Is this possible?

[MrAlanCaboose]

Hi,

I had a bit of a lightbulb moment today. When you click on a file that you want to download from the web such as blahbleh.exe you are presented with a prompt asking where you would like to save the file. During this time that you are deciding where to save, the file downloads in the background.

This (in my eyes) is a bit of a security risk if you were to click on a link by accident, or click on a link not realizing that there is a .exe at the end.

Is there anyway to bypass this? Is it just a limitation of the browser or Windows?

[noknojon]

Hi Mr AlanC -

This can depend on your browser - Most of the time I get the option of where to save (usually desktop or My Docs) -

Many of the "auto" downloads (unless specified) will get buried in my completed downloads files until opened - in a part of My Docs (running XP SP3) -

I am not too sure with your system but I almost always get an option - If they land on desktop by default I just drag and drop into My Docs -

Not sure if this gives any real answer but that is just my observations -

Thank You -

EDIT -

If exile360 comes on later you may very well get updated on your systems setup -

[greyowl]

Mr AlanC,

I have noticed and wondered about this same issue. I know that all my downloads are filtered through Avira which catches any nasties even during this period before I designate a location for the download. So, I haven't been concerned. BTW, I use Firefox.

[YoKenny1]

A good anti virus will prevent a bad exe file from running and Windows Defender will scan a download for malware content.

I have a Folder for downloads that I keep them in and scan with MBAM or my anti virus if I suspect the download.

[mountaintree16]

Alan,

We mostly use Firefox, and I have it set to ASK us every time something is downloaded, and I have also set that download spot to the desktop. Therefore, a prompt comes up each and every time something is wanting to download, and there I can choose to download it or not.

Do you use Internet Explorer, Firefox, or something else?

Currently I am looking at switching some of my browser needs over to Orca Browser www.orcabrowser.com for increased security and such. I'll still use Firefox though for some other things. I mostly only use Internet Explorer to manually check for Windows Updates.

[exile360]

IE doesn't download the file before asking where to and whether or not to download it . It does make a connection to verify that the file is available though, something that every browser does. You can easily test this by downloading a medium size file for your connection (ie something that would normally take about 30 seconds to download) and don't click on save and just wait a minute or so, then once you click Save, if the file is already downloaded and you don't need to wait the 30 seconds then you know your browser already downloaded it, otherwise it did not .

[MrAlanCaboose]

G'morning. For clarification I use Firefox.

@exile360

Oh, good to hear IE doesn't do it. I apologize for not mentioning Firefox in my first post. I did try that little test you mentioned, I downloaded a pdf file and waited about 30s before confirming where to save it, and the file was already downloaded.

I wish I could change this, say I clicked on a rouge AV by accident, the file would download to my computer while I frantically click cancel.

-

I guess that angle of security is something I miss from sandboxing, too bad its not supported in x64.

[exile360]

While it does automatically download, it should not be able to auto-execute, which in itself would prevent actual infection and allow for your AV to scan the file before it was ever able to run. I must say I don't like that either though, I much prefer the way IE does it as it's convenient should I accidentally click the wrong link when downloading files, thus not wasting my bandwidth.

[mountaintree16]

Alan,

I have noticed that PDF's open/(download)? automatically in Firefox. I am not sure about IE; I should test one in there. If you want to actually save it to your computer, you go to the PDF file that opened up in your browser and click File, Save as...

Try Exile's test on a file other than a PDF file.

How about testing it with MBAM 1.42?

[exile360]

Good point mountaintree, PDF's are quite different because of the Adobe Reader plugin, which can be disabled from being automatically executed, but that isn't a normal file download. To test, grabbing mbam-setup.exe would be a good file .

[mountaintree16]

Thanks Exile

I wish there was a way for the browser to prompt you to open the PDF. Ah well, just gotta be careful of what's being clicky-d

[MrAlanCaboose]

@mountaintree16, fortunately/unfortunately I don't have the Adobe PDF Reader plugin, I use a program called "Foxit PDF Reader" at least I think that's what it is called. Anyways I disabled it before I downloaded the PDF so it wouldn't open.

@exile360, well I certainly feel better knowing that it will not be able to auto-execute.

-

I am further leaning towards buying MBam Pro, I just hope it doesn't have any conflicts with my AV's.

*OT, Weathered was my favorite Creed song

[mountaintree16]

@ Alan

Please see these links about Foxit and see if you still want to continue using them, although I believe they've stopped auto-adding some of the features, I would personally not use them after they pulled this stint. I had been considering switching to them but not after that. Not acceptable in my opinion.

http://www.mywot.com/en/forum/3387-foxit-r...fied-as-malware

http://hphosts.blogspot.com/2009/05/foxit-...ly-malware.html

http://www.vitalsecurity.org/2009/05/why-i...shed-foxit.html

Good that you disabled it first Anyway, did you test this with Mbam or another program that you already have that you know is safe?

