Downloading Unsigned Binary Files

  • From: "Will Pearson" <will-pearson@xxxxxxxxxxxxx>
  • To: <jfw@xxxxxxxxxxxxx>
  • Date: Thu, 23 Dec 2004 02:07:34 -0000

Hi;
I've just been reading a nice blog entry on www.asp.net.  It was by a Microsoft 
guy, who was saying bad things about the security of Firefox.  One comment he 
made, was that Firefox defaults to allowing people to download unsigned binary 
files.

Whilst IE will allow you to download them, it defaults to presenting a dialog, 
with the "do not run" button selected.  You may be asking why I'm writing this? 
 Well, security is of growing importance to us all.  We depend on our computers 
for more and more, yet unsigned binary files are something most people aren't 
aware of.

Most of you will have seen the dialog that appears when you try to run most of 
the files you download from the web, especially .exe files, if you have Windows 
XP SP 2.  This dialog isn't something to be afraid of, in fact it's doing you a 
favour.  Basically, it's telling you that the web site from whom you are 
downloading this file, hasn't got a security certificate.  It's providing you 
with that information so you can decide whether you want to trust that source 
from which you are downloading that software.  At the end of the day, it's 
still up to you whether you decide you're brave enough to download it.

I was recently browsing the web when I came across someone hosting a download 
of the binary executable file for Windows XP SP 2 on their web site.  
Fortunately, I didn't download it, as it stunk of malware having not come from 
Microsoft, and well, I had the MSDN DVD with XP SP 2 on it.  However, there's 
nothing to say that this person, who was passing this off as the genuine file, 
hadn't altered it to delete all your files, or the person they got it from 
hadn't done likewise.  Yup, that sort of thing really can happen, and with any 
file you download from the web.

The morale of the story is...  Well, there's actually two.  Firstly, that 
dialog telling you that you're about to run unsigned files is actually trying 
to prevent you from potentially installing spyware and other types of malware 
onto your system.  Of course, not everything that causes this dialog to appear, 
will drop spyware and malware onto your system, but it's there to give you 
additional information to help you decide on whether you trust the source of 
the software.  Secondly, there's perils in that there web.  Not everything you 
see is as harmless as it makes out it is.  So be vigilant in what you choose to 
download and where you download it from.  Disabling any security feature in XP 
SP 2 isn't a great idea, they're there to help you, even if it takes a few 
extra keystrokes.

Will Pearson
Microsoft MVP (Visual Developer/VC++)
--
To post a message to the list, send it to jfw@xxxxxxxxxxxxx
To unsubscribe from this mailing list, send a message to 
jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line.
Archives located at: //www.freelists.org/archives/jfw

If you have any concerns about the list, post received from the list, or the 
way the list is being run, do not post them to the list. Rather contact the 
list owner at jfw-admins@xxxxxxxxxxxxxx

Other related posts: