boy, I will ask this then, how much does it cost to sign an appand how safe are signed apps? Johnnie Apple Seed ----- Original Message ----- From: "Will Pearson" <will-pearson@xxxxxxxxxxxxx> To: <jfw@xxxxxxxxxxxxx> Sent: Wednesday, December 22, 2004 9:07 PM Subject: Downloading Unsigned Binary Files Hi; I've just been reading a nice blog entry on www.asp.net. It was by a Microsoft guy, who was saying bad things about the security of Firefox. One comment he made, was that Firefox defaults to allowing people to download unsigned binary files. Whilst IE will allow you to download them, it defaults to presenting a dialog, with the "do not run" button selected. You may be asking why I'm writing this? Well, security is of growing importance to us all. We depend on our computers for more and more, yet unsigned binary files are something most people aren't aware of. Most of you will have seen the dialog that appears when you try to run most of the files you download from the web, especially .exe files, if you have Windows XP SP 2. This dialog isn't something to be afraid of, in fact it's doing you a favour. Basically, it's telling you that the web site from whom you are downloading this file, hasn't got a security certificate. It's providing you with that information so you can decide whether you want to trust that source from which you are downloading that software. At the end of the day, it's still up to you whether you decide you're brave enough to download it. I was recently browsing the web when I came across someone hosting a download of the binary executable file for Windows XP SP 2 on their web site. Fortunately, I didn't download it, as it stunk of malware having not come from Microsoft, and well, I had the MSDN DVD with XP SP 2 on it. However, there's nothing to say that this person, who was passing this off as the genuine file, hadn't altered it to delete all your files, or the person they got it from hadn't done likewise. Yup, that sort of thing really can happen, and with any file you download from the web. The morale of the story is... Well, there's actually two. Firstly, that dialog telling you that you're about to run unsigned files is actually trying to prevent you from potentially installing spyware and other types of malware onto your system. Of course, not everything that causes this dialog to appear, will drop spyware and malware onto your system, but it's there to give you additional information to help you decide on whether you trust the source of the software. Secondly, there's perils in that there web. Not everything you see is as harmless as it makes out it is. So be vigilant in what you choose to download and where you download it from. Disabling any security feature in XP SP 2 isn't a great idea, they're there to help you, even if it takes a few extra keystrokes. Will Pearson Microsoft MVP (Visual Developer/VC++) -- To post a message to the list, send it to jfw@xxxxxxxxxxxxx To unsubscribe from this mailing list, send a message to jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line. Archives located at: //www.freelists.org/archives/jfw If you have any concerns about the list, post received from the list, or the way the list is being run, do not post them to the list. Rather contact the list owner at jfw-admins@xxxxxxxxxxxxxx -- To post a message to the list, send it to jfw@xxxxxxxxxxxxx To unsubscribe from this mailing list, send a message to jfw-request@xxxxxxxxxxxxx with the word unsubscribe in the subject line. Archives located at: //www.freelists.org/archives/jfw If you have any concerns about the list, post received from the list, or the way the list is being run, do not post them to the list. Rather contact the list owner at jfw-admins@xxxxxxxxxxxxxx