Re: Downloading Unsigned Binary Files

  • From: "Will Pearson" <will-pearson@xxxxxxxxxxxxx>
  • To: <jfw@xxxxxxxxxxxxx>
  • Date: Thu, 23 Dec 2004 02:33:43 -0000

For anyone that's interested.  The ASP.Net blog is at:
http://weblogs.asp.net/ptorr/archive/2004/12/20/327511.aspx

Will Pearson
Microsoft MVP (Visual Developer/VC++)
----- Original Message ----- 
From: "Will Pearson" <will-pearson@xxxxxxxxxxxxx>
To: <jfw@xxxxxxxxxxxxx>
Sent: Thursday, December 23, 2004 2:07 AM
Subject: Downloading Unsigned Binary Files


> Hi;
> I've just been reading a nice blog entry on www.asp.net.  It was by a 
> Microsoft guy, who was saying bad things about the security of Firefox. 
> One comment he made, was that Firefox defaults to allowing people to 
> download unsigned binary files.
>
> Whilst IE will allow you to download them, it defaults to presenting a 
> dialog, with the "do not run" button selected.  You may be asking why I'm 
> writing this?  Well, security is of growing importance to us all.  We 
> depend on our computers for more and more, yet unsigned binary files are 
> something most people aren't aware of.
>
> Most of you will have seen the dialog that appears when you try to run 
> most of the files you download from the web, especially .exe files, if you 
> have Windows XP SP 2.  This dialog isn't something to be afraid of, in 
> fact it's doing you a favour.  Basically, it's telling you that the web 
> site from whom you are downloading this file, hasn't got a security 
> certificate.  It's providing you with that information so you can decide 
> whether you want to trust that source from which you are downloading that 
> software.  At the end of the day, it's still up to you whether you decide 
> you're brave enough to download it.
>
> I was recently browsing the web when I came across someone hosting a 
> download of the binary executable file for Windows XP SP 2 on their web 
> site.  Fortunately, I didn't download it, as it stunk of malware having 
> not come from Microsoft, and well, I had the MSDN DVD with XP SP 2 on it. 
> However, there's nothing to say that this person, who was passing this off 
> as the genuine file, hadn't altered it to delete all your files, or the 
> person they got it from hadn't done likewise.  Yup, that sort of thing 
> really can happen, and with any file you download from the web.
>
> The morale of the story is...  Well, there's actually two.  Firstly, that 
> dialog telling you that you're about to run unsigned files is actually 
> trying to prevent you from potentially installing spyware and other types 
> of malware onto your system.  Of course, not everything that causes this 
> dialog to appear, will drop spyware and malware onto your system, but it's 
> there to give you additional information to help you decide on whether you 
> trust the source of the software.  Secondly, there's perils in that there 
> web.  Not everything you see is as harmless as it makes out it is.  So be 
> vigilant in what you choose to download and where you download it from. 
> Disabling any security feature in XP SP 2 isn't a great idea, they're 
> there to help you, even if it takes a few extra keystrokes.
>
> Will Pearson
> Microsoft MVP (Visual Developer/VC++)
> --
> To post a message to the list, send it to jfw@xxxxxxxxxxxxx
> To unsubscribe from this mailing list, send a message to 
> jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line.
> Archives located at: //www.freelists.org/archives/jfw
>
> If you have any concerns about the list, post received from the list, or 
> the way the list is being run, do not post them to the list. Rather 
> contact the list owner at jfw-admins@xxxxxxxxxxxxxx
> 


--
To post a message to the list, send it to jfw@xxxxxxxxxxxxx
To unsubscribe from this mailing list, send a message to 
jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line.
Archives located at: //www.freelists.org/archives/jfw

If you have any concerns about the list, post received from the list, or the 
way the list is being run, do not post them to the list. Rather contact the 
list owner at jfw-admins@xxxxxxxxxxxxxx

Other related posts: