Slashdot Mirror
World's Most Annoying IE Toolbar
nautical9 writes "Following the same devious footsteps of the infamous Bonzi Buddy, Gator, and Comet Cursor "enhancements", Xupiter now has their own self-installing toolbar for IE. There are many claims that if you leave your security preferences at their default level, it will install itself without your express permission. And once on your system, it's gracious enough to reset your homepage to xupiter.com, forward all your searches to their search engine, download and automatically launch applications (like gambling applets), and blocks all attempts to set these back to normal. Removing it isn't trivial either - it automatically checks for updates upon reboot, where it constantly changes the registry settings it uses, making the jobs of spyware removal programs like AdAware or Spybot Search & Destroy much harder. No word yet if it collects and forwards personal data."
Oh yea... as if they're going to go through all of that trouble and deception and not collect and forward personal data.
Right.
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
It's pretty easy to use Moz or Opera, which never started going down the security-hostile path of automated installation from *web pages*. And bookmarking. And so forth.
:-)
If you're using IE, you're running a piece of software *on your machine* which is advertising and providing the ability for a web page to basically screw your system up. If precisely this happens...well, you should have tried another browser.
(If you don't like the Moz suite approach, try Phoenix)
May we never see th
Stuff like this IS probably illegal in the US. However, the company programming this is in Hungary, according to the Wired article. Gonna be fairly tough to put any lawyers against them here. Legislation against this stuff won't do much good either. Foreign countries don't much care what our congress legislates and passes into law.
The probability that someone is watching you is directly proportional to the stupidity of your actions.
The problem with these damn things is that you never quite know how they got onto your machine. I'm always very careful about what I install, and which dialog boxes I say "OK" to, but there's always the possibility that I accidentally let something slip through. I suppose that's why people aren't 100% sure if it can install itself right from IE without confirmation.
I'm getting increasingly sick of using IE, but I'm constantly running across sites that Mozilla just can't handle properly (or swiftly). And yes, I've cranked up the security level, though god knows why there exists any level of "security" that would allow unconfirmed installs.
I don't know what you are talking about but Xupiter is known for taking over IE without prompting you.
I just went through 20 minutes of deleting it!
"Only one thing, is impossible for god: to find any sense in any copyright law on the planet." Mark Twain
Even aside from that, why the hell does IE do installations directly from a web page? That's beyond idiotic.
Let's see, we have the technically illiterate on one hand. These people fall prey *far* more to malicious remote-install links than they are benefitted by deliberately remote-installing software. Not benefit to IE's behavior there.
Then we have the technically ept, who are quite able to download, save, and run an installer if they really want to run it. No benefit to IE's behavior there.
Frankly, IE's behavior takes a position of extreme trust of the remote end, which is just plain *stupid* in today's world.
May we never see th
Somewhere along the line, my browser must have been hijacked and I got stuck with this little piece of badware. I used Ad-Aware to detect and destroy, but I got a little creative. I kept the C:\Program Files\Xupiter directory, and set the attribute to read-only. I'm hoping that any future attempted hijackings will result in the installation failing due to the inability to create or write anything into the Xupiter directory.
attrib +r "C:\Program Files\Xupiter"
I agree. But it's interesting to note that if this software had been written by an individual, rather than a corporation, the FBI would already be looking for the culprit. For some reason, corporate misbehavior is below the FBI's radar.
From the article:
It's a browser toolbar that some swear is doing "drive-by downloads" -- installing itself without users' permission -- then taking over their systems and making it impossible to uninstall.
Technically, this is a virus. And IIRC, "unauthorized alteration of a computer system" is punishable by 5 years in prison and up to a $250,000 fine.
The society for a thought-free internet welcomes you.
No, they should blame Microsoft. Like that article posted earlier about Slammer, the idea of blaming the victim for the crime is a little skewed. Microsoft needs to engineer better products. Because after all,
isn't that the digital equivalent of mugging and rape?
