Let me add some more information on this problem.
First, what happens here? When an exe file is downloaded through
Internet Explorer and saved to an NTFS partition, WinXP adds an
attribute to the MFT (Master File Table) that defines the security
settings of this particular file.
Quote from Microsoft:
----------
File Systems
Every allocated sector on an NTFS volume belongs to a file. Even the
file system metadata is part of a file. NTFS views each file (or
folder) as a set of file attributes. Elements such as the file name,
its security information, and even its data, are all file attributes.
Each attribute is identified by an attribute type code and,
optionally, an attribute name.
When a file's attributes can fit within the MFT file record for that
file, they are called resident attributes. Information such as file
name and timestamp are always resident attributes. When the
information for a file is too large to fit in its MFT file record,
some of the file attributes are nonresident. Nonresident attributes
are allocated one or more clusters of disk space and are stored as an
alternate data stream in the volume. NTFS creates the Attribute List
attribute to describe the location of all of the attribute records.
-----------------
In this particular case the attribute added looks like this:
-------
[ZoneTransfer]
ZoneId=3
----------
You can view the NTFS Alternate Data Streams for every file on your
system using the "NTFS Streams Info" programme:
http://www.isgeo.kiev.ua/shareware/index.html
You can also use it to batch-remove all the security data that was
added to the MFT for every single file that was downloaded through IE
after the installation of SP2.
Why this might be helpful? Because the solution provided in my
previous post is not the most secure one, since you have to define exe
files as "low risk type".
Instead, you should rather tell the system not to "mark" the
downloaded files with the security attributes. Here's how (found on
some forum through google):
--------
To prevent Windows from storing Zone Info in the downloaded files:
Group Policy > User Configuration > Administrative Templates >
Windows Components > Attachment Manager.
Enable "Do not preserve zone information in file attachments".
---------------------
This will result in files NOT being marked with the ZoneTransfer
attribute upon download. And without this attribute - no warning upon
execution (which is our aim, after all).
However, the files you've already downloaded to your harddisk are
already marked with the security attribute and have to be unmarked,
otherwise they will continue bugging you with the publisher security
notification. Here's where the Batch Delete ADS function of the NTFS
Streams Info programmes comes in handy.
Or just copy all the "ADS marked" files from an NTFS partition to a
FAT partition and back. Since FAT doesn't support the NTFS features,
the Alternate Data Streams will disappear.
Beware, however, that they are cached by the system, so if you just
copy the files to FAT and immediately back to NTFS, without restarting
the pc, the attributes might reappear. So I'd say, to spare the
hassle, just use one or another programme that can batch remove
specific ADS from all the files on a specified partition.
BTW, considering how everybody bitches about the security holes in
Internet Explorer I cannot help accentuating the fact that in this
case it's the alternative browsers like opera that pose a threat,
since they fail to add the security attributes to the files downloaded
through them.
Consequence? Publisher is not verified. This whole publisher
verification may be annoying to professionals, but is definitely a
good feature in order to prevent newbies from executing malicious code
on their computers. Meaning people using Opera are more susceptible to
viruses etc.
lol. This is funny. The opera supporters are really running out of
arguments why one should use their browser.