August 14th, 2003, 11:19 PM
Auto-Download Security Risk
For some unknown reason, when I attempt to download a file (by clicking the link), IE will automatically download it, without even asking my permission, and worse of all, OPEN the file! Now, I need not go into detail about the serious repercussions of auto downloading. This is a serious security risk to my computer.
For example, an AO member posted a msblaster fix, and when I clicked the hyperlink, it automatically downloaded, and proceeded to open winzip! Now, what if that was the actual msblaster worm? See where Im getting at?
Thanks for your help.
It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.
August 14th, 2003, 11:25 PM
Okay.. had the same problem... follow the directions:
Folder Options ---> File Types ---> File Type In Question ---> Advanced ---> 'Confirm open after download' ---> Make sure its checked.
That should do it...
August 15th, 2003, 12:38 AM
Hi Showtime8000, it sounds as if your browser is not properly patched to protect you against Content-Disposition and Content-Type MIME Header vulnerabilities.
More info can be obtained here: http://www.microsoft.com/technet/tre...n/MS01-058.asp
As well as here: http://www.securityfocus.com/advisories/3744
The only workaround is to install the security patch from Microsoft (this may or may not fix the problem). A more direct yet temporary approach would be to disable all file downloads from within IE's custom security options, and re-enable the file downloads option only when you need to download a file. This however will not protect you from more complex exploits.
Hope this helps!