Be aware that the pathetic HMV download manager software actually adds
http://*.hmv.co.uk,
http://*.hmv.com and
https://*.hmv.com to your trusted sites list in Internet Explorer and does not make that very clear during the software install.
This is not just bad practice but negligence of a pretty high order
. Adding ANY sites to a Trusted Sites List (and therefore bypassing a good chunk of the little default rule based configuration security IE offers) is very poor unless your very sure what your doing or it is set as some corporate managed policy.
This leaves your PC (well IE and any web activity launched from the windows built in browser stack) trusting HMV's scripts, signed ActiveX controls and the like. I would suggest that there are a number of people who may not want that liberty being taken
despite any real risk being minor. Trusted sites was never designed for online shops to get around browser security.
Think before you download this, the way HMV seem to want to manage downloads is pretty damm poor to say the least (compared to other major DRM free music sites like Amazon).
Edit: As an aside (a little technical so you may want to just ignore this bit) the ActiveX control HMV use to actually download the music seems to depend on the Microsoft Background Intelligent Transfer Service (BITS) to pull the files down. While that in itself is not bad (odd design choice maybe considering) it is a service that could very well be stopped on some (most?) Vista PC's in a home environment (and XP for that matter) causing the download to fail with an error about BITS not working.
To get around this you could start the service or you would need to start the ActiveX process with Administrator rights (I.E. Run IE as Admin on Vista) to have anything it spawned start a windows service, using either of those options to use a silly download tool are pretty evil. I have to wonder how good the design spec and testing process was for this little bundle of magic ;).
