Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Microsoft is scanning the inside of password-protected zip files for malware (arstechnica.com)
9 points by redbell on May 16, 2023 | hide | past | favorite | 10 comments


This is a super interesting thread on what is likely really happening.

https://twitter.com/vessonsecurity/status/165837343256259788...


This seemed more like a twenty-tweet rant which concluded with "Microsoft can just check the hash of the .zip".


> One way is to extract any possible passwords from the bodies of an email

Holy shit. Microsoft is scanning emails looking for passwords? That's well over the line of acceptable behavior.


"I think asking a mainstream cloud storage provider to host malware--for whatever purpose--is a tough ask"

With the aggressive way onedrive has evolved it is harder to keep your files off there rather than having to ask them to store files on there. They simply take them and continually obfuscate the routes to disabling onedrive.

After a recent windows update knedrive completely hosed several of my folders. Not because they contained mallard but because onedrive decided it was better to move my files to the cloud rather than keeping them on my drove where they belonged. Trying to recover the files. Remove them from one drive and disable the service again was much more involved than it should have been.


> They simply take them and continually obfuscate the routes to disabling onedrive.

That's an understatement. I've been trying to disable it for months now, but I keep failing.


1. Use 7-zip and check "Encrypt file names".

2. Use a strong password, not "infected" which could be guessed in less than a second.

3. Host your own file server (Linux based with no antivirus). Don't use OneDrive or any other cloud storage.

4. Backup to burned CDs / DVDs which can only be written to once so the files cannot be automatically deleted by antivirus software.

You'd think SECURITY RESEARCHERS would have a little more common sense than this.


Your may have misunderstood the point of this post


> You'd think SECURITY RESEARCHERS would have a little more common sense than this.

This "cloud" thing promised to "backup my data", not "delete it because it thinks it's a virus".


It's worth noting that password-protected zip files offer only minimal assurance of content security. As mentioned, ZipCrypto encryption can be easily overridden. Exploring alternative encryption methods, such as AES-256 encryptors, could provide stronger protection for sensitive files.


“At the same time, this practice almost surely has prevented large numbers of users from falling prey to social engineering attacks attempting to infect their computers.”

I don’t know if they have any hard evidence to back this claim or it’s just that, a claim?




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: