Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: can there be security weaknesses in the "Downloads" folder?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
taffy078 can there be security weaknesses in the "Downloads" folder?
Contributor 3rd Apr, 2011 09:48
Ranking: 408
Posts: 1,340
User Since: 26th Feb, 2009
System Score: 100%
Location: UK
Last edited on 3rd Apr, 2011 09:49

I hadn't realised until now that whenever I download a program or update, it's initially saved in the C:\Downloads folder. (Perhaps this has always been the case.)

The files in that folder are mainly set-up/installer files but there's also a few Word and .pdf documents that I've downloaded (and then saved), always from safe sources.

There's also a Software folder in the folder - in here are a few Nero programs and also an NVidia program.

So, four questions spring to mind:

(1) Have downloaded programs files always been stored in "Downloads" or is this a fairly recent change?

(2) Can the vulnerabilites that require software to be updated be found in these set-up files, or in any of the other files that I've mentioned?

(3) If yes, presumably PSI would find them but what action would it then recommend?

(4) or to put it another way, do other members here regularly delete the contents of the Downloads folder (in the same way that we all regularly delete temporary internet files etc)?

Your advice will be appreciated. Thanks.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003

taffy078 RE: can there be security weaknesses in the "Downloads" folder?
Contributor 3rd Apr, 2011 10:07
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
PS My signature shows that I have a 64 bit processor. Belarc shows this too but also says it's "64-bit ready".

So I checked*** and it's actually 32 bit. That explains some of the confusion I've had during recent updates.

Moral - don't believe the label and get the sales assistant to check properly before buying!
--------------------------------------------------
***
(1) Click Start. Right-click My Computer, and then click Properties.

•If you don't see "x64 Edition" listed, then you're running the 32-bit version of Windows XP.

•If "x64 Edition" is listed under System, you're running the 64-bit version of Windows XP.

(2) Run winmsd.exe - In the details pane, locate Processor under Item. Note the value. • If the value that corresponds to Processor starts with x86, the computer is running a 32-bit version of the Windows operating system.
• If the value that corresponds to Processor starts with ia64 or AMD64, the computer is running a 64-bit version of the Windows operating system.



--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
Anthony Wells RE: can there be security weaknesses in the "Downloads" folder?
Expert Contributor 3rd Apr, 2011 17:09
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 3rd Apr, 2011 17:18
Hi taffy ,

Your 1) Yes . Each and every browser is set to download to a specific folder ; you can choose the "default" setting or make a choice of your own and you can also choose to have the browser ask you where you want to download :ie: default or elsewhere as each download initiates .

Your 2) Not likely . other than if you actually run the installer and install an old/out of date and "insecure" programme . The PSI would pick that up ; otherwise your security system should pick up any malware you may have brought in with the other stuff .

The PSI will let you know if the Nero and Nvidia programmes are/become "insecure" and your security software if there is any malware .

Your 3)The PSI detects unpatched vulnerabilities and indicates the patches available ; on principle , it does not recommend anything .

Your 4) I keep the previous/last installer until I download a new one and the new installation is satisfactorily running ; this is quicker for me if I need to go back a version . There can be specific programmes where I keep older versions :eg: the PSI where I have 1.5.0.1 , 1.5.0.2 and the latest 2.0.0.3001 . I do not need the 1.5.x any longer , I believe .

I may also keep the latest Stable installer when running a Beta or similar .

I also have loads of storage space , otherwise I would bin the lot and rely on FileHippo and the like for any old installers .

NB : do not use just any site for any installer , first the Vendor , then FileHippo , then a site you know and can be sure you trust , then ..... this way madness lies :(((((

AMD call their processors 64 ***, because they "invented" 64 bit architecture ; then they made a deal with Intel so that 64 bit processors are 32 bit backward compatible and vice versa; start reading here and you can go on forever :-

http://en.wikipedia.org/wiki/X86

Take care

Anthony

PS *** : A "processor" can be 32 or 64 bit without any problem on a 32 bit systyem ; you are confusing that with your Operating system which is either 32 or 64 bit and knowing which , as you now relise , is critical .So you need to completely rethink your last paras of your second post ; like you I run my AMD 64 processor on my 32 bit XP SP3 OS . Lots of Homework , I shall be testing you on Monday !!!

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
mogs RE: can there be security weaknesses in the "Downloads" folder?
Expert Contributor 3rd Apr, 2011 21:30
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Evening taffy.
Your post prompted me to take a look thro' my Downloads folder.....It's something I do from time to time anyrate : I usually do clear out as much as I can....old starts etc..
I usually keep the last Belarc scan and CCleaner : strangely enough, I noticed that the last...version 305, had resulted in another Download folder.
I'm possibly fairly minimalistic in my approach to storage or hoarding....more than enough space/room on my lappy....but if I don't keep it...security/Auslogics don't have to scan and Puran does'nt need to defrag it.
I suppose it's like if I take a "step" forward, I don't intend to take too many backward....from what I can see of it, lappys tend to encourage, possibly, more a sense of efficiency....a little more poetry than might exist in an office ?!
Enough.....must'nt keep you from your homework !!!

--
Was this reply relevant?
+0
-0
Anthony Wells RE: can there be security weaknesses in the "Downloads" folder?
Expert Contributor 3rd Apr, 2011 21:49
Score: 2445
Posts: 3,336
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 3rd Apr, 2011 21:50
Ok taffy ,

3 starters for 10 for tomorrow's examination :-

1)Why is celery seemingly misspelt on some computers .

2)Give the name and DOB of the person responsible for the '64 Bits and Pieces .

3)Why is the Duke of Athlone messing about on your lappy when he has a whole Uni to look after ??

Please note : no Mogs are allowed in the classroom and you must hand in your 'phone to avoid mail from Maurice .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
taffy078 RE: can there be security weaknesses in the "Downloads" folder?
Contributor 5th Apr, 2011 10:40
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Secunia Support - Hi. I've been away so won't have time to sort out until the weekend. Please do not lock. Thanks

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer