Windows users who installed the October 2025 Security Updates may have noticed an unexpected change if they use the Windows Explorer preview pane. When previewing many downloaded files, the preview is now replaced with the following text: While it also occurs when viewing files on remote Internet Zone file shares, the problem doesn’t occur forContinue reading “Windows Shell Previews – Restricted”
Tag Archives: MoTW
Debugging Chromium
A customer recently complained that after changing the Windows Security Zone Zone configuration to Disable launching apps and unsafe files: … trying to right-click and “Save As” on a Text file loaded in Chrome fails in a weird way. Specifically, Chrome’s download manager claims it saved the file (with an incorrect “size” that’s actually theContinue reading “Debugging Chromium”
Mark-of-the-Web: Real-World Protection
Two years ago, I wrote up some best practices for developers who want to take a file’s security origin into account when deciding how to handle it. That post was an update of a post I’d written six years prior explaining how internet clients (e.g. browsers) mark a file to indicate that it originated fromContinue reading “Mark-of-the-Web: Real-World Protection”
Attack Techniques: Trojaned Clipboard
Today in “Attack techniques so stupid, they can’t possibly succeed… except they do!” — the trojan clipboard technique. In this technique, the attacking website convinces the victim to paste something the site has silently copied to the user’s clipboard into a powerful and trusted context. A walkthrough of this attack can be found in theContinue reading “Attack Techniques: Trojaned Clipboard”
SmartScreen Application Reputation, with Pictures
Last Update: Sept 3, 2025 I’ve previously explained how Chromium-based browsers assign a “danger level” based on the type of the file, as determined from its extension. Depending on the Danger Level, the browser may warn the user before a file download begins in order to confirm that the user really wanted a potentially-dangerous file.Continue reading “SmartScreen Application Reputation, with Pictures”
Mark-of-the-Web: Additional Guidance
I’ve been writing about Windows Security Zones and the Mark-of-the-Web (MotW) security primitive in Windows for decades now, with 2016’s Downloads and MoTW being one of my longer posts that I’ve updated intermittently over the last few years. If you haven’t read that post already, you should start there. Advice for Implementers At this point,Continue reading “Mark-of-the-Web: Additional Guidance”
MHTML in Chromium
The MHTML file format (aka “Webpage, single file”) allows a single file to contain the multiple resources that are used to load a webpage (script, css, images, etc). Edge (Chromium) has an option to use the format when saving the current page via Ctrl+S or the Save page as… menu command: … but the browser’sContinue reading “MHTML in Chromium”
Security Zones in Edge (and Chrome)
Last updated: 25 March 2025 Browsers As Decision Makers As a part of every page load, browsers have to make dozens, hundreds, or even thousands of decisions — should a particular API be available? Should a resource load be permitted? Should script be allowed to run? Should video be allowed to start playing automatically? ShouldContinue reading “Security Zones in Edge (and Chrome)”
Private Browsing Mode
Note: This blog post was originally written before the new Chromium-based Microsoft Edge was announced. As a consequence, it includes discussion of the behavior of the Legacy Microsoft Edge browser. The new Chromium-based Edge behaves largely the same way as Google Chrome. Last Update: 13 June 2025 InPrivate Mode was introduced in Internet Explorer 8Continue reading “Private Browsing Mode”
Downloads and the Mark-of-the-Web
Last update: October 28, 2025 Background To help protect the user and their device, Windows and its applications will often treat files originating from the Internet more cautiously than files generated locally. The Windows Security Zones determination process is most directly implemented by the MapURLToZone API; that API accepts a URL or a file pathContinue reading “Downloads and the Mark-of-the-Web”
text/plain 