Windows xp sp2 apparently blocks downloads. This is not so cool as can easily decrease download #s and thus sales. IE displays a little message at the top of the window saying "to protect security the download has been blocked... click here for options". If user clicks options / download it then starts the download normally.

Example xp download screenshot (http://www.arcadetown.com/i/xp_download.gif)
download link (http://www.arcadetown.com/partner/download.asp?gameid=bloxforever)

We've noted it only seems to block .exe download if it was started via a meta-refresh or javascript window.location. If user clicks link to the .exe such as "click here if does not start automatically" that IE doesn't block the download and it starts normally.

Anyhow have similar experience and/or know any kind of workaround?

Anyhow have similar experience and/or know any kind of workaround? I don't have SP2 myself, but I'ld guess the easiest way would be to get rid of the javascript and simply provide a direct download link.

Just wondering. Do you get the same kind of problem while downloading files from download.com?

I'm not runing xp so not sure... got reports, screenshots, etc from a user. Probably yes since download.com pops up download via javascript. I had the user test a few sites like retro64 which uses meta-refresh and our site which users javascript and all had same problem.

Anyone here have winxp sp2 to try it out download.com and let us know?

Anyhow have similar experience and/or know any kind of workaround?

From the users end, you can disable this new "security feature" from the Internet Options -> Security tab. Just need to enable "Automatic Prompting for File Downloads".


Do you get the same kind of problem while downloading files from download.com?

From the download.com "guide to Service Pack 2" link that appears on the download screen (after you have clicked Download Now):


When you try to download a program on Download.com, you may need to click the information bar at the top of IE to okay the download.

However, it did not give the prompt when I clicked the Download Now link. Looks like they may already have some type of workaround in place. I notice a quick popup window before the download starts...

Download.com is already working with SP2 - you don't have to click anything special to download the file. Other sites - such as the Adrenaline Vault (http://www.avault.com) - require the user to click the bar at the top and specify what they wish to do.

- Roulette

It would be interesting to know if that is because of the way they activate the download or because of their URL. Maybe SP2 already has download.com listed as a trusted site or they have some kind of certification system for trusted download sites.

Not sure if it's of any use, but I can confirm that PHP (and therefore I assume ASP et al) header redirects work ok with XPSP2 downloads.

I can understand what Microsoft is trying to do here. They are trying to prevent malicious web pages from downloading and running malicious code in the background. Unfortunately there are many legit sites out there using these same methods to create an info page as the file downloads. I’d sure be interested in knowing what Download.com is doing differently to work around this issue. If anyone finds out, please let the rest of us know.

Not sure if it's of any use, but I can confirm that PHP (and therefore I assume ASP et al) header redirects work ok with XPSP2 downloads.Ah, good old PHP. Always saves the day.

But what about a Location: redirect in Perl?

Here is a url if anyone can test it:

http://www.redclawgames.com/cgi-bin/afl.cgi?game=goobs&afl=542332

But what about a Location: redirect in Perl?
Seems ok here, gets the usual XPSP2 dialog box:the usual XPSP2 save dialog box (http://www.moonpod.com/board/images/misc/XPSP2DL.gif)

Excellent - thanks for checking it.

Just my take...

I just installed SP2 yesterday and yes the experience is changed and downloading files and viewing content isn't quite as seamless. The perks of added security may outweigh the bad, but with things left on default (which many people will do) there will often be an added step or two when downloading games (reading warning, "click here for info", select "download file"). I think everyone would agree that the more steps required to make a purchase or download a file, the higher the chances are that the user will be deterred.

On the other hand, it really didn't seem THAT bad to me. They seemed to make it pretty clear what's going on and simple to let the user do what they want. It's really not like they are "blocking" downloads, but just tossing out warnings and forcing you to conciously make the decision to download a file. In the grand scheme of things, I think the benefits outweight the drawbacks.

One thing I didn't like however, is the fact that just regular ol' swf (flash), embedded in HTML weren't showing without a warning. Even my own flash files viewed LOCALLY wouldn't show without my reading a warning message and selecting "view content". Now THAT I don't get.

Just my 2 cents.

Mike

@maksum - you we're saying regular old flash content is being blocked? Argghhh that would suck for a lot of web sites including us. A buddy said flash run off the local drive didn't work as it has something to do with changes to the local security zone but when run off the web that flash content worked just fine. Are you seeing different?

A buddy said flash run off the local drive didn't work as it has something to do with changes to the local security zone but when run off the web that flash content worked just fine. Are you seeing different?

I haven't had the chance to see otherwise, but that would make sense. I mean, flash is plastered all over the place these days. I only noticed the problem locally, so your buddy is probably correct.

I have implemented a download page scheme similar to pre-sp2, so no real functionality was lost... I tested it with three browsers, but if anyone feels bored, try a download and give me a shout :)

@retro64 - looks like you simply dropped the meta refresh that caused download dialog to open automatically? If so have you seen any decrease in downloads due to not opening the download dialog automatically?

Now get back to work and make us some more games that sell well you maker of great games you :D

Is your download spawning automatically, Brian? It is supposed to mimic the old functionality. Going to a small page that explains to click on "open" and auto-spawning the download.....

Here's an example page. I was using meta-refresh and now using javascript window.location to point to .exe. Both seem to cause same problem on sp2.

arcadetown.com/platypus/download.asp (http://www.arcadetown.com/platypus/download.asp)

try mine again in sp2 and non-sp2 (i just improved it)
http://www.retro64.com/platypus.asp

try mine again in sp2 and non-sp2 (i just improved it)
http://www.retro64.com/platypus.asp

seems to work in sp2, but it's somewhat confusing that the screen in the background explains to press the 'Open' button, while the SP2 security dialog offers the 'Run' 'Save' 'Cancel' options. Maybe a different screen depending on SP2 or not? (assuming it's possible to check this in javascript)

Here's an example page. I was using meta-refresh and now using javascript window.location to point to .exe. Both seem to cause same problem on sp2.

arcadetown.com/platypus/download.asp (http://www.arcadetown.com/platypus/download.asp)

arcadetown,

I am experiencing the same problem you were. I am using

window.open(theURL,winName,features);

to open up an excel file to the user and it open up. How should I work around the SP2 downloading problem? The only way I can let people see the excel now is if they disable the automatic prompting for file downloads in their IE security. Some users don't have this luxury of changing their security settings while at work, so I need a work around it. Please let me know what you did to fix this issue. Thank You.

Ah, good old PHP. Always saves the day.

But what about a Location: redirect in Perl?

Here is a url if anyone can test it:

http://www.redclawgames.com/cgi-bin/afl.cgi?game=goobs&afl=542332

An http header is an http header, regardless of the language you're using.