How to remove the security warning, or should you?

This morning there was an interesting question in the Windows Vista Security Newsgroup. The poster had written an application that users were downloading. However, when they ran the application they received a warning dialog, like this one:

The poster wanted to remove this warning dialog to avoid confusing users.

This dialog is created because Internet Explorer, and some other applications, add a bit to the file to mark it as being downloaded from the Internet. It serves as a warning that this may be untrusted content. If the file is digitally signed, the warning does not have the red shield, and the publisher is listed in the dialog, but otherwise it stays the same. The poster asked if getting a digital certificate and signing the executable would get rid of the warning. It will not. This warning is there to warn the user. I think it is an important safety mechanism, and that, rather than trying to remove the warning, which is possible, we should help the user understand it. Therefore, here is my response:

You should definitely digitally sign the application no matter what. However, that will not remove the warning. It just will have your (or your company's) name in the dialog and won't say "Unknown Publisher."

Technically, there is a way to get rid of this warning, but it is there as a warning to end users. If you remove it here, you would also remove it for all other executables. That would put your users at significant risk. If you programmatically remove that warning, you would be responsible for putting them at significant risk; a responsibility that I am pretty sure you do not want to accept.

Rather, I would suggest that you take the opportunity to educate your users. Teach them that the warning is there so that they can assess whether they want to accept the risk involved in opening applications off the Internet. In this case, you have digitally signed the application so they can trace it to you and have assurance that they are, in fact, opening a trusted application. Anytime they get a dialog like this they should evaluate it and see if they really want to accept that risk or not. If the publisher is unknown, they have no way to tell who wrote the application, and should consider it a higher risk.

Leave a Reply

Your email address will not be published. Required fields are marked *