Explorer security deadline nears
Users of Microsoft's Internet Explorer browser who don't download a security upgrade could be in for a lot of warnings from Web sites.
Microsoft (MSFT) has begun encouraging users of Explorer to download Authenticode 2.0, a new version of the browser's built-in security monitor, before the end of the month. If users don't download the update by then, their browsers will still work but they could receive clusters of security warnings every time they visit a Web site with digitally signed ActiveX controls or Java applets on it.
As users download programs off the Net, Authenticode scans them for digital signatures that contain the identity of the program's publisher. Introduced earlier this week, Authenticode 2.0 includes a number of features Microsoft says will make downloading code safer, including time-stamping support to ensure that code was signed with a valid digital certificate. It also offers revocation lists, a feature that checks in with an online list of revoked certificates before downloading code.
The Authenticode 2.0 file is itself available for download on Microsoft's Web site. The security update only works with version 3.02 of Explorer, so users will have to get the new version of the browser if they want to receive the new security benefits.
Authenticode 2.0 will also be included in Explorer 4.0, due out by the end of the summer.
In the meantime, users who don't upgrade their IE security could be in for a lot of warnings from Web sites. If their security settings are on high--the default setting for Explorer--users will receive pop-up windows telling that code is unsafe to download.