Open File - Security Warning --- Do you want to open this file?

[UK-Tim]

Open File - Security Warning --- Do you want to open this file?

I've been seeing this warning quite a lot lately, particularly on simple jpg files I've download from the net to my desktop.

I reckon this warning started around 18 months ago, and has really started to niggle me. So over the last few days I've been trying to stop it, mostly trying to use:- SEE_MASK_NOZONECHECKS=1 as an environment variable. But I now think this approach is probably a non-starter.

I've been using the same European 'N' version Windows XP Pro SP3 with a Volume licence key since around 2012. It has no updates installed, except KB4012598 the 2017 wannacry patch, and so still has IE6 installed, and isrunning with no installed firewall or virus checker.

I've been working on the problem for a few days now, and I think I've finally got some answers.

The release of SP2 added a new raft of security features to XP. One of these was to attach "Zone" information to files on your hard drive about where the file originated from. The "Zone" information could then be used by XP to control access to that file. However the "Zone"information could only be attached to your files if you were using the NT file system (NTFS), I on the other hand nearly always used Fat32, until18 months ago.

I wish to continue to use NTFS, but would like to stop this "Zone" information being attached to my files, and the following procedure appears to work, but NOT on XP Home edition.

>From the Start menu select Run... and enter "gpedit.msc".
This will bring up a "Group Policy" dialog.
Select:- User Configuration / Administrative Templates / Windows Components / Attachment Manager
Then set "Do not preserve zone information in file attachments" to Enabled.
Then close the dialog.

The above procedure doesn't remove the "Zone" information from existing files, but does seem to stop any more being attached during future downloads.

I've done very little testing, so be careful if you try it yourself.

 

[cleverscreenname]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation"=dword:00000000

After applying that setting and rebooting, remove Zone info from all your existing files by zipping/raring into an archive, then uncompressing again. As you have noticed, Group Policies only work on Professional OS's, not Home OS's. The tweaks are valid, they just don't get applied (thanks Micro$oft, gotta love the Upselling).

I've been using that for, oh man, almost as long as XP has existed I too, was a LONGtime hold out on FAT32 (loved my 9x dual booting), until I finally tested booting speeds and saw their claim is true: even though a MFT is much bigger than a FAT, the OS still boots faster because it only has to read a portion of the MFT, compared to reading the entire FAT. The cherry on top is Glarysoft Quick Search searches entire NTFS drives almost instantly, because it reads the MFT directly, as opposed to the much slower searching through FAT drives.

Want the rest of my tweaks .REG file? Very nice stuff in there, obviously read thru it first and remove any you don't want. REG files and Regedit always work on all OS's, Home and Professional.

 

[we3fan]

@cleverscreenname
Hi CSN, which version of Quick Search you use on your Win XP?

 

[UK-Tim]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation"=dword:00000000

After applying that setting and rebooting, remove Zone info from all your existing files by zipping/raring into an archive, then uncompressing again. As you have noticed, Group Policies only work on Professional OS's, not Home OS's. The tweaks are valid, they just don't get applied (thanks Micro$oft, gotta love the Upselling).

I've been using that for, oh man, almost as long as XP has existed I too, was a LONGtime hold out on FAT32 (loved my 9x dual booting), until I finally tested booting speeds and saw their claim is true: even though a MFT is much bigger than a FAT, the OS still boots faster because it only has to read a portion of the MFT, compared to reading the entire FAT. The cherry on top is Glarysoft Quick Search searches entire NTFS drives almost instantly, because it reads the MFT directly, as opposed to the much slower searching through FAT drives.

Want the rest of my tweaks .REG file? Very nice stuff in there, obviously read thru it first and remove any you don't want. REG files and Regedit always work on all OS's, Home and Professional.

Cool, I'm glad you posted that .reg, as it's shown me by example, the difference between Policy & Group Policy.
I have now deleted the group policy sections from my registry and also created two verbose reg files called:-
"Attach Zone Info Off.reg" & "Attach Zone Info On.reg"

Want the rest of my tweaks .REG file?

Certainly, particularly if it contains the fabled undocumented entry?
"StopMakingMyLifeSooBloodyDifficult"=dword:00000001

I also love 98, and use it in conjunction with Codeblocks, for a Hires programming environment with 100% hardware access without OS interference. My main pc has three boot partitions, one being 98, and fifteen or so logicals of which, at least are fat32 for 98 use.

Copying a jpg with attached zone info to a fat32 partition and then back again (over write) created a different scenario. It still prompted for permission to open, but the tick box was missing!? However if I instead, copied them back into a temp directory the zone info was not reattached.

9x dual booting
Have tried this, or similar?

Suppose you have a hdd with 3 primary partitions plus a logical partition drive 'd'.
The primary that gets booted, and becomes the C drive is controlled by a boot manager such as Boot-US.

Now lets say partition-1 (p1) has a fresh new XP installed, (p2) also has a fresh new XP installed and p3 has a fresh new win2k installed.(No drivers yet in any system)
Now we boot on p3 win2k, and we make a directory called XP-P1 and another called XP-P2 on the logical d drive.
Next we copy 6 things from the p1 partition (Just another drive in my computer) to the directory called XP-P1 on the logical d drive.
Next we copy 6 things from the p2 partition (Just another drive in my computer) to the directory called XP-P2 on the logical d drive.

The 6 things are:-
3 files called NTDETECT.COM, boot.ini and ntldr
3 Directories called WINDOWS, Documents and Settings and Program Files.
about 1.2GB per XP system.

