WinRAR 7.10, released yesterday, brings several features that enhance the tool’s performance and usability. One notable improvement is its ability to strip certain data from files flagged by Microsoft’s Mark-of-the-Web (MoTW) security feature. This update introduces a new setting called “Zone value only,” which disables the propagation of alternate data streams containing sensitive information when extracting files.
The MoTW, also known as Zone.Identifier, is an alternative data stream added to files downloaded from the internet. It tells Windows and supported applications that the file was downloaded from another computer or the internet, potentially making it a security risk if opened by unauthorized users.
With WinRAR 7.10’s new setting, users can choose to strip only the security zone value from MoTW data when extracting files, reducing the potential for sensitive information disclosure. This feature is particularly useful for those who want to prioritize strict privacy and security.
While some may view this as a hindrance to digital forensics, it provides an added layer of protection against malicious actors targeting zero-day flaws in Windows’ security warnings. For now, users can disable MoTW data propagation by unchecking “Zone value only” in the WinRAR settings > Security section, ensuring they maintain control over their file’s metadata.
Source: https://www.bleepingcomputer.com/news/security/winrar-710-boosts-windows-privacy-by-stripping-motw-data