Closed
Bug 928956
Opened 11 years ago
Closed 11 years ago
SmartScreen silently removes the mark indicating that downloaded executables coming from Internet zone
Categories
(Toolkit :: Downloads API, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: manuela.muntean, Unassigned)
Details
On Win 8 32-bit (I'm on a NTFS file system, like shown here: https://bugzilla.mozilla.org/attachment.cgi?id=818961)
Reproducible with: 25 beta 7, 25 beta 8, 25 beta 9, Firefox 23, Firefox 23.0.1 and Firefox 24
Reproducible with latest Nightly - build ID: 20131021030203
Reproducible with latest Aurora - build ID: 20131021004002
Note: This issue is not a regression since it also reproduces with Firefox 4.
STR:
1. Download http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/25.0b9-candidates/build1/win32/en-US/Firefox%20Setup%2025.0b9.exe
2. After opening the downloaded file, you should see the warning dialog: https://bug916126.bugzilla.mozilla.org/attachment.cgi?id=818957
3. Also, the file properties should show the "Unblock" button like here: https://bugzilla.mozilla.org/attachment.cgi?id=818959
Actual results:
- after step 2 I can't see the warning dialog
- at step 3, I can't see the "Unblock" button
Expected results:
- after step 2 the user should see the warning dialog
- at step 3, the user should see the "Unblock" button
|
||
Comment 1•11 years ago
|
||
I just noticed that the download scanner is ifdef'ed by XP_WIN.
https://mxr.mozilla.org/mozilla-central/source/toolkit/components/downloads/nsDownloadManager.h#10
I don't know enough about windows compile macros to know if the Windows 8 build doesn't define XP_WIN.
|
||
Comment 2•11 years ago
|
||
How can the target machine affect the build-time options?
|
|
||
Comment 3•11 years ago
|
||
We are using the same binary for all supported Windows versions. It's very unlikely to be relevant to XP_WIN.
|
|
||
Comment 4•11 years ago
|
||
Since Windows 8, the warning dialog has been replaces with a SmartScreen warning like this:
http://res2.windows.microsoft.com/resbox/en/6.2/main/4f47a35e-bea1-4f86-9f5d-a10d7602f464_10.jpg
Manuela, are you enabling SmartScreen?
Flags: needinfo?(manuela.muntean)
|
Reporter | |
Comment 5•11 years ago
|
||
My SmartScreen option was enabled. With both 25 beta 9 and Firefox 23 I see the following:
1) If I disable SmartScreen, by turning it off from Control Panel -> System and Security -> Action Center -> Windows SmartScreen option -> Change settings -> select "Don't do anything (turn off Windows SmartScreen)" radio button, I get this warning: https://bug916126.bugzilla.mozilla.org/attachment.cgi?id=818957 and I can also see the "Unblock" button like here: https://bugzilla.mozilla.org/attachment.cgi?id=818959
2) If from Control Panel -> System and Security -> Action Center -> Windows SmartScreen option -> Change settings I select the second radio button, "Warn before running an unrecognized app, but don't require administrator approval", I don't get any warnings, not even the one shown in comment 4.
Flags: needinfo?(manuela.muntean)
|
|
||
Comment 6•11 years ago
|
||
If you enable SmartScreen, download a file, and see the file properties *before* opening the file, do you see the "Unblock" button?
|
|
Reporter | |
Comment 7•11 years ago
|
||
(In reply to Masatoshi Kimura [:emk] from comment #6)
> If you enable SmartScreen, download a file, and see the file properties
> *before* opening the file, do you see the "Unblock" button?
Yes, with both 25 beta 10 and Firefox 23.
|
|
||
Comment 8•11 years ago
|
||
Apparently SmartScreen omits the warning because the Firefox installer is very popular (it has billions of downloads) and signed by the Mozilla certificate.
What happens if you download and open an unsigned executable?
|
|
Reporter | |
Comment 9•11 years ago
|
||
With both 25 beta 10 and Firefox 23, after downloading "diashapes-setup-0.3.0.exe" from http://dia-installer.de/download/ I get the same behavior:
- *before* opening the file, I can see the "Unblock" button
- *after* opening the file, I can't see anymore the "Unblock" button
If the file I've downloaded isn't suitable for this testing, please provide a URL for download. Thanks!
|
|
||
Comment 10•11 years ago
|
||
Changing the summary because it's obvious that Firefox marks the executable now.
But is this really a Firefox bug? If you download the executable using other browsers and open the file, is the warning displayed?
Summary: Firefox does not mark downloaded executables as coming from Internet zone → SmartScreen silently removes the mark indicating that downloaded executables coming from Internet zone
|
|
Reporter | |
Comment 11•11 years ago
|
||
With both Chrome and Opera, after downloading "diashapes-setup-0.3.0.exe" from http://dia-installer.de/download/ I get the same behavior:
- *before* opening the file, I can see the "Unblock" button
- *after* opening the file, I can't see anymore the "Unblock" button
- no warning is diplayed
|
|
||
Comment 12•11 years ago
|
||
Thanks for your patience with testing.
Closing because this is a bug of SmartScreen (or a design).
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•