Downloading ZIP-Based Formats

More and more file formats are based on the ZIP format. The Open Packaging Conventions use ZIP as a base format, and that means frameworks like .NET’s System.IO.Packaging also generate files that are valid ZIP files. The Office 2007+ formats are ZIP-based, and more personally, Fiddler’s SAZ Format is ZIP-based. Unfortunately, this trend toward ZIP-based…

4

Content-Length and Transfer-Encoding Validation in the IE10 Download Manager

Back in March of 2011, I mentioned that we had encountered some sites and servers that were not sending proper Content-Length headers for their HTTP responses. As a result, we disabled our attempt to verify Content-Length for IE9. Unfortunately, by April, we’d found that this accommodation had led to some confusing error experiences. Incomplete executable…

7

Authenticode and Weak Certificate Chains

Recently, someone attempted to download a deprecated version of the Windows Script debugger. This tool was used to debug scripts prior to the introduction of more powerful, modern tools like those that are built into IE8 and later. The user emailed me when they encountered a very surprising outcome: After clicking the Run button, the…

6

Download Resumption in Internet Explorer

While most file downloads are quickly and successfully completed, some large downloads take a long time to complete, and may be interrupted in the middle by either the user choosing to “Pause” or due to networking glitches (e.g. WiFi connection dropped). One of the significant enhancements in the IE9 Download Manager is enhanced support[1] for…

18

Avoid “Do not save encrypted pages to disk”

Internet Explorer has an Advanced option named Do not save encrypted pages to disk. By default, this option is unchecked (except for Windows Server systems) and I recommend you leave it that way. In IE9, this option does exactly what it says it does—resources received from HTTPS URLs are not placed in the Temporary Internet…

21

Warnings on Incomplete Downloads

Recently, a user sent in the following screenshot of a security warning they encountered when attempting to download the Microsoft Zune software: Obviously, we immediately attempted to reproduce the reported problem, and we found we were unable to do so – the program was recognized as legitimate software and no security warnings were shown. However,…

12

Everything you need to know about Authenticode Code Signing

In today’s post, I’ll be discussing the use of Authenticode to sign software programs; this post will be of interest primarily to software developers. Large software companies (like Microsoft) often have an entire team dedicated to the code-signing and release process, but even (especially) small software publishers should sign their code. In this post, I’ll…

28

File Upload and Download Limits

Over the last few years, we’ve had a few questions about WinINET’s limits for file upload and download. I’ve summarized those limits in the following table:   Upload (total size) Download (per file) Internet Explorer 6 2gb 2gb (4gb for Chunked or Connection-Close transfers) Internet Explorer 7 2gb 4gb Internet Explorer 8 2gb 17,592GB Internet…

11

File Download and Filenames

Several months ago, I blogged about IE’s support for International Filenames on Downloads. Today’s post is a bit simpler and describes two cases when IE may rename downloaded files. Filename Extension and QueryString Parameters If a file download HTTP response does not contain a Content-Disposition header, Internet Explorer will determine the filename from the URL. This may…

3

Downloads and International Filenames

A few times a year, I get a question about Internet Explorer’s behavior when it comes to downloading files that have non-ASCII characters in the filename, because different browsers have different behavior when handling such files. The server can suggest the name for a file download in one of two ways: Explicitly, by including a…

16