When downloading files from the internet, Windows automatically attaches an Alternate Data Stream (ADS) to those files. This feature enables your system to determine whether a file is suspicious and requires immediate attention or not.
What is an Alternate Data Stream?
An Alternate Data Stream is a unique feature of the New Technology File System (NTFS) of Windows. It contains metadata that is used to locate specific files by title or author. It is compatible with all Windows versions, starting with Windows 7.
In terms of security, ADSes can be seen as a potential area of concern. While they serve legitimate functions, the information they store is not readily visible to users. This lack of visibility has led to instances where ADSes have been exploited by malicious actors, although this is not their primary or intended use.
For instance, adding a word to a file’s ADS does not increase its file size or even change its functionality. Because the real intent and purpose of ADSes are not known to users, they are taken advantage of by attackers, particularly developers of rootkits.
What is a Zone.Identifier?
Recently, Windows has introduced a new ADS called Zone.Identifier. What we know so far is that it contains a small bit of information about a file, such as “[ZoneTransfer] ZoneId=3”. Based on that info, it’s impossible to tell what to expect from a file. However, according to experts, Windows can tell whether a file was downloaded from the internet or not using this Zone.Identifier.
Because this whole Zone.Identifier files on Windows is relatively new, many Windows users are surprised to see a warning message telling them that because the file is downloaded from the web, it may pose serious risks and could be harmful to the device.
It is for that reason why some choose to remove the Zone.Identifier ADS. If you are among the many Windows users who would prefer to have the Zone.Identifier ADSes removed from their devices, then read on.
How to Remove the Zone.Identifier ADS
It is easy to remove the Zone.Identifier ADS from using File Explorer. Simply right-click on the file, choose Properties, and then click Unblock File.
While this method appears to be very easy, it can be quite time-consuming, especially if you need to delete multiple Zone.Identifier ADSes. This is because you have to perform the deletion steps on each file separately. Yes, one by one.
If you wish to unblock multiple files, don’t worry because you still have another option. Just make use of the Unblock-File Powershell cmdlet.
- Open the folder where the file you want to unblock is located.
- Click on the file and choose Open Windows PowerShell Open Windows Powershell.
- Into the command line, input dir .\* | Unblock File.
At this point, you should have successfully cleared the Zone.Identifier from all the files in that specific folder.
What Actions to Take
Because the information contained in Alternate Data Streams like Zone.Identifiers remain hidden, you can never be too lax, especially when downloading files from the web. What you can do is always practice caution when online.
Here are some safety precautions you can take:
1. Use complex passwords
You’ve probably heard about this tip a hundred times before, and we’re repeating it one more time. Create a strong and unique password for all your accounts to keep your information safe. If possible, use a password manager to create strong passwords for your accounts.
2. Install anti-malware software
With anti-malware software installed on your PC, you can easily trace malicious items and remove them safely. You can also identify and delete cookies that only spy on your information and PC activities. Most importantly, you can also protect your PC from malicious objects and disable them on the spot.
3. Clean your PC
It is beneficial to clean your PC regularly to remove any suspicious items like malicious Zone.Identifiers hiding on your files and folders. Various tools can help you clear out junk files, such as user temporary files, corrupted Windows Update files, web browser cache, and more, that may impact your computer’s performance. One such example is Outbyte PC Repair. Always choose a tool that you trust, and follow the manufacturer’s instructions.
4. Keep your guard up
Stay cautious about the things you do online. Use a VPN service to encrypt your data and protect your information against the prying eyes of ISPs and government agencies. Also, back up your data regularly so you can easily recover in case something goes wrong.
5. Be smart
Do not invite danger by just carelessly downloading files online. Most online threats today are based on social engineering in which you are tricked into revealing sensitive information through click baits, online quizzes, and “free” offers. Be fully aware of these too good to be true deals and never reveal too much information.
Zone.Identifier ADS is a feature used by Windows to store information about downloaded files. While its purpose is not always apparent to everyday users, it’s not inherently malicious. However, as with many aspects of online activity, practicing caution and adhering to general cybersecurity guidelines is always advisable.