RE: Downloading Unsigned Binary Files

  • From: "Cy" <cselfridge@xxxxxxxxxxxxx>
  • To: <jfw@xxxxxxxxxxxxx>
  • Date: Wed, 22 Dec 2004 20:20:21 -0600

Man! I am glad to see this information.
I just downloaded cdex from the jfwlite site and when I went to run it I
did get the unsigned warning...
Most interesting...
Cy, he Ancient Okie...

-----Original Message-----
From: jfw-bounce@xxxxxxxxxxxxx [mailto:jfw-bounce@xxxxxxxxxxxxx] On
Behalf Of Will Pearson
Sent: Wednesday, December 22, 2004 8:08 PM
To: jfw@xxxxxxxxxxxxx
Subject: Downloading Unsigned Binary Files


Hi;
I've just been reading a nice blog entry on www.asp.net.  It was by a
Microsoft guy, who was saying bad things about the security of Firefox.
One comment he made, was that Firefox defaults to allowing people to
download unsigned binary files.

Whilst IE will allow you to download them, it defaults to presenting a
dialog, with the "do not run" button selected.  You may be asking why
I'm writing this?  Well, security is of growing importance to us all.
We depend on our computers for more and more, yet unsigned binary files
are something most people aren't aware of.

Most of you will have seen the dialog that appears when you try to run
most of the files you download from the web, especially .exe files, if
you have Windows XP SP 2.  This dialog isn't something to be afraid of,
in fact it's doing you a favour.  Basically, it's telling you that the
web site from whom you are downloading this file, hasn't got a security
certificate.  It's providing you with that information so you can decide
whether you want to trust that source from which you are downloading
that software.  At the end of the day, it's still up to you whether you
decide you're brave enough to download it.

I was recently browsing the web when I came across someone hosting a
download of the binary executable file for Windows XP SP 2 on their web
site.  Fortunately, I didn't download it, as it stunk of malware having
not come from Microsoft, and well, I had the MSDN DVD with XP SP 2 on
it.  However, there's nothing to say that this person, who was passing
this off as the genuine file, hadn't altered it to delete all your
files, or the person they got it from hadn't done likewise.  Yup, that
sort of thing really can happen, and with any file you download from the
web.

The morale of the story is...  Well, there's actually two.  Firstly,
that dialog telling you that you're about to run unsigned files is
actually trying to prevent you from potentially installing spyware and
other types of malware onto your system.  Of course, not everything that
causes this dialog to appear, will drop spyware and malware onto your
system, but it's there to give you additional information to help you
decide on whether you trust the source of the software.  Secondly,
there's perils in that there web.  Not everything you see is as harmless
as it makes out it is.  So be vigilant in what you choose to download
and where you download it from.  Disabling any security feature in XP SP
2 isn't a great idea, they're there to help you, even if it takes a few
extra keystrokes.

Will Pearson
Microsoft MVP (Visual Developer/VC++)
--
To post a message to the list, send it to jfw@xxxxxxxxxxxxx
To unsubscribe from this mailing list, send a message to
jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line.
Archives located at: //www.freelists.org/archives/jfw

If you have any concerns about the list, post received from the list, or
the way the list is being run, do not post them to the list. Rather
contact the list owner at jfw-admins@xxxxxxxxxxxxxx

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.820 / Virus Database: 558 - Release Date: 12/20/2004
 


--
To post a message to the list, send it to jfw@xxxxxxxxxxxxx
To unsubscribe from this mailing list, send a message to 
jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line.
Archives located at: //www.freelists.org/archives/jfw

If you have any concerns about the list, post received from the list, or the 
way the list is being run, do not post them to the list. Rather contact the 
list owner at jfw-admins@xxxxxxxxxxxxxx

Other related posts: