mbc07, you've made your point loud and clear that you think this issue is dumb. Different people have differnet ideas about what is and isn't reasonable security practice on their systems. Thank you for your comments.
I'll just leave this Chromium bug report here so you guys can get a feel for what the wider developer community thinks and what changes might be coming in browsers. Note in particular this part
[color=#000000]Dear all, consider that Turla Russian APT is exploiting techniques in delivering malware trough sophisticated MITM attacks.
They send legitimate Adobe Flash installer over HTTP, then inject it with malware trough MITM:
[color=#0000cc]https://www.darkreading.com/attacks-breaches/turla-cyberespionage-gang-employs-adobe-flash-installer/d/d-id/1330788[/color]
It becomes very relevant to moves on to block downloading of executable over HTTP channel.[/color]
I guess eventually would-be Dolphin users complain that they can't unpack the software because their browser prints a red warning. Maybe then enough people will harass 7zip, WinZip, and the other sites not using HTTPS that those sites will get their acts together.
Thanks for all your help.
I'll just leave this Chromium bug report here so you guys can get a feel for what the wider developer community thinks and what changes might be coming in browsers. Note in particular this part
[color=#000000]Dear all, consider that Turla Russian APT is exploiting techniques in delivering malware trough sophisticated MITM attacks.
They send legitimate Adobe Flash installer over HTTP, then inject it with malware trough MITM:
[color=#0000cc]https://www.darkreading.com/attacks-breaches/turla-cyberespionage-gang-employs-adobe-flash-installer/d/d-id/1330788[/color]
It becomes very relevant to moves on to block downloading of executable over HTTP channel.[/color]
I guess eventually would-be Dolphin users complain that they can't unpack the software because their browser prints a red warning. Maybe then enough people will harass 7zip, WinZip, and the other sites not using HTTPS that those sites will get their acts together.
Thanks for all your help.