If the user chooses to Run the executable,
the application is checked for a valid and recognizable digital signature, and by default, a
secondary security dialog is presented to the user to show the status of any digital signature, enabling
a more informed decision to be made. If there is no digital signature, or the signature has been
tampered with, or the certificate used to sign the application was not issued by a trusted Certificate
Authority, a warning dialog is presented indicating this:
If a valid digital signature on the .exe is found, an appropriate
dialog indicating this is shown:
This secondary dialog, based on results of a digital signature analysis of the downloaded application, is by default enabled in XP SP2 by the Internet Explorer setting:
Unfortunately, in W2k and other Win OS, this setting is currently not enabled. The user does not have the security benefit of having a second warning, based on lack of an authenticated digital signature. This setting can of course be changed manually in the Advanced settings. The following VBScript provides a convenient utility for checking and resetting this "Check Signature" feature to a more secure setting.
Download checksigs.vbs
10,463 bytes; digitally signed and timestamped VBScript
SHA-1 hash: 2C 97 F6 28 33 8D 0D 4A 77 59 84 AA 1E 3A 7E D6 8C 10 97 55