ItsGeekToMe.co

Q: Whenever I go to a website for information, on the screen appears the following phrases:  “Security Warning — Do You want only website content that was delivered securely?”  there are also 2 boxes on the screen; one says YES, the other NO.  I click the yes box.  This never happened when I went to a website before this past week, but now this WARNING now appears every time I want to view something.  How do I get rid of this pop-up?

– Wally E.
Fort Walton Beach, Florida

A: This is one of those well-intentioned dialogs that so many Microsoft applications pop-up, that so many computer users find so annoying (thanks, Bill!).  It actually contains some valuable cautionary information, but depending on your system settings and which websites you visit, you might see it so often that you stop reading it without ever understanding what it means.  In my opinion, the reason people find them so annoying is that Microsoft engineers seem to presume that everyone who uses their software possesses at least a bachelor’s degree in Computer Science, or at least has a level of knowledge that most typical computer users just don’t have. It’s tough to know how to respond to dialogs if you don’t understand the questions they contain.  So, let me start with the background, and then I’ll tell you how to disable it if that’s what you still want to do.

Let’s start by looking at the address bar on your web browser.  If you don’t have a page loaded, try going to my website: ItsGeekToMe.co.  Once the page loads, you’ll notice that if you didn’t do it yourself, the browser automatically added some additional letters to the front of the URL, specifically “http://”.  This stands for “Hypertext Transfer Protocol”, and it is a signal to the browser that tells it some of the rules for how it will interact with the website when downloading its content.  Using HTTP, information is transmitted as plain text, which means that anyone who happens to be “listening in” to your connection can effortlessly read everything going across your connection.  The risk of this is especially great at public WiFi spots, where anyone with packet sniffing software can collect everything from your credit card number to your bank account password.

To prevent this, a secure version of HTTP is often used.  Not surprisingly, it’s referred to as HTTPS in your address bar.  Many bank, credit card, and online shopping sites will automatically engage HTTPS if possible, and you might not even know it’s happening except for the “S” in the address bar, and perhaps a color change or the appearance of a padlock somewhere in the browser’s status bar.  Now, many of what you think of as single web pages are actually comprised of data from multiple sites that are aggregated together into a unified page.  The most common ones that I can think of are banner ads, which almost never come from the same site as the rest of a site’s main content.  Banner ads are almost never delivered via HTTPS (i.e. – “securely”), even when most or all of the other data on a page is.  When IE detects both secure and unsecure content together on the same page (which might compromise the security of the entire page) by default, the browser is configured to ask you whether you want to display this “mixed content”.  (The dialog actually says this after its initial question.)   So, what the box is actually trying to say is that you have a secure connection which might be made unsecure if you allow it to proceed with loading unsecure content.  It’s a security thing, and you should keep that in mind when deciding whether to disable it.

If you decide you want to disable it anyway, the procedure is simple enough.  From within IE, click the “Tools” menu and select “Internet options”.   Select the “Security” tab and click on “Custom level…”.  Within the “Settings” list, find the one that says “Display mixed content”.  Since you’re seeing the message, it’s going to be set to “Prompt”.  To make the dialog stop appearing, you must select either “Enable”, which will automatically allow all mixed-mode pages to display fully, or “Disable” which will automatically prohibit the unsecure portion of mixed-mode content from displaying.  This is the more secure of the two options, but it could leave you with some odd looking page displays.