New WinRAR Version Strips Windows Metadata In Privacy Push

WinRAR 7.10 now lets users remove potentially sensitive metadata from downloaded files while preserving core Windows security features. The file compression tool's latest release introduces a "Zone value only" setting that strips download locations and IP addresses from Windows' Mark-of-the-Web security flags during file extraction.

The new privacy control, enabled by default, maintains only the basic security zone identifier that triggers Windows' safety prompts for downloaded files. This change prevents recipients of shared archives from accessing metadata that could reveal where files originated. The update from win.rar GmbH, whose compression software claims 500 million users worldwide, also adds performance improvements through larger memory page support and introduces a dark mode interface.

Re:

[Valgrus Thunderaxe]

You're not a pirate or don't use Windows 95.

That was WinZip

[ebunga]

Different company, now owned by Corel, err, Alludo.

Alludo is a stupid name it sounds like they are doing something illegal. I mean, I know the original Corel guy was literally up to no good, but Alludo is worse in every way.

Huge in China

[_merlin]

For some reason, RAR is the de facto standard compression format in China. Don't ask me why. Probably some coincidence.

Re: Huge in China

[drinkypoo]

Maybe because their CPUs are slower ;)

Re:

[Hey_Jude_Jesus]

RAR is great for compression and encryption by AES. If you backup to the cloud you can use RAR to protect your data so the cloud provider can examine the contents and delete or ban you from their site. And if you are hacked no one else can read your data.

Is the implementation verifiable?

[OrangeTide]

There are lots of ways to encrypt a binary. Using open source utilities from a reputable project, or using proprietary utilities that use some third party auditing are the bare minimum we should accept.

There's 7zip of course, but the obvious one is just using the openssl utilities and your own script to wrap the set of command-line options you want. That lets you select from a wide range of algorithms and use larger keys instead of simply using a passcode. You can also automate backups with standard utilities and a keyring.

for non-cloud backups I prefer Restic, as I generally want incremental backups. It does have encryption too, but not as flexible as above. Again, it's open source and independently verified. But a popular project so it's a big target for attackers and potential state-sponsored attacks.

BE VIGILANT!

Re:

[heypete]

I also really like that one can add a "recovery record" (error detection/correction data to correct for bitrot or other errors) during archive creation and that record is integrated into the single archive file. While other options exist (e.g. using PAR2 files that are separate from the archive), I find them a bit clunky. Having everything in a single archive managed by a single program is nice.

Also, I've used WinRAR for decades and the user interface is familiar to me. That's a big factor.

First

[Anonymous Coward]

In before the idiotic comments of "people still use WinRAR? HAW HAW HAW!" Yes, I still use WinRAR. It's interface is MUCH better than WinZip (whose interface borders on the insane). And Windows built-in zip support is sucks ass and is limited.

Re:

[Kekke]

I Comply... Also. Winzip was bought 2009. (read Microsoft) by Corell. Ohh the Youngsters. Writing this on My win11....Doing My Sado things, enjoiying every moment.

Re:First

[Guspaz]

Nobody uses WinZip. Most people switched to 7zip.

Re:

[Anonymous Coward]

Nobody? Tell my Fortune 500 company that. Also, someone of us don't just follow the crowd. We use the software we want to.

Re:

[thegarbz]

Corporations are not people despite what the supreme court wants you to believe.

We use the software we want to.

Yeah but who *wants* to use WinZip? That would be like ... okay I remember there are people who like to dress in gimp outfits and have others kick them in the balls repeatedly so I guess someone out there wants to use WinZip.

Re:

[thegarbz]

Actually most people stopped caring about a zip program when Windows started natively supporting zip archives. Most *nerds* use 7zip (myself included). I've yet to see it on another machine.

Re:

[antdude]

Does it already strips Windows Metadata?

Re:

[Waffle Iron]

In before the idiotic comments of "people still use WinRAR? HAW HAW HAW!"

Yes, I still use WinRAR. It's interface is MUCH better than WinZip (whose interface borders on the insane). And Windows built-in zip support is sucks ass and is limited.

$ tar cvjf foo.tbz2 files...

Re:

[Waffle Iron]

It must be nice only having to use Linux. Some of us actually deal with more than one OS.

You can install WSL almost as easily as finding and installing those 3rd party zip tools. Then as a bonus you'll also have plenty of other tools to easily get all sorts of real work done.

Re:

[africanrhino]

But tha 3rd party app isn’t gonna be 4gigs

Re:

[thegarbz]

You can install WSL almost as easily as finding and installing those 3rd party zip tools. Then as a bonus you'll also have plenty of other tools to easily get all sorts of real work done.

If you're installing WSL and a distro for the purposes of extracting an archive you should really consider checking yourself into a psychiatric clinic.

Re:

[Uldis Segliņš]

If you tried real distro, WSL will feel like a toy. All kinds of it's own obstacles and a plethora of Windows issues still with you. If you are forced to use Windows, Cygwin is still way better than WSL. Not that it havent any obstacles.

Re: First

[drinkypoo]

Some of us know how to do that on Windows too

Re:

[KGIII]

If you want to, you can use winRAR on Linux via the terminal.

I don't recommend it (use PeaZip) but you can do it.

Re:

[jonwil]

Why anyone would use WinRAR when 7Zip is a thing is beyond me...

7Zip is superior to WinRAR in basically every way that matters in 2025 (including its cost since its free and open source)

how meany paying users do they have?

[Joe_Dragon]

how meany paying users do they have?

Re:

[Njovich]

Probably more than Slashdot, yet here we are

Re:

[geekmux]

how meany paying users do they have?

(Narrator) We suddenly find our curious reader resisting the urge to break out the CD-ROM archive just to see if the ol' trusty **CRAAACK3D** version of 'RaR loads up on Win10...

