Results 1 to 3 of 3
  1. #1
    Senior Member
    Join Date
    Aug 2002

    Question Auto-Download Security Risk

    Hey guys,

    For some unknown reason, when I attempt to download a file (by clicking the link), IE will automatically download it, without even asking my permission, and worse of all, OPEN the file! Now, I need not go into detail about the serious repercussions of auto downloading. This is a serious security risk to my computer.

    For example, an AO member posted a msblaster fix, and when I clicked the hyperlink, it automatically downloaded, and proceeded to open winzip! Now, what if that was the actual msblaster worm? See where Im getting at?

    Thanks for your help.
    It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.

    Hit it!

  2. #2
    Join Date
    Mar 2002
    Okay.. had the same problem... follow the directions:

    Folder Options ---> File Types ---> File Type In Question ---> Advanced ---> 'Confirm open after download' ---> Make sure its checked.

    That should do it...


  3. #3
    Junior Member
    Join Date
    Mar 2003
    Hi Showtime8000, it sounds as if your browser is not properly patched to protect you against Content-Disposition and Content-Type MIME Header vulnerabilities.

    More info can be obtained here: http://www.microsoft.com/technet/tre...n/MS01-058.asp

    As well as here: http://www.securityfocus.com/advisories/3744

    The only workaround is to install the security patch from Microsoft (this may or may not fix the problem). A more direct yet temporary approach would be to disable all file downloads from within IE's custom security options, and re-enable the file downloads option only when you need to download a file. This however will not protect you from more complex exploits.

    Hope this helps!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.