This might seem like a silly (or nefarious) question at first glance, but allow me to elaborate…
We have implemented all sorts of measures on the company network and proxy to prevent the download of certain file types on to company machines. Most files, even zip files with exe's inside get blocked when clicking to download those files.
But some "enterprising" users still manage to get downloads to work. For example, I was standing behind someone (who didn't know me or which department I worked in), who in front of our eyes changed a URL that ended with ".exe" to ".exe?", and the browser went right ahead and downloaded the "unknown" file type. We've since then plugged this hole, but I'd like to know if anyone else knows of any nefarious means of downloading files bypassing network security and checking software.
Or perhaps if you know of some commercial software that you can swear is bulletproof, and we can trial it for a while.
Any help appreciated…
Best Answer
Regardless of what technical solution you come up with, someone will find a way around it. If you're serious about this (and not just doing it to discourage casual downloads or fulfill some faceless policy mandate), then please, please,
Talk to your users!
Explain why you're blocking what you're blocking. Help them to understand the importance of it. And then listen to them when they tell you why they still need to download executable files, and help them find a way to do their jobs without making your job harder.
For years, one of our suppliers had a system similar to yours in place. Unfortunately, they were also responsible for providing us with regular updates to their pricing software, and during testing it was common for executables to frequently travel back and forth between our networks. Due to the filters, we all just got in the habit of renaming files (.exe -> .ear, etc.), compressing them, compressing then renaming them, even using personal machines to transfer them... not only subverting the restrictions and amplifying the potential danger to both companies, but also destroying much of our respect for those behind the restrictions.
Finally, someone got the message and set up a secured FTP server for us to use.
It's all too common to focus on the technical side of things, and forget about the resourceful humans who must deal with the consequences of them. Naturally, if you're already doing this, then more power to you!