Smart downloading

Downloading files from the Internet can feel like playing a game of chance. You never know when you're going to encounter that file that damages your system. While the possibility of that happening is relatively slim, getting to know some of the security features in Internet Explorer 5.5 will help you make informed decisions and avoid putting your computer at risk.

To run from the current location or to save to disk?
When you do decide to download something from the Web, you will see a box like the one below.

Usually, the best option is to save the program or file to disk, then run or open it when you are no longer connected to the Web. This way, you can do the following before opening the file or running the program:

·                         Use your virus scanner to check that the file is virus-free.

·                         Save your work and close all your open programs.

·                         Disconnect from the Internet or other network connections.

For many types of files, you can ensure the most security by selecting the Always ask before opening check box. If you trust that a certain file type is always safe to open or run directly from the Internet, you can clear this check box.

Note   The Always ask before opening check box is not available for some file types, such as files with the extensions .exe or .com, which run programs or commands. When this check box is not available, you will always be asked before opening this type of file.

Some Web sites will suggest that you run files from the current location when downloading. When you choose to run from the current location, the file is downloaded to a temporary location on your computer, and then you are presented with a digital certificate that gives information about the software publisher. On the certificate dialog box, you can choose if you want to run or open the file, based on the information presented. For certain types of files this is a good option, and thanks to Microsoft Authenticode technology, you can make informed decisions about downloading this way.

What Internet Explorer does: Authenticode technology
Internet Explorer 5.5 uses Authenticode technology to verify if a downloadable program comes from a reliable source. Though it cannot guarantee that you will never download a harmful or malicious program, it does substantially reduce the risk.

Authenticode is based on digital certificates. When you buy software in a store, all the information about who published the product is on the packaging. When you download a piece of software from the Web, that information is not readily visible. Digital certificates act as the digital "shrink-wrap" on a piece of software.

To get a digital certificate, a software provider must apply for credentials through a certificate authority, such as VeriSign. The certificate authority evaluates the publisher, and then assigns credentials based on that evaluation. You still decide whether you want to download the software, but you have the added assurance that an authoritative body has given it some recognition.

Once credentials are obtained, a publisher can then attach a certificate to a piece of software, and make it available for download. If you choose to run the file from its current location, the certificate appears, assuring you that the software has not been tampered with since it left the hands of the publisher.

Before you download, Authenticode checks:

·                         That the program has a valid certificate.

·                         That the identity of the software publisher matches the certificate.

·                         That the certificate is still valid.

If the software has a valid certificate, Internet Explorer 5.5 will display certificate information, such as the name of the software publisher, whether the publisher is an individual or a corporation, and the date the certificate expires. Based on these facts, you can make an informed decision about whether you want to download.

If you see a message that tells you a piece of software does not have a valid certificate, it is also up to you to decide whether you trust the publisher enough to download the software.

Don't play games with your computer's safety. Pay attention to certificate validations, keep tabs on how your security zones are configured, and be sure you trust what you are downloading before you do it.