Mark of the Web (MOTW) Support Among Zip Utilities
What happens to the Mark of the Web when you extract files from a downloaded .zip file? It depends on what you use to do the extraction.
Microsoft announced recently that it would start blocking all VBA code from running in Office documents downloaded from the internet:
Mike Wolfe
It does this through the so-called "Mark of the Web" (MOTW), which is added to documents via the Alternate Data Stream available on NTFS-formatted drives. I wrote about the details of how this works here.
The Role of Zip Files
When you download an archive file (such as a .zip file) from the internet, the MOTW is applied to the .zip file itself. When you extract the contents of the archive, the MOTW may or may not be transferred to the extracted files.
Whether or not the MOTW gets transferred to files extracted from .zip archives is an implementation detail of the utility you use to perform the extraction.
In light of Microsoft's new, more restrictive approach to handling files tagged with the Mark of the Web, system administrators will want to know which archive utilities will maintain the MOTW and which ones will not. Luckily for us, Nobutaka Mantani has compiled such a list for us over on Github: Comparison of MOTW (Mark of the Web) propagation support of archiver software for Windows.
As of publication (2022-06-08), the following Zip utilities preserve the MOTW:
Be sure to check out Nobutaka's Github page for up-to-date information, as well as a full list of other zip utilities that DO NOT propagate the MOTW.
What About 7-Zip?
One of the most popular open source archive utilities is 7-Zip (it's on my own list of recommended tools).
You might have noticed that 7-Zip is conspicuously absent from the above list. Apparently, that's not going to be changing any time soon. Igor Pavlov, the 7-Zip lead developer and maintainer, is just not that into it:
Tell us what you really think, Igor. 😂
Referenced articles
Mike Wolfe
External references
nmantani
