Re: Downloading Unsigned Binary Files
- From: "david poehlman" <david.poehlman@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: <jfw@xxxxxxxxxxxxx>
- Date: Wed, 22 Dec 2004 21:36:26 -0500
boy, I will ask this then, how much does it cost to sign an appand how safe
are signed apps?
Johnnie Apple Seed
----- Original Message -----
From: "Will Pearson" <will-pearson@xxxxxxxxxxxxx>
To: <jfw@xxxxxxxxxxxxx>
Sent: Wednesday, December 22, 2004 9:07 PM
Subject: Downloading Unsigned Binary Files
Hi;
I've just been reading a nice blog entry on www.asp.net. It was by a
Microsoft guy, who was saying bad things about the security of Firefox. One
comment he made, was that Firefox defaults to allowing people to download
unsigned binary files.
Whilst IE will allow you to download them, it defaults to presenting a
dialog, with the "do not run" button selected. You may be asking why I'm
writing this? Well, security is of growing importance to us all. We depend
on our computers for more and more, yet unsigned binary files are something
most people aren't aware of.
Most of you will have seen the dialog that appears when you try to run most
of the files you download from the web, especially .exe files, if you have
Windows XP SP 2. This dialog isn't something to be afraid of, in fact it's
doing you a favour. Basically, it's telling you that the web site from whom
you are downloading this file, hasn't got a security certificate. It's
providing you with that information so you can decide whether you want to
trust that source from which you are downloading that software. At the end
of the day, it's still up to you whether you decide you're brave enough to
download it.
I was recently browsing the web when I came across someone hosting a
download of the binary executable file for Windows XP SP 2 on their web
site. Fortunately, I didn't download it, as it stunk of malware having not
come from Microsoft, and well, I had the MSDN DVD with XP SP 2 on it.
However, there's nothing to say that this person, who was passing this off
as the genuine file, hadn't altered it to delete all your files, or the
person they got it from hadn't done likewise. Yup, that sort of thing
really can happen, and with any file you download from the web.
The morale of the story is... Well, there's actually two. Firstly, that
dialog telling you that you're about to run unsigned files is actually
trying to prevent you from potentially installing spyware and other types of
malware onto your system. Of course, not everything that causes this dialog
to appear, will drop spyware and malware onto your system, but it's there to
give you additional information to help you decide on whether you trust the
source of the software. Secondly, there's perils in that there web. Not
everything you see is as harmless as it makes out it is. So be vigilant in
what you choose to download and where you download it from. Disabling any
security feature in XP SP 2 isn't a great idea, they're there to help you,
even if it takes a few extra keystrokes.
Will Pearson
Microsoft MVP (Visual Developer/VC++)
--
To post a message to the list, send it to jfw@xxxxxxxxxxxxx
To unsubscribe from this mailing list, send a message to
jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line.
Archives located at: //www.freelists.org/archives/jfw
If you have any concerns about the list, post received from the list, or the
way the list is being run, do not post them to the list. Rather contact the
list owner at jfw-admins@xxxxxxxxxxxxxx
--
To post a message to the list, send it to jfw@xxxxxxxxxxxxx
To unsubscribe from this mailing list, send a message to
jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line.
Archives located at: //www.freelists.org/archives/jfw
If you have any concerns about the list, post received from the list, or the
way the list is being run, do not post them to the list. Rather contact the
list owner at jfw-admins@xxxxxxxxxxxxxx
Other related posts:
