home / help / Email
WinZip Pro and WinZip Enterprise feature

Security Considerations - WinZip Backups

Because WinZip® backups automate the use of WinZip, you should give them the same consideration you would give to any program you run on your computer. Keep the following suggestions in mind when using WinZip jobs.

Know Your Source

  • Never run a WinZip job file (.WJF extension) that is attached to email from an unknown source.
  • If an unexpected WinZip job file is attached to email from someone you know, consider verifying with the sender that the attachment is legitimate. Some viruses spread by emailing copies of themselves to everyone in the contact lists of infected computers; this means that you can receive infected files even from people you know.
  • Avoid downloading WinZip job files from untrusted web sites.

 

Of course, these guidelines don't apply only to WinZip backups--they apply equally to any type of file.

Know Your Destination

  • Edit the job file before running it, especially if you have received the job file from someone else or if you haven't run the job for a long time. To edit a job, click Edit on the Backup tab.
  • Look at where the Zip file will be created. Zip files can be created on shared locations allowing others access to the Zip file and its content.
  • Check the cloud service settings. Even though the Zip file might be created in a secure location, it could be sent to an unsecure location using a cloud service, which includes FTP.
  • Verify the logging settings. When logging is enabled, the job runs silently and logs all operations and errors to a file so the job can be run unattended. The contents of your files will not appear in a log file, but the names of the files added to the Zip file will.

Protect Your Passwords

  • Encrypting Zip files requires a password. The Job Wizard offers an option to keep the password for you so you can encrypt Zip files with jobs that run unattended. However, your password is only as secure as the access to your job file. For the security of your password, it is recommended that you use the option to prompt for a password when the job runs. For the job to run to completion, you must be present when the prompt appears in order to provide a password.

    For more information on encryption and encryption passwords, see Encryption Passwords and the password policy standards defined in the WinZip configuration.

  • Uploading Zip files to a cloud service, including FTP, will require some sort of login or a password. The Job Wizard offers an option to keep the password for you so you can upload Zip files with jobs that run unattended. However, your password is only as secure as the access to your job file. For the security of your password, it is recommended that you use the option to prompt for a password when the job runs. For the job to run to completion, you must be present when the prompt appears in order to provide a password.
  • Sending confirmation email messages may require a password. The Job Wizard offers an option to keep the password for you so you can send email confirmations for jobs that run unattended. However, your password is only as secure as the access to your job file. For the security of your password, it is recommended that you use the option to prompt for a password when the job runs. For the job to run to completion, you must be present when the prompt appears in order to provide a password.

For Your Protection

  • When you run a WinZip backup, WinZip will display a prompt offering you the option of running the job, editing the job, or canceling the operation. This gives you a chance to change your mind and examine the job file in case you are uncertain about its safety. You can disable the prompt for specific jobs by checking Don't ask me again about this job. WinZip will then run the job without prompting. However, if the job file's location or content changes, the prompt will return until you disable it again.
  • WinZip jobs only support zipping files as copies of the originals; you can't move files into the Zip file. This protects from accidental deletion of the original files.
  • To protect your system's log files, log files of other applications, and .TXT files from being overwritten, WinZip enforces a double extension (.LOG.TXT) for its own job log files.