Program Download - IE CHROME - “is not commonly downloaded and could be dangerous.”

StackOverflow https://stackoverflow.com/questions/12231581

Question

I have an installer for my C# program, I uploaded it to my website, but whenever I try to download it in chrome or IE, I get "MY FILE* is not commonly downloaded and could be dangerous." You can only keep it if you click a tiny arrow and choose "Keep" from a menu. Only a tenth of less of users will be able to get my program. How could I work around this? I have heard about digital code signing, but at hundreds of dollars a year. This is really not an option for me. Would making an MSI installer or putting it on a software website help?

Was it helpful?

Solution

The best resources are this blog post and this blog post.

To sum up:

  1. Sign you package with an authenticode signature.
  2. Don't be malware (I'm sure you got that covered).
  3. Logo your software (if it's not a browser plug-in).

This can be a frustrating process, so hang in there. Microsoft has not disclosed how many downloads one needs to build a reputation, but in practice once you stop changing the package (the hash is part of the reputation) then you can get past this fairly quickly.

OTHER TIPS

I've fixed this by uploading the file to Google Drive (you can convert the Google Drive share link to a direct download link using some online converter).

Now my executable downloads without warning. Silly but it works.

I just had the problem (again) today

file is not commonly downloaded (keep/discart)

I made many tests including moving the zip on another server, re-compressing the zip file with another software, etc. I concluded that Google Chrome didn't like that zip file contained an .url shortcut file in it (a link to my site). I removed the .url from my zip and then it worked without the download error.

I had to change content inside ~5000 zip files on two sites, nice one Google.

BTW: the site is not listed as malware anywhere and files inside the zips are mostly .psd on one site and and .swf on another site, no exe or anything.

And previously when I had this problem it was because of some bad header(s) set when downloading the file.

Similar to Wiseman's suggestion. I had this problem with downloads on a new website I had created. I noticed that the same file downloads did not show the warning in Chrome when downloaded from my original website which has existed for years. So I simply linked my downloads on my new website to files I put on my old website's server. Even with newer files, they no longer showed the warning. I assume because my older website was established and considered "trusted" by google/chrome.

In my case I solved it with the following set of headers:

Cache-Control: max-age=864000
Content-type: application/octet-stream
Content-Disposition: attachment; filename="....zip"
Content-Transfer-Encoding: binary
Last-Modified: ...
Etag: ...
Content-Length: ...

Be extra observant of Content-Type, Cache-Control, Last-Modified and Etag which seemed to be the helpful headers for me.

In fact, in my case helped much simpler solution. I've just moved the files onto Amazon S3 storage and the warning disappeared right away.

Consider trying this before buying the certs.

Edit: Not working anymore.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top