than 4GB, then using FAT32 directly
won't be an option. In that case, doing it from "properties" is the
best option, followed by using the Sysinternals "streams" program to
get rid of the associated alternate stream.

There might be registry settings to alter the behavior, but then,
I'm less sure of the security implications (i.e. side effects of
the changes made).

Paul

 

[Mayayana]

| The you guys taught me that the whole problem is not XP in itself, but
| that goddamn NTFS formatting.

No, it's not NTFS that's the problem. NTFS is only
a problem in terms of access restrictions. The inane
nags are just Microsoft's idea of security improvement.

If you didn't download with IE then the problem is not
NTFS-based ADS file tags. I have a hard time remembering
all the convoluted problems with XP, in terms of which
thing causes which. I don't remember whether what you're
talking about is just a SP2 thing, or maybe caused by
Windows firewall, or something else. But I think the two
things I linked in the previous post should fix the problem.
If you prefer not to download things you don't know
about then you can do it by hand. Are you familiar with
the Registry? Try these:

value: HKCU\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
data: "no"

value: HKCU\Software\Microsoft\Internet
Explorer\Download\RunInvalidSignatures data: 1

value:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes

data:
..zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav;.flv

Add any file extensions you like to that last value.

Since you didn't mention a source of the warnings I'm
guessing they come from the Windows Security Center.
Have you considered turning that off altogether and
replacing it with a decent firewall? Neither the Windows
AV nor the firewall is highly rated. And as usual with
Microsoft products, they've made the firewall settings
far too complex for people to deal with.

Unfortunately, while XP can be tamed into a reasonable
facsimile of civility, it takes work. You have to hunt down
the different nags, information balloons, warnings, etc.

Switching from NTFS to FAT: There's an option when you
install XP fresh. There's also a FAT -> NTFS converter in
Windows, but there's no way I know of to reverse it. (I'm
sure there must be, but Microsoft doesn't release that info.
because it would provide an easy way to bypass NTFS
security.) It may be possible to somehow copy a disk image
to a FAT32 partition as a way to convert it, though I don't
know of any solution offhand. But if you're stuck with NTFS
it is possible to make it virtually invisible:

* Always run as Administrator.

* Disable Windows Firewall/Security Center.
(But make sure you install another firewall.)

* Disable the nonsense, as per my earlier links.

* There's always new nonsense, so avoid updating
IE or other MS software. If you don't use IE as your
primary browser there's no reason to install a new
version. Each new version adds more problems, nags,
restrictions. (Some of the nags are actually very
sensible, but as you've discovered, Microsoft doesn't
make it easy to turn them off. So a useful nag turns
into a maddening harassment.)

Firewalls: For what it's worth, one person's research:

I wanted a non-bloated, non-spyware firewall that allows
specific control both incoming and outgoing, without that
being a big production. After researching and trying several
high-rated options, I settled on Online Armor v. 4.0.0.15 Free.
OA was later sold. The download now is bloated to twice the
size and when I tried updating, OA had been turned spyware.
(I don't remember the details exactly. I think it wanted to
keep in touch with the Emisoft site as part of an ongoing
salespitch.) I re-installed 4.0.0.15 and that's been fine. But
there is one thing I don't like about it: It does a disk access
every few seconds for no good reason.

Maybe others here will have better information about firewall
options.

 

[Mayayana]

Follow-up: Out of curiosity I went to Emisoft.com
to check on the current Online Armor. The latest
version is $40 *per year*. It's rental-ware! And of
course that also means that it's probably going to be
spyware. At the very least it would need to call home
periodically to check on your subscription and know
when to nag you about re-ordering. But defining it
as rental-ware also re-defines their role, so that
monitoring your software use becomes something they
can [sort of] justify.

 

[Patok]

| The you guys taught me that the whole problem is not XP in itself, but
| that goddamn NTFS formatting.

No, it's not NTFS that's the problem. NTFS is only
a problem in terms of access restrictions. The inane
nags are just Microsoft's idea of security improvement.

Well, both yes and no. The nags are because of XP's security, but
they are enabled by the NTFS attributes that mark the files as coming
from outside. If the system was FAT, this particular nagging would not
happen.

This particular nag *can* be removed. Go to the Internet Options in
Control Panel (I think they are accessible in IE too.). On the Security
tab, choose Internet, and then click Custom level... Scroll down to
Miscellaneous, and below it, in Launching applications and unsafe files,
choose Enable (not secure). It will protest, saying that you're now at
risk, which is true. But if you do that, Windows Explorer will
happily launch anything you download without protest. You should have a
reliable anti-virus for real-time scanning if you do that.

Alternatively, you could save your downloads straight to a USB stick
(which is FAT), and never be bothered by the nags again, staying
(relatively) secure.

If you didn't download with IE then the problem is not
NTFS-based ADS file tags.

You are wrong, it is precisely the tags, I don't use IE for
downloads, just FF, and I get these nags unless I disable the setting I
described.

 

[jw]

They wanted to keep track of the "zone" each file came from. A convenient
way to do it, was to add a feature via NTFS. NTFS didn't start with that
idea in kind, but the alternate stream capability, makes adding the feature
easy to do.

A previous usage of alternate streams, was by a Kaspersky AV product. They would
keep track of whether files had been scanned, or keep a checksum, so the tool
could easily tell if a file had changed. As far as I know, that's the first
third-party usage of NTFS in that way.

You should be able to use a FAT32 partition to store your downloads,
and that might mean less work for you. You don't have to use a USB
stick, if there is room to add a partition to the hard drive. With
the usage of "logical" partitions, you can have more than four
partitions on a hard drive.

If a file happens to be bigger than 4GB, then using FAT32 directly
won't be an option. In that case, doing it from "properties" is the
best option, followed by using the Sysinternals "streams" program to
get rid of the associated alternate stream.

There might be registry settings to alter the behavior, but then,
I'm less sure of the security implications (i.e. side effects of
the changes made).

Paul

Adding a partition sounds like the solution. Keep the OS on the NTFS
partition and everything else on the FAT32 one. Partition Magic can
create another partition without destroying the OS. At least I've
done that with Win98 and Win2000.

I dont much care if I have a firewall or anything like that. I only
use this laptop when I am on the road, and only to get email
(attachments are always blocked until I click "accept" on them), and
to download MP4 videos and MP3 music. (I have dialup at home, so all
my downloading is dont at WIFI spots). I've never heard of MP4 videos
or music files being much of a risk anyhow.

I've never downloaded anything even close to 4 gigs. Even a fast WIFI
connection takes darn near a half hour to download 250 megs, (a
quarter of a gig) and that is about the biggest files I have
downloaded. (big videos). I dont use torrents, download netflix
movies or anything like that. If I do download a program (.exe or
..zip), I do it in Win98, then manually scan it. Win98 is almost virus
safe these days. Just got to watch for spyware.

Thanks again to all.

 

[jw]

| The you guys taught me that the whole problem is not XP in itself, but
| that goddamn NTFS formatting.

No, it's not NTFS that's the problem. NTFS is only
a problem in terms of access restrictions. The inane
nags are just Microsoft's idea of security improvement.

If you didn't download with IE then the problem is not
NTFS-based ADS file tags. I have a hard time remembering
all the convoluted problems with XP, in terms of which
thing causes which. I don't remember whether what you're
talking about is just a SP2 thing, or maybe caused by
Windows firewall, or something else. But I think the two
things I linked in the previous post should fix the problem.
If you prefer not to download things you don't know
about then you can do it by hand. Are you familiar with
the Registry? Try these:

value: HKCU\Software\Microsoft\Internet Explorer\Download\CheckExeSignatures
data: "no"

value: HKCU\Software\Microsoft\Internet
Explorer\Download\RunInvalidSignatures data: 1

value:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\LowRiskFileTypes

data:
.zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav;.flv

Add any file extensions you like to that last value.

Since you didn't mention a source of the warnings I'm
guessing they come from the Windows Security Center.
Have you considered turning that off altogether and
replacing it with a decent firewall? Neither the Windows
AV nor the firewall is highly rated. And as usual with
Microsoft products, they've made the firewall settings
far too complex for people to deal with.

Unfortunately, while XP can be tamed into a reasonable
facsimile of civility, it takes work. You have to hunt down
the different nags, information balloons, warnings, etc.

Switching from NTFS to FAT: There's an option when you
install XP fresh. There's also a FAT -> NTFS converter in
Windows, but there's no way I know of to reverse it. (I'm
sure there must be, but Microsoft doesn't release that info.
because it would provide an easy way to bypass NTFS
security.) It may be possible to somehow copy a disk image
to a FAT32 partition as a way to convert it, though I don't
know of any solution offhand. But if you're stuck with NTFS
it is possible to make it virtually invisible:

* Always run as Administrator.

