Dealing with Automatic Downloads In Windows XP


Some Web pages are designed to initiate downloads automatically when you navigate to the page in your browser. In some cases, the page designer’s intent is to be helpful by supplying download or installation instructions on the page and only asking the user to approve the download. However, this tactic can be abused by unscrupulous Web site owners who display a download dialog box and use the text on the underlying page to convince the user that a potentially harmful program is actually benign. If the user tries to cancel the dialog box, it may pop back up repeatedly—a “social engineering” trick designed to confuse the visitor into clicking OK to get rid of the annoying prompts.

Automatic downloads are blocked by new security features in SP2. When you encounter a page in the Internet zone that tries to “force” a download that the user has not initiated by clicking on a page element, the following message appears in the Information Bar: “To help protect your security, Internet Explorer blocked this site from downloading files to your computer. Click here for options….”

If you didn’t intend to download a file, you can safely ignore the prompt, and it won’t be repeated—SP2 limits download prompts to once per page access. If you want to download the file, click or right-click the Information Bar and choose Download File. This action eliminates the block; you can then proceed with the download as described in the previous section.

Note that if you download a data file (an MP3 file or a Word document, for example), a program (a shareware product, for example), or a helper application (an accessory, such as Adobe Reader, that assists Internet Explorer in rendering a particular kind of content), you are given the choice between saving the item to disk and installing or running it. To be safe, you should always save and scan, rather than installing or running directly.