Microsoft is scanning the inside of password-protected zip files for malware

Thanks for the compliment.

What ticked me off about this whole situation is that I have actually done this myself once or twice before. I had to send some confidential documents to a family member, and I did not want the email service scanners from auto scanning those documents looking for ad placement, so I put them in an encrypted archive, emailed them, and then sent the password in a separate email. I didn't for one second think that someone from the email company could stoop this low to intercept the password from the second email to peruse the contents of the first email. I mean... is nothing sacred anymore!

Now that I know, I will be very careful next time.

 

Good to know. Thanks for sharing that. I know you have to be careful of what you send through Skype as well.

 

It's ****** up. In the old days (my youth) people would go to prison for this.

 

Another thought: is there any line to draw if Microsoft is allowed to do this?

My employeer has a policy of encrypting e-mails send to 3rd party partners by S/MIME. Within a company you can use non-E2EE e-mails. Is Microsoft allowed to do MitM attacks on those E2E encrypted e-mails?

 

True story but they made sure early on that email would not get the same privacy protections as postal mail.

 

I believe they have support in their conditions of use. Something like they're allowed to do whatever is necessary to protect whatever.

 

And then companies wonder why we don't trust them...

 

They don't wonder why we don't trust them; they just don't care.

 

As long as they have millions of sold licences of OS, office etc. and millions of users on subscription they don't need to change anything in this regard. They act from a position of power.

 

It has been awhile since I have posted or for that matter even been on Wilders. What is exceptionally disturbing about this practice is if one protects good keygens and good cracks in archived form this presents certain problems. What if one could not stop virus scanners from scanning within archives? False positives etc. You all know the drill. I don't think I have to go any further.