* Disable Windows Firewall/Security Center.
(But make sure you install another firewall.)

* Disable the nonsense, as per my earlier links.

* There's always new nonsense, so avoid updating
IE or other MS software. If you don't use IE as your
primary browser there's no reason to install a new
version. Each new version adds more problems, nags,
restrictions. (Some of the nags are actually very
sensible, but as you've discovered, Microsoft doesn't
make it easy to turn them off. So a useful nag turns
into a maddening harassment.)

Firewalls: For what it's worth, one person's research:

I wanted a non-bloated, non-spyware firewall that allows
specific control both incoming and outgoing, without that
being a big production. After researching and trying several
high-rated options, I settled on Online Armor v. 4.0.0.15 Free.
OA was later sold. The download now is bloated to twice the
size and when I tried updating, OA had been turned spyware.
(I don't remember the details exactly. I think it wanted to
keep in touch with the Emisoft site as part of an ongoing
salespitch.) I re-installed 4.0.0.15 and that's been fine. But
there is one thing I don't like about it: It does a disk access
every few seconds for no good reason.

Maybe others here will have better information about firewall
options.

I should be able to do these registry modifications. I've never
messed with the registry in XP, but did it hundreds of times in Win98,
and never had a problem.

By the way, another question.
Since this laptop did not come with an XP install CD. (XP Pro), it's a
Lenovo IBM laptop, if I was forced to reinstall XP, do I need the
specific CD made for this Lenovo model, or can I just use any
"generic" XP Pro CD, and use the XP serial number listed on the
computer? I do have a generic XP pro CD (copy).

 

[Tim Meddick]

If you right-click on any such "potential security issue" file, and choose
"Properties" - on the first "General" tab, you should see an extra section
at the bottom entitled "Security" (just below the Read-Only & Hidden
"Attributes" section).

This section has the following notice by way of explanation ;

This file came from another computer and might be blocked to help protect
this computer.

- it then has an associated command button next to the notice entitled
"Unblock" - click on this button and then on [OK] to cancel the security
warning for this file.

==

Cheers, Tim Meddick, Peckham, London.

 

[Tim Meddick]

A standard XP disk will do, although you may have to go to your
manufacturers websites to obtain some drivers. But you must have the valid
license key for a retail XP Installation disk and it can only be installed
on one machine at any one time.

==

Cheers, Tim Meddick, Peckham, London.

 

[Patok]

I should be able to do these registry modifications. I've never
messed with the registry in XP, but did it hundreds of times in Win98,
and never had a problem.

Read my previous message - you don't need to do any registry edits.

 

[jw]

Read my previous message - you don't need to do any registry edits.

Yep. just do the thing you said from control panel. Thanks. I will
be doing that.

 

[jw]

If you right-click on any such "potential security issue" file, and choose
"Properties" - on the first "General" tab, you should see an extra section
at the bottom entitled "Security" (just below the Read-Only & Hidden
"Attributes" section).

This section has the following notice by way of explanation ;

This file came from another computer and might be blocked to help protect
this computer.

- it then has an associated command button next to the notice entitled
"Unblock" - click on this button and then on [OK] to cancel the security
warning for this file.

==

Cheers, Tim Meddick, Peckham, London.

Yes, I found that by accident and was doing it, but when I have 70
videos to unlock and must do it one at a time, well, it's a pain in
the ass to say the least.....

Thats why I was asking if there is a way to batch unlock all of them.
But the advice I got on here gives me several great options.

Thanks

 

[Mayayana]

| > If you didn't download with IE then the problem is not
| > NTFS-based ADS file tags.
|
| You are wrong, it is precisely the tags, I don't use IE for
| downloads, just FF, and I get these nags unless I disable the setting I
| described.
|
I do have trouble keeping track of all this security
nonsense in XP. But if you're downloading with FF then
how does the file get tagged? And why is the setting
in Internet Options (which is really just IE settings)?
I wonder if we may be talking about two different things:
IE zone markers vs safe file types.
....But I'm not sure offhand how it all fits together.

The only other way I can think of that your FF files
get tagged is if you're using the Windows firewall and
that's doing it. But that seems a bit farfetched.

