Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to vicks
Re: Firefox 3 honors Windows Security Zones...
said by vicks :said by Cudni  :it is good to be sure, what happens when you click to download .exe in FF 2 ? You didn't understand what is Windows Security Zone.  Try these steps: 1. download an exe with Firefox 2 2. save to disk 3. run it result: when you run it, no warning is shown because the file has not marked by an alternate data stream Since XP SP2, Internet Explorer 6 marks all downloaded files by an alternate data stream which tells it comes from Internet zone and so Windows shows this warning:  What about those of us who have a Shell extension that removes ALL Alternate Data Streams? I would never allow any ADS on any file. I immediately right click check any file I download for ADS and the extension removes the ADS. Viruses and other crap can hide in ADS. Why would Microsoft be so stupid as to use a known hiding place for malware to mark a file? UGH. (I don't know if the Shell extension works on Vista. I think I will try and see. I have downloaded almost nothing to Vista. I just grab from the network what I need).
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| reply to vicks
said by vicks :You didn't understand what is Windows Security Zone. Try these steps: 1. download an exe with Firefox 2 2. save to disk 3. run it result: when you run it, no warning is shown because the file has not marked by an alternate data stream I understood perfectly which is the part you missed
Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008 |
|
vicks
@anonymouse.org
| reply to Cudni
said by Cudni :it is good to be sure, what happens when you click to download .exe in FF 2 ? You didn't understand what is Windows Security Zone.
Try these steps:
1. download an exe with Firefox 2
2. save to disk
3. run it
result: when you run it, no warning is shown because the file has not marked by an alternate data stream
Since XP SP2, Internet Explorer 6 marks all downloaded files by an alternate data stream which tells it comes from Internet zone and so Windows shows this warning:
|
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire | reply to vicks
it is good to be sure, what happens when you click to download .exe in FF 2 ?
Cudni |
|
vicks
@anonymouse.org
| reply to Cudni
said by Cudni :are you sure? yes I'm sure. All downloads in Firefox 2 are NOT marked with an alternated data stream (Windows Security Zones), so when the user clicks on an exe saved by Firefox 2, no warning is received. This feature is just added only with Firefox 3.0. IE6 has this feature since WinXP SP2 Mozilla is in late!!!!!!!!!!!!!!!!!!!!!!! |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to vicks
Yeah...that is Fx3 going backwards. In earlier versions you could not run it rather your ONLY choice was to download to disk in the obvious hope that the user would then scan it with their AV before running it. I suppose Fx3 changed it because the user's AV will be forced to scan it by Fx after downloading and before running. Of course, the user will just turn that off in preferences ...just as they ran it after downloading to disk in earlier versions without having their AV scan it.
You can lead a horse to water but you can't force it to drink. Same with people. I don't think any of this "forcing" should be happening. None of these things should be by default. (I recall all the brouhaha surrounding the decision some time ago to force download to disk and I was against it. I think folks should be able to choose to poison themselves if they want). There should be lots of options and then users should choose the ones they want because they are going to do that anyway. You cannot force security on users. That doesn't work. All you do is end up creating "hackers" or you lose market share as most people resent being forced to do something they don't like.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire
| reply to vicks
said by vicks :... Mozilla added this warning just a few days ago with Firefox 3 release. Mozilla is in late!!!! are you sure? FF 3.0 first version you are using?
Cudni
--
"Mercifully, he hit him with the soft end of the pistol."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2008 |
|
vicks
@anonymouse.org
| reply to Mele20
said by Mele20 : IE has always been very unsafe as far as downloads go as you can RUN the download. Since Windows XP SP2, when you run a file downloaded via IE6, the user receives a warning about it...
... Mozilla added this warning just a few days ago with Firefox 3 release. Mozilla is in late!!!! |
|
