On Mon, 25 Jun 2007 18:29:31 +0200, "Francois PIETTE"
I've done the test with the mail. Here is the result: Vista block the bat
file when trying to extract from the zip file saved from the mail I sent to
myself. There was no problem to extract from the original zip file.
So I confirm it is a problem with security settings in the system. I used
"Windows Mail" to send/receive the mail with teh attached zip file.
Where are the security settings ?
I don't know if it's changed, but when IE4's OE and MS Office 2000's
Outbreak debuted HTML "message text", it was handled in the Internet
Zone by duuuuhfault, tho you could set it to Restricted Zone.
IOW, the "security model" in those days was along the lines of IE's
security zones, not NT/NTFS's permissions, account rights, etc.
Bubbleboy PoC'd malware attack via scripts embedded in "message text".
then Kak went wild, then San and Valentine dropped destructive
payloads into the same email mechanism, as AFAICR did BleBla.
Throughout all of this, MS kept shipping these HTML-aware email
clients in Intrernet Zone by duuuuhfault. In fact, it was only with
Windows and MS Office XP that this changed - at last, the default is
Restricted Zone. This may be what's biting you in Vista, or it may be
a separate setting somewhere within Windows Mail.
Personally, I just avoid MSware email apps and use Eudora instead.
I guess I have to use secpol.msc. I'd like to know where to search
because there are so much items to try !
I'd start with IE's security zone settings and details, then look for
settings within Windows Mail - something like latter-day OE's "block
dangerous attachment types" checkbox. It would be good security to
propagate that block down through contents of .ZIP archives, even when
they are moved. Chances are the marker might be an ADS; look for
that, or exclude it by copying the downloaded copy of the .zip to a
FATxx file system, try again from there, then if no joy, rename and
try again (in case the name is tracked somehow).
I have not used IE7 to get the file. It was sent by email.
OK. Both OE and Outlook used to work with IE's security zones, and in
fact passed the message "text" to the same HTML rendering engine. As
I say, I don't know whether that has changed in Vista; I suspect not,
in that HTML is such a significant risk surface, I doubt if it would
be duplicated. Let's see if a search picks up anything... yep!
http://windowsvistablog.com/blogs/w...indows-vista-and-protection-from-malware.aspx
"While Windows Mail blocks running executables even when they are
included in a .ZIP file, other email clients could as well if they
used a technology available (via APIs) in Windows called Attachment
Manager (AM), first introduced in Windows XP Service Pack 2"
http://technet2.microsoft.com/Windo...e919-49c8-bdd1-715b56995cba1033.mspx?mfr=true
(I see why you're referring to Group Policy}
Not finding what I was looking for; the role (if any) of ADS in
tagging such content.
