Tag Archives: MoTW

Windows: Choose Where To Get Apps

Modern versions of Windows offer a setting named “Choose where to get apps” which can reduce attack surface by limiting the locations from which applications can be installed. Internally, we’ve called this feature “Smart Install”. By default, this option is set to “Anywhere“, which means that Windows will allow an executable downloaded from the InternetContinue reading “Windows: Choose Where To Get Apps”

Windows Shell Previews – Restricted

Windows users who installed the October 2025 Security Updates may have noticed an unexpected change if they use the Windows Explorer preview pane. When previewing many downloaded files, the preview is now replaced with the following text: While it also occurs when viewing files on remote Internet Zone file shares, the problem doesn’t occur forContinue reading “Windows Shell Previews – Restricted”

Debugging Chromium

A customer recently complained that after changing the Windows Security Zone Zone configuration to Disable launching apps and unsafe files: … trying to right-click and “Save As” on a Text file loaded in Chrome fails in a weird way. Specifically, Chrome’s download manager claims it saved the file (with an incorrect “size” that’s actually theContinue reading “Debugging Chromium”

Mark-of-the-Web: Real-World Protection

Two years ago, I wrote up some best practices for developers who want to take a file’s security origin into account when deciding how to handle it. That post was an update of a post I’d written six years prior explaining how internet clients (e.g. browsers) mark a file to indicate that it originated fromContinue reading “Mark-of-the-Web: Real-World Protection”

Attack Techniques: Trojaned Clipboard

Today in “Attack techniques so stupid, they can’t possibly succeed… except they do!” — the trojan clipboard technique. In this technique, the attacking website convinces the victim to paste something the site has silently copied to the user’s clipboard into a powerful and trusted context. A walkthrough of this attack can be found in theContinue reading “Attack Techniques: Trojaned Clipboard”