1

This question is linked to my post https://stackoverflow.com/questions/13721254/downloading-file-and-internet-security-issue however this is more abstract.

Consider the following:

Website "www.example.com" added to trust zone.

  1. Navigate to a website using internet explorer, download a file (No problem)
  2. run application as administrator, the application navigates to the web site, download a file ( Windows Internet Explorer blocked this site from downloading)

What is the different between 1 and 2? For me, Internet Explorer runs under admin rights and the application as well. Then why does Internet Explorer block the file from downloading via the application?

Improve this question
0

1 Answer 1

Reset to default
1

For one thing, the application layer here adds an additional level of risk.

In option #1 to modify the file itself, a potential attacker will need to have access to your data structure.

In option #2 the attacker may also harm you by modify the application itself (injecting it so it will send you a wrong/harmful file instead) which is somewhat easier to do than to gain full access to the websites files. (generally speaking)

I see your point. Granted, both options are somewhat risky, but the second one is simply more "hacker prone".

In the end, this boils down to risk management and calculated chances.

Finally, for executable files, IE should provide a warning - one way or another.

I stopped using IE several years ago, so maybe I wrong about this... Still, FF and Chrome will warn you, even if its "just" PDF.

Improve this answer

You must log in to answer this question.