With programs that need UAC elevation, there's no "Internet zone" warning because there's already the UAC warning, and it would be rather annoying to have to press "Yes, really" on two warnings per program.
I guess if you disable UAC, it's possible that you get no warning at all.
Do programs with names matching that pattern automatically request UAC elevation? Because the author doesn't mention that he received a UAC warning. If you are able to name an executable that way, and not request UAC elevation, and therefore bypass the warning, it sounds like an issue.
However, anyone running something called ChromeSetup.bat would expect a UAC warning to come up since they are expecting to install something anyway.
I've actually run in to this issue myself when I had a program called "Patcher.exe" (an internal dev tool) that didn't require UAC elevation. Turns out that name was on the list. You can include a manifest in the executable to say that you explicitly don't require UAC elevation to prevent that.
And the page 18 of the document is even scarier: the name of the program is not even displayed -- the (bad) logic was obviously "normal users wouldn't know the difference."
- Install
- Setup
- Update
- Uninst
That's pretty amazing – is this still the case? It's obviously a deliberate decision, and seems to totally negate the value of those warnings.