Smart
downloading
by Molly
Dempsey
 Downloading files from the Internet can feel like
playing a game of chance. You never know when
you're going to encounter that file that damages your
system. While the possibility of that happening is
relatively slim, getting to know some of the security
features in Internet Explorer 5 will help you make
informed decisions and avoid putting your computer at
risk.
To
run from the current location or to save to disk?
When you do decide to
download something from the Web, you will see a box like
the one below.
Usually, the best option is to
save the program or file to disk, then run or open it
when you are no longer connected to the Web. This
way, you can do the following before opening the file or
running the program:
-
Use your virus scanner to
check that the file is virus-free.
-
Save your work and close
all your open programs.
-
Disconnect from the
Internet or other network connections.
For many types of files, you can
ensure the most security by selecting the Always ask before opening
check box. If you trust that a certain file type is
always safe to open or run directly from the Internet,
you can clear this check box.
Some Web sites will suggest that
you run files from the current location when
downloading. When you choose to run from the current
location, the file is downloaded to a temporary location
on your computer, then you are presented with a digital
certificate that gives information about the software
publisher. On the certificate dialog box, you
can choose if you want to run or open the file,
based on the information presented. For
certain types of files this is a good option, and thanks
to Microsoft Authenticode technology, you can make
informed decisions about downloading this way.
What Internet Explorer does: Authenticode
technology
Internet
Explorer 5 uses Authenticode technology to verify if a
downloadable program comes from a reliable source.
Though it cannot guarantee that you will never download
a harmful or malicious program, it does substantially
reduce the risk.
Authenticode is based on digital
certificates. When you buy software in a store, all the
information about who published the product is on the
packaging. When you download a piece
of software from the Web, that information is not
readily visible. Digital certificates act as the digital
"shrink-wrap" on a piece of
software.
To get a digital certificate, a software
provider must apply for credentials through a certificate authority,
such as VeriSign. The certificate authority
evaluates the publisher, then assigns credentials based
on that evaluation. You still decide whether you want to
download the software, but you have the added assurance
that an authoritative body has given it some
recognition.
Once credentials are obtained, a
publisher can then attach a certificate to a piece of
software, and make it available for download. If you
choose to run the file from its current location,
the certificate appears, assuring you that the
software has not been tampered with since it left the
hands of the publisher.
Before you download,
Authenticode checks:
- that the program has a
valid certificate;
- that the identity of the
software publisher matches the certificate; and
- that the certificate is
still valid.
If the software has a valid
certificate, Internet Explorer 5 will display
certificate information, like the name of the software
publisher, whether the publisher is an individual or a
corporation, and the date the certificate expires.
Based on these facts, you can make an informed decision
about whether you want to download.
 If you see a message that tells you that a
piece of software does not
have a valid certificate, it is also up to you to decide
if you trust the publisher enough to download the
software.
So don't play games with your
computer's safety. Pay attention to certificate
validations, keep tabs on how your security zones are
configured, and be sure you trust what you are
downloading before you do it.
Molly Dempsey always practices safe
downloading.
|
Windows 98 Home