Orange warning triangle when downloading something from Microsoft website MSXL 6.0 file
I am directed to that website because my PSI Secunia says my Microsoft MSXL 4.0 files are at the end of life. So i decided to run an windows update to see if maybe i needed an replacement and no updates came up. So i was directed to this website https://www.microsoft.com/en-us/download/details.aspx?id=3988 and upon downloading no files were attempted to download. However i decided to disable protection because i assumed maybe there was a pop up blocker blocking it. And it turned into an orange triangle and the files were downloaded. What didn't make sense is why i couldn't download the files off the secured website and the whole https changed when i decided to disable protection and the files were downloaded? Are they modified or is this just normal for a website to do that? I mean come on, it's Microsoft! They are supposed to be secured when downloading files. Is their website modified or is this normal ? I got skeptic and paranoid why it did that if i disabled it and it's not even an secure download. I need those files to update my MSXL Cores. So i decided not to until i get some accurate answers if it's safe to download it and install it. Feedback anyone?
All Replies (3)
According to the Browser Console:
Blocked loading mixed active content "http://download.microsoft.com/download/2/e/0/2e01308a-e17f-4bf9-bf48-161356cf9c81/msxml6.msi"
I'm pretty sure this download page was NOT designed to be accessed using HTTPS because it doesn't match the download protocol to the protocol used to access the page. The download protocol is fixed as HTTP. I think the page was intended to be loaded as:
http://www.microsoft.com/en-us/download/details.aspx?id=3988
I suspect if you had searched this through Microsoft, you would have gotten that HTTP URL but you are using the HTTPS Everywhere extension to override normal links, so things like this will happen from time to time where a site seems to work normally on HTTPS -- until it doesn't.
Well this link does show it's trying to unload scripts with an unauthentic page when attempting to download the files. That doesn't explain why it does that since this is Microsoft's page? They normally secure things especially downloaded files. Is this normal or different? https://www.microsoft.com/en-us/download/confirmation.aspx?id=3988 You'll see the shield next to it. I even had HTTPS disabled too and it had no effect it still had the shield there. I was skeptic downloading it in the first place anyways. Glad i asked anyways.. thoughts?
I don't think it's suspicious, just poorly planned. If Microsoft intended you to use HTTPS for the download article then it would know it needs to use HTTPS for the download itself to avoid a mixed content error.
When I use Bing to search up the download article it is indexed with an HTTP protocol, which is why I continue to think the problem is caused by accessing the download article using HTTPS.