Now we can format p1 & p2 and then copy the systems back, and they will work just fine when re-booted. we can also change the format fromntfs to dos32 or vice versa as long as we re-run the Boot-US install process so that it is aware of the FS change, before we actuallyreboot. what we can't do is install XP-P2 system on the p1 partition orvice versa.

Next we can boot on XP, p1 or p2 and use Killcopy (just copy app) to copy the p3 Win2k to a directory called 2K-P3 on the logical d drive.
(I use killcopy, because XP, if left to it's own devices will make modifications to the files)
The 6 things are:-
3 files called NTDETECT.COM, boot.ini and ntldr
3 Directories called WINNT, Documents and Settings and Program Files
about 630MB per 2K system.

Taken to it's logical conclusion we will end up with 3x 2k and 3x XP systems. All clean, fresh and Un-fragmented and ready to go.
Next use them to make 6 more but with drivers installed etc.

This method works even with win11 (GhostSpectre versions), but using SnapShot.exe v1.5 instead of Killcopy.

Never boot on a different system if the previous system is hibernated,as it will make a mess of the FS when it comes out of hibernation.

When starting from scratch with Partition Master, rebuild the MBR before exiting.


My tools of choice are:
Boot-US v2.1.8 (Install on a logical drive)
EASEUS Partition Master v7.1.1 (NOT MiniTool Partition Wizard,due to Boot-US partition alignment issues)
Killcopy v2.85
SnapShot.exe v1.5
Pqboot.exe on a win98 boot device, for when things go wrong.

 

[cleverscreenname]

GlaryQuickSearch5.35.1.134_2021aug09.exe

 

[cleverscreenname]

That's funny, and not surprising, that XP was lazy enough to leave the zone info for a file you overwrote. Guess Microsoft never imagined someone would do that
Yes pure hardware access is nice, such as using DOS partition editors inside Win9x hahaha, try not to corrupt the drive after! But that's also how we got more crashes, from buggy programs...

What you're describing... I absolutely hate how Microsoft OS's muck with your boot setup when you install something, because they want you to use their crippled overly-complicated and inter-connected boot menu instead of an independent clean 3rd party solution.
Ranish Partition Manager has a few different boot menus it can install, some pretty GUIs that need their own partition, or an optimized text menu that doesn't require its' own precious-few primary partition. Speaking of alignment, I use Ranish to specify my exact starting sector, I typically use 65536 for an 8mb start, and the previous 8mb I put in a Fat12 DOS boot to quickly run Ranish, cd drivers, WDIdle3, and whatever other DOS tools on all my drives.

By the way, it's nice that formatting NTFS automatically installs XP's boot sector (into that partition) so you can boot XP by simply copying the Windows folder (and Documents and Settings and NTLDR and ntdetect.com)
So yeah I do my best to backup and hide other partitions (and change the ID to something unsupported like ext-swap or BeOS) before I install a Windows, because I want it to stay independent. Thanks for mentioning your tools, I'll check them out. I previously used XXcopy to make a Fat partition XP bootable without the time-sink of using XP's boot cd. EaseUS is great stuff, superior to still-awesome MiniTool, but I have to use AOMEI Partition Assistant on my XP64 running native AHCI (SATA) mode, because the drivers identify as SCSI. AOMEI supports non-destructive partition resizing, and has a rare ntfs2fat32 conversion tool!
That SCSI is the same reason I have to use Ashampoo HDD Control 3 to change my hard drive AAM and APM.

The main tweaks that are appropriate for power users that don't want nannies (like the Security Center service) are eXPerience ME.reg
The semicolon ; changes a line into a comment and Regedit ignores it, so you'll see those for settings that maybe not everyone wants, such as how I have my system auto-login to the built-in Administrator account with no password, because I'm HardCore hahaha.

BeepDisable is talking about the internal PC speaker the size of your fingernail that beeps when your BIOS boots, and, if you don't have sound card drivers installed, will beep everytime Windows tries to play a sound.

ContiguousFileAllocation would be really NICE if it ACTUALLY WORKED but I've never seen XP actually follow the instructions which makes my blood BOIL, because I like a nice clean organized unfragmented disk. I audited it with DiskView.exe to see the exact clusters occupied by any file.

DMAreset: When a drive has developed enough bad sectors that Windows had to retry read/writes too many times that Windows downgrades the connection speed in assumption that the cable connection or drive firmware can't keep up with the current ATA speed. DMA Reset (works on SATA too) restores your speed, assuming you switched out the failing hard drive, remapped the bad sectors with HDDregen/SpinRite/etc, or simply want to continue stretching your luck on a failing drive LOL.

DriverSearching is about when you install new drivers via Control Panel, cutting out these extra sources will greatly decrease your task time.

Prefetcher, you probably want it on since it's usually helpful, so don't turn it off unless you understand how it works.

Reset SATA is talking about migrating across motherboard/hard disk controller drivers without reinstalling Windows. It's one of many things "Sysprep /Generalize" does.

Also, more advanced, I can post instructions for anyone that wants to turn off SystemFileChecker which gives a huge speed-up, especially during installation programs. It'll make null-and-void the DLLCache folder in System32, so you can delete that and free up atleast 500mb. SFC was supposed to provide lots of protection against viruses and buggy programs, but like most things Microsoft makes, it became obsolete shortly after creation, doesn't do its' job in the slightest, and greatly slows down the computer!

NoFindInsideZip is pretty self explanatory, just like the other filenames and may be useful if you're still using XP's ancient pathetic purposely-slowed-down search tool. Why does XP's tool take 10-20 minutes to search a drive when Glary's Quick Search does it in under 2 seconds?

I can attach any of these files individually if someone would like, but since there are 30 I assumed people would prefer a .zip for 30 less clicks!