According to Ars Technica, Microsoft has started to examine password-secured ZIP folders in order to detect malware and other malicious software. However, not all users are satisfied with this practice. According to Dan Goodin, a number of people who use Mastodon, including experts in cybersecurity, have verified that the latest antivirus software also includes examining Zip files to discover or detect any such potentially harmful material without the user’s consent.
The step was taken as cyber attackers would target such protected files to install malicious software either through spam messages or emails. And since these protected files are not analyzed by the security analysts, the malware would go undetected.
The website claims that while a number of users already knew about this, others had no idea that their protected files were also being searched. Andrew Brandt, a cybersecurity expert, was not happy with the idea. According to him, it was difficult for him to share such malicious files with his colleagues for research purposes, but Microsoft would not allow him to do so. He further explained that sometimes it is important to share such content in order to do their jobs, but since Microsoft keeps making it difficult for him, it affects their work.
Similarly, Kevin Beaumont, another expert in the field, sheds some light on the scanning process employed by Microsoft. He revealed that the company’s scanning mechanism goes beyond SharePoint and scans all the data present on the Microsoft 365 cloud. He added that there are a number of ways to inspect such files. One of the methods includes analyzing the accompanying emails to find the passwords for the protected files, as a number of users would add the passwords for the zip folder along with the attachment in the email.
Users may find it unexpected, but according to ArsTechnica, protected Zip files do not guarantee strong protection and can easily be bypassed. The website suggested alternative programs that could offer strong protection for the archived content.
Read next: Global Data Breach Statistics In Focus: Where Do The Trends Stand In 2023?
The step was taken as cyber attackers would target such protected files to install malicious software either through spam messages or emails. And since these protected files are not analyzed by the security analysts, the malware would go undetected.
The website claims that while a number of users already knew about this, others had no idea that their protected files were also being searched. Andrew Brandt, a cybersecurity expert, was not happy with the idea. According to him, it was difficult for him to share such malicious files with his colleagues for research purposes, but Microsoft would not allow him to do so. He further explained that sometimes it is important to share such content in order to do their jobs, but since Microsoft keeps making it difficult for him, it affects their work.
Similarly, Kevin Beaumont, another expert in the field, sheds some light on the scanning process employed by Microsoft. He revealed that the company’s scanning mechanism goes beyond SharePoint and scans all the data present on the Microsoft 365 cloud. He added that there are a number of ways to inspect such files. One of the methods includes analyzing the accompanying emails to find the passwords for the protected files, as a number of users would add the passwords for the zip folder along with the attachment in the email.
Users may find it unexpected, but according to ArsTechnica, protected Zip files do not guarantee strong protection and can easily be bypassed. The website suggested alternative programs that could offer strong protection for the archived content.
Read next: Global Data Breach Statistics In Focus: Where Do The Trends Stand In 2023?
