Authenticode Security Increased in Internet Explorer

The information in this article applies to:

• Microsoft Internet Explorer version 3.02, 4.0 for Windows 95
• Microsoft Internet Explorer version 3.02, 4.0 for Windows NT 4.0

SYMPTOMS

If you attempt to download a digitally signed self-extracting executable file in Internet Explorer, the following message may be displayed:

Internet Explorer 3.x:

   A Windows application is attempting to open or install the following
   software component:

      <filename.exe> from <example.microsoft.com>

   Please be aware that some files may contain viruses or
   otherwise harm your computer. This component has not been
   digitally "signed" by its publisher. Do you wish to
   continue?

   Security Warning
   Warning: The authenticity of this software can not be
   verified, therefore this software cannot be trusted.

   Problem/s listed below:
   <description of problem>

   Are you sure that you want to install and run <program>
   distributed by <Publisher>? 

CAUSE

Microsoft has increased Authenticode security in Internet Explorer to ensure that all digitally signed self-extracting executable files are fully protected. Many signed files created using older versions of third- party tools such as Package For The Web from InstallShield or WinZip Self Extractor from Nico Mak Computing are now treated as unsigned files. When the safety level for active content is set to High or Medium, the message is displayed when you attempt to download these files.

RESOLUTION

To work around this problem, contact the administrator of the Web site that contains the self-extracting executable file to report the problem. Digitally signed files created using the most recent version of a third- party tool should not cause the message to be displayed.

MORE INFORMATION

The third-party products discussed in this article are manufactured by vendors independent of Microsoft; we make no warranty, implied or otherwise, regarding these products' performance or reliability.