BW Online | August 10, 2004 | Windows of Vulnerability No More? "Many of the most significant changes in SP2 affect the Internet Explorer Web browser, which has emerged as the source of Windows' most serious vulnerabilities. IE was designed to make it very simple and convenient for Web sites to download programs to Windows PCs. But the mechanisms designed to keep such downloads safe have proved hopelessly inadequate, and the bad guys have found all sorts of ways to take advantage of the vulnerabilities to deposit spyware, Trojan horses, and assorted other nastiness onto PCs, sometimes without requiring any action by the user.
WARNING SIGNS. The new browser, which is only available for Windows XP and only as part of SP2, behaves very differently. It starts by blocking any attempt by a Web site to download to a PC any file other than an image or a sound that's part of the Web page itself unless the user has explicitly requested the data. Instead of delivering the file, IE beeps and puts up a notification just below the toolbar saying "To help protect your security, Windows Explorer has blocked this site from downloading software to your computer. Click here for options." When you click, you can tell IE to proceed with the download. If the file is a program, you will then be asked if you want to run it or, in some cases, whether you want to save it to disk. You will face a third level of challenge if Windows cannot determine that the software was digitally signed using a valid digital certificate."