 

[Patok]

| > If you didn't download with IE then the problem is not
| > NTFS-based ADS file tags.
|
| You are wrong, it is precisely the tags, I don't use IE for
| downloads, just FF, and I get these nags unless I disable the setting I
| described.
|
I do have trouble keeping track of all this security
nonsense in XP. But if you're downloading with FF then
how does the file get tagged? And why is the setting
in Internet Options (which is really just IE settings)?
I wonder if we may be talking about two different things:
IE zone markers vs safe file types.
...But I'm not sure offhand how it all fits together.

I don't think these are exclusively IE settings - remember that one
accesses them in Control Panel under *Internet* options. Clearly a
leftover from when M$ decided to "prove" that IE is an integral part of
Windows, and embedded basic functionality deeply into it. If you look at
all the options in Internet Options, you'll see that while indeed the
majority concern IE, there's quite a lot of basic network stuff, VPN
settings and such.

The only other way I can think of that your FF files
get tagged is if you're using the Windows firewall and
that's doing it. But that seems a bit farfetched.

No, I think it rather is the case that when FF downloads something,
it either honors these attributes and marks the file as coming from
outside, or calls a Widows download function, which being part of
Windows, tags it. Case in point, when downloading a file from outside,
using different methods:

- FF, right click on link and chose "Save As": the file *is* marked
- FF, right click and use Download Helper to save a video from YouTube
(Download Helper is a nifty add-on to extract and save embedded audio
and video): the file *is* marked
- FF, right click on link and chose Down Them All (another add-on
download accelerator able to selectively download elements of a page):
The file is *not* marked. I think the reason is because DTA starts
several download streams in parallel to speed things up (if the source
page allows it), and therefore recreates/combines the file locally. From
the POV of Windows, it becomes a locally created file.
- Torrent download with any client: the file is *not* marked, I think
for the same reason - it is downloaded in pieces and reconstructed.

In short, the function FF uses to download a file in a single stream,
from beginning to end, marks it as coming from outside for whatever
reason. The solution is to use Down Them All when possible, if one
doesn't want to turn off the warning in Windows. Unfortunately that
doesn't work in all cases, as there're sites that want you to click on a
"Download" button to start the download themselves; for these cases the
nag is inevitable.

 

[Mayayana]

I have IE6 but with XP SP3. I don't have any
setting named "Launching applications and unsafe files"

|
| - FF, right click on link and chose "Save As": the file *is* marked

Interesting. I might have to research this for my
own curiosity. (I research when I want to figure
out how to handle these things, but then I forget
the details later.

You're not using the Windows firewall?

 

[Patok]

I have IE6 but with XP SP3. I don't have any
setting named "Launching applications and unsafe files"

That's strange. On the Security tab, when you click Custom level...
for Internet, down in the Miscellaneos category? Which is between Enable
..NET framework setup and Scripting?

It could be a feature added by later IEs, since they intertwine with
everything, Windows Explorer too. I have IE7.

| - FF, right click on link and chose "Save As": the file *is* marked

Interesting. I might have to research this for my
own curiosity. (I research when I want to figure
out how to handle these things, but then I forget
the details later.

You're not using the Windows firewall?

I am, but why do you think it has anything to do? I don't believe the
firewall messes with NTFS to change file attributes; it just prevents
connections (or not). And Firefox is in the exception list.

 

[Mayayana]

| > I have IE6 but with XP SP3. I don't have any
| > setting named "Launching applications and unsafe files"
|
| That's strange. On the Security tab, when you click Custom level...
| for Internet, down in the Miscellaneos category? Which is between Enable
| .NET framework setup and Scripting?
|

I don't have "Enable .Net...". The last item under Misc.
is "Websites in less privileged content zone...". Somewhere
there's a listing of which settings were added with each
IE version, but I don't have a link offhand.

I think I figured this out, though. I still don't know whether
the problem (besides IE) is Firefox or whether it's the Windows
firewall. I suspect it's the latter. In any case, the setting is
here:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation

Set the value to 1.

For anyone who wants to set it, copy this text to Notepad,
save as a .reg file, right-click, and click Merge:

---------------- begin text--------------

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation"=dword:00000001

--------------end text -----------------------------

Watch out for wordwrap.

I hadn't heard of that setting. It may be something that
MS added later due to complaints.

The setting stops the saving of zone information, but does
not clean it from existing files. Those would need to be
unblocked, or processed through any ADS cleaner tool.