Re:

[fatwilbur]

https://babylonbee.com/news/gr... [babylonbee.com]

NOVI, MI — Local man Greg Hartford just made history by becoming the first person in the world to purchase WinRAR. Previously, no one had bothered to buy a license since the software's free trial can be used perpetually, essentially making it free.

"Wait, it's free?" Hartford said when asked for a comment. "But it said I had to buy a license."

WinRAR, a file archiver and data compression utility, launched in 1995 with zero sales. It is currently sold by win.rar

"strips" what shouldn't be included anyway?!

[itsme1234]

There is a lot of file-system level data that shouldn't be included in the first place, at least by default, starting with the owner of the file. Now of course everyone would like to have a way to get as much as possible: all permissions, owner, all (at least 3 in NTFS?) time stamps, alternate data streams and so on, but that's generally unwanted: you'd need to be an admin or similar to properly unpack it and set everything, and then you'll just need to find a way to fiddle with permissions/take ownership to be actually able to access the files you just unpacked! The default should just be the file name/content/directory if there is one and a time stamp. The archival/backup mode should get everything of course, but that shouldn't be the default.

Re: "strips" what shouldn't be included anyway?!

[ToasterMonkey]

Both tar and info-zip on Linux store owner/permission fs metadata by default.

These are admin tools, why shouldn't they default to storing things like origin metadata? Archives of your filesystem are not normally shared with the public, or am I missing something here. Is a zip of your filesystem something you normally share with people, and the url you downloaded an internal file from is a concern? Software publishers use installers take care of setting permissions when the internal archive is extracted. MSI

Re:

[tlhIngan]

"Mark of the web" metadata is used to indicate if a file was downloaded.

7zip inadvertently stripped the metadata which meant it disabled some additional security scanning that takes place - if you decompressed the file it didn't get applied to the inner files.

This trait was exploited by several pieces of malware to silently install themselves because Windows believed the file was obtained from a trusted source.

7zip now properly respect the flag and sets it on files unpacked from 7zip archives with the flag

Re:

[thegarbz]

WinRAR stripping it just means all the malware moves to RAR files now

WinRAR is not stripping it. RTFS.

Re:

[ToasterMonkey]

They're leaving the MotW with only the security zone, like that it came from the internet, and removing the exact url and stuff like that. So it should trigger the same response from security tools.

I want to know the bigger story, someone got caught pirating something because the download url ID'd them right.

I can't think of a plausible legit reason this would be a problem. What else gets those motw tags, office files? Someone wrote up a business proposal in Word, posted it on an external file hosting servi

I upgraded to Linux...

[Hey_Jude_Jesus]

Just sayin...

Re: I upgraded to Linux...

[Slashythenkilly]

Upgrade is an understatement. Windows has become embarassing.

Windows - Group Policy - Do not preserve zone info

[JakFrost]

I just had to enable this policy setting to disable the zone information alternate stream since I copied some files from my old laptop to my new work laptop and I had to use the IP address because the idiots that manage DNS disabled automatic DNS registration for VPN clients. So now I could not find my old machine by the name had to use the IP address. So every single file from my documents folder that I was migrating ended up getting marked with the zone information in the mark of the web as being downloaded from the internet.

Windows - Group Policy - User, Windows Component's, Attachment Manager

https://learn.microsoft.com/en... [microsoft.com]

./User/Vendor/MSFT/Policy/Config/AttachmentManager/DoNotPreserveZoneInformation

This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows can't make proper risk assessments.

        If you enable this policy setting, Windows doesn't mark file attachments with their zone information.

        If you disable this policy setting, Windows marks file attachments with their zone information.

        If you don't configure this policy setting, Windows marks file attachments with their zone information.

Power shell - Unblock-File

https://learn.microsoft.com/en... [microsoft.com]

Get-ChildItem -Recurse -File |
Unblock-File

The Unblock-File cmdlet lets you open files that were downloaded from the internet. It unblocks PowerShell script files that were downloaded from the internet so you can run them, even when the PowerShell execution policy is RemoteSigned. By default, these files are blocked to protect the computer from untrusted files.

Before using the Unblock-File cmdlet, review the file and its source and verify that it is safe to open.

Internally, the Unblock-File cmdlet removes the Zone.Identifier alternate data stream, which has a value of 3 to indicate that it was downloaded from the internet.

For more information about PowerShell execution policies, see about_Execution_Policies.

This cmdlet was introduced in Windows PowerShell 3.0.

Re: Windows - Group Policy - Do not preserve zone

[JakFrost]

I almost forgot the good old SysInternals Streams command.

https://learn.microsoft.com/en... [microsoft.com]

Streams.exe -s -d *.*

The NTFS file system provides applications the ability to create alternate data streams of information. By default, all data is stored in a file's main unnamed data stream, but by using the syntax 'file:stream', you are able to read and write to alternates. Not all applications are written to access alternate streams, but you can demonstrate streams very simply. First, change to a directory on a NTFS drive from within a command prompt. Next, type 'echo hello > test:stream'. You've just created a stream named 'stream' that is associated with the file 'test'. Note that when you look at the size of test it is reported as 0, and the file looks empty when opened in any text editor. To see your stream enter 'more

Re:

[ToasterMonkey]

Wait, you did a laptop migration, over the VPN? Backing up to a company file server wasn't an option?
And since the theme today is winrar, it never occurred to rar/zip your My Documents and transfer that?

Dude... you do you, but come on.

People still use

[gabrieltss]

People still use WinRAR and WinZIP?

What happened to good old tar!

tar -zcvf :) :) :)

Re:

[ebunga]

Buddy, I not only have licenses for win-rar, I also have licenses for pkzip and actually pay for maintenance.