If you thought that adding a password to an archive file before uploading it to the cloud would prevent third parties from accessing the content, we have bad news. Microsoft It would searching for malware in the protected ZIP archives that users send to services such as Sharepoint or Microsoft 365. Andrew Brandt, a security researcher at Sophos, confirmed this when he discovered that the technology blocked access to documents in his account.
Brandt shared a screenshot showing the warning that one of the encrypted documents contains malware. “Apparently, Microsoft Sharepoint now has the ability to scan inside password protected files“, said on his Mastodon profile. “This morning, I found out that a couple of password-protected Zips are marked as ‘Malware Detected,’ which limits what I can do with those files; they’re basically dead space now,” he said.
According to Kevin Beaumount, a cybersecurity analyst, Microsoft uses a list of popular passwords or extracts them from the body of the email. In the case of the Brandt files, the password and “infected”, so the system accessed the content and detected the malware. Previously, the researcher had backed up malicious files to OneDrive, only to discover that the service blocked them in the cloud and removed them from his computer.
The head of Sophos X-Ops believes that the practice of scanning password-protected files is intrusion. Brandt indicated that this will become a big problem for security analysts who need to send malware samples to their colleagues. Although sharing this type of content via Sharepoint is not recommended, the event opened a Pandora’s box and some users wonder if Microsoft went too far.
Protection against malware or invasion of Microsoft privacy?
Scanning for malware is something that has been implemented in email and cloud storage services for a few years now. Some researchers commented that the practice of reviewing files protected with weak passwords is common. “Malicious actors use OneDrive/Sharepoint to share malware, so it’s good for the consumer if it’s inspected,” Beaumont said.
However, some consider it an invasion of privacy. “Here you are crossing the line of ethics a bit when they start breaking into files and archives under the guise of security,” the user said. USB Type-Steve.
To date, Microsoft has not issued a position on these facts, while Google said to ArsTechnica that do not scan password protected files.
Sometimes emails have attachments that include malware that traditional antivirus programs don’t detect. To identify these threats, Gmail can scan or run attachments in a virtual environment called a “security sandbox.” Attachments identified as threats are sent to the recipient’s Spam folder.
The Google Workspace website offers information about the methodology that Gmail uses to carry out its analysis. File types that are sent to the sandbox include Microsoft executables, Office documents or PDFs, as well as ZIP or RAR archives.