Er, a bit dramatic, but yeah, kind of. You can't (shouldn't?) call someone 'stupid' for getting mugged or raped.
If Jesus wants me it knows where to find me.
Even if they copy everything off of your hard drive and send it to their own servers, according to most Slashdotters, that is only copyright infringement (not theft), provided they don't delete anything.
:-)
Then those Slashdotters would be wrong. Federal law prohibits unauthorized access to a computer.
Granted, you could argue that running IE and not installing the tons of patches MS has slapped over many of its plethora of holes is "granting authorization" to the remote site, but I don't think a judge's sense of irony would go that far.
May we never see th
I work for a fairly large tech support / helpdesk outsourcing company. Programs like this are de facto viruses from the point of view of the end user. 90% of the ones that I talk to have no idea what this is or how it works, and no idea how it got installed. I remember talking to this one person who'd had Xupiter installed and their story was "Well we clicked Yes by mistake once...."
I find it hard to believe that it would install itself with everything set to default on a properly updated copy of IE 6.0 SP1. It's much more likely that Xupiter is just betting on people clicking yes to the security warning prompt.
Taken from Xupiter's end user agreement: To further enhance your media viewing experience, Xupiter reserves the right to run advertisements and promotions based on URLs and/or search terms users enter when navigating the Internet. Other enhancements and to allow access, users web browser, start page, search page, auto search option, bookmarks and default error page will be changed, along with the Xupiter accessory toolbar added to the web browser. Active desktop panel will be installed on the users desktop which will enable active desktops on the system for special promotions. Our software license requires that users browser start page be set to Xupiter.com in order to continue use of the Xupiter toolbar, from time to time we verify that users start page url is set to Xupiter.com, if it is not we reserve the right to alter it back.
Great - it enables active desktop too; what fun!
And the woman who wears provocative clothing is asking to get raped.
What about the poor sods who have to use IE at work? What about technical neophytes? Should nobody be allowed to use a computer until they've studied CS for a couple of years and know who RMS is? I use Opera--quite happily--at home but I'm posting this (unfortunately) from a machine at work with IE, on which another browser is not an option. Educating an employer is often a slow, painful, laborious process. I'm trying, but it takes time.
~Idarubicin
In the situation you describe, not patching is indeed the user's fault, and no one elses.
But let's compare that to reality.
1) Microsoft intentionally markets to consumers that they know are incapable of mildy difficult technical tasks.
2) Microsoft patches are incredibly perverse in their installation procedures, often break other things, and sometimes don't work at all.
3) The sheer volume of Microsoft exploits means that a person would be compelled to spend the great majority of their waking hours applying the damn things, just to keep their head above water.
4) Microsoft hides news of their vulnerabilities in the Labyrinth of their website to the point that a person would be compelled to check a large list of other security websites just to remain aware of what the dangers were.
5) Many of these exploits are the end result of bad coding practices, bad design philosophies and ill-concieved architectures, and not just obtuse, hard-to-recognize bugs that slip through *anyone's* quality control.
6) And while not exactly relevant to this discussion, if I ever see someone dressed up in one of those butterfly costumes, they are DEAD. Literally, I intend to murder them. I'm fairly confident that most juries won't ever convict.
So, taking all this into consideration, the metaphor would be more accurate if this person were drugged/brainwashed from birth, taught that it is only appropriate to be led around in chains 24/7 by strange men, was often sold to the highest bidder, beaten whenever she spoke up, was given no choices or significant decision-making privileges, and then woke up in the strange bed.
It might not be rape exactly, but something horrible did happen, and she is most certainly some type of victim. To ignore all the circumstances leading up to that event, and then claim "she never said No" is absurd beyond the pale.
Even if they copy everything off of your hard drive and send it to their own servers, according to most Slashdotters, that is only copyright infringement (not theft)
I assume by that you're referring to the claim many slashdotters make that