IE in XP SP2 (Part 1): Authenticode - No, and never again!

As you probably know by now, XP SP2 RC1 is publicly available at https://www.microsoft.com/technet/prodtechnol/winxppro/sp2preview.mspx. Over the next week or so I'll give an overview of a few of the security features the browser UI team has been working on.

The first I'll mention is the revamped Authenticode dialog:

Besides the overall cleanup (the old dialog was difficult for many people to understand), the most noticeable enhancement is the addition of the "Never install software from..." radio button which lets you (finally!) blacklist publishers you don't like. After you've blacklisted a publisher you'll never again be prompted to install an ActiveX control signed with that publisher's certificate. Instead, a harmless icon will show in the status bar to indicate that a control has been blocked.

If you click the status bar icon you'll be brought to the Manage Add-ons dialog, another new security feature in IE which gives you control over all types of browser add-ons including ActiveX controls, Browser Helper Objects, and Toolbars. From here you can de-blacklist the publisher of a control that has been recently blocked, but the main purpose is to let you enable and disable add-ons that may be spyware/malware or causing crashes or other undesirable behavior. You can also get to this dialog from the "Tools/Manage Add-ons..." menu.

There are quite a few security tweaks to Authenticode in addition to what I've mentioned above. One that you may eventually get blocked by is the change to block the installation of invalidly signed ActiveX controls. A control usually gets into this state as the result of file corruption or tampering, and as such they are no more trustworthy than unsigned controls which have always been blocked in the Internet and Intranet zones. Although invalidly signed controls are uncommon, they're not as rare as they should be because the old Authenticode dialog just gave a text warning and still allowed you to install the control. For this reason we've added a setting that allows you to bypass the new block -- primarily for corporate intranet scenarios where mission-critical apps may have been deployed with invalidly signed controls (we had a few of these ourselves) -- but I'm not going to tell you where it is because you shouldn't turn it on. :-)