Buying Mbam pro would be a GREAT choice You shouldn't have any conflicts, but if you do, you'll just need to add some exclusions:

http://www.malwarebytes.org/forums/index.php?showtopic=10138

And I know you don't use AVG, but, the exclusions should be the same:

http://www.malwarebytes.org/forums/index.p...mp;#entry167851

I love Creed Especially the Weathered album, and that song! I was sad when they broke up but I think that Stapp really lost it towards the end. Then he went solo, then they got back together recently, even though Alterbridge was formed after Creed broke up. So confusing. I'll have to read up on it all soon. I love Alterbridge and Creed, and the Goo Goo Dolls. Those are my top three favorite bands

[MrAlanCaboose]

Hmm, thanks for bringing that to my attention about the toolbar. I just uninstalled it and reinstalled with a newer version, while I had XSoft uninstaller monitoring, removed all "Ask" related stuff after the install. I wouldn't mind using Adobe Reader, it just takes forever and a half for me to download on this connection.

I did try the download test again with MBam, clicked the DL link, waited 30s as I chose my download location, clicked save and boom it was already downloaded. Hmm, maybe this is something Firefox can look into in the future for enhanced security, especially with all these drive-by downloads happening.

*OT, Alterbridge is awesome, just discovered them a few weeks ago.

[mountaintree16]

You're welcome, Alan

Glad that you ridded your system of the unnecessary add-ons

Oh, I see. May I ask what kind of a connection you have? Or do you mean that the Adobe download it self takes forever?

Hmm. Doesn't sound right. Well, if you hit save, it should download. I'll show a screen shot of my setup when I get home of my Firefox setup as far as downloads, and you can see what I have set up, and what happens when I try to download something. Maybe you don't have a setting right?

Tell me what your setup is like, and then you can compare it to my set up when I post it for you, and I can tell you exactly what mine does too. I don't think I am clear on what you mean here though, I'll re-read through this thread again when I have a sec.

Yes, they are I love love their music hehe.

Edit: Oh, OT means off topic hehe. I wasn't sure what that meant at first.

[exile360]

Firefox's built in download manager is the issue. It's a feature many can't do without but I despise it myself. I like manually selecting where I wish to save a file and to initiate the download myself.

[MrAlanCaboose]

Last time I tried to download Adobe Reader, the file was so big I gave up. Currently I have a 1MB/s Comcast cable connection, which is split wireless 4 ways via a router.

Perhaps I can figure out someway to create a .gif animation to show you what happens. A video would take quite a while to upload.

[MrAlanCaboose]

Sorry exile360, I was writing just as you posted.

-

Ah so it is Firefox's download manager? Hmm, that'll be something for me to look into.

[mountaintree16]

@ Exile

I have mine set up to download to the desktop, but prior to download I am asked if I want to download or not and from there I can save to the desktop or I can choose where to save the file (aside from PDF files)

What do you mean about the download manager, I am a bit confused.

@ Alan

Ah, I see. Yeah, Adobe Reader is a pretty big file. If you have a friend with a known clean machine and a faster internet connection, an option for downloading large files might be to use their computer and save the setup to a flash drive.

[exile360]

Yes, you can select where to save them but they are already downloaded into your temp folder waiting to be copied to the location of your choice. The download manager is the little window that shows all of your current and past downloads.

[mountaintree16]

@ Exile

Oh, okay. I know what the download manager is, but I wasn't quite sure what you meant by the other thing.

So even before I hit download or before I hit save after choosing download, its already downloaded into a temp folder? Is that what you're saying here?

[exile360]

Based on MrAlanCaboose's test, yes, that's what I'm saying. I don't personally use Firefox so I can't confirm the behavior, but you may if you wish using the same test I recommended for him.

[mountaintree16]

Ah, I see.

I will definitely test this out as soon as possible, Exile. Thanks

[MrAlanCaboose]

they are already downloaded into your temp folder waiting to be copied to the location of your choice

Exactly what I was trying to say, I guess I'm just to brain-dead at the moment haha

Cheers!

[exile360]

Not only were you trying to say that, you did say it . That's why I told the same to mountaintree . I know it's different with PDF's because of the Adobe Reader plugin, but you said it did it with normal files (such as exe's) as well, so I made the assumption that this is how it was working, which I wouldn't appreciate too much either, at least from a bandwidth/diskspace waste standpoint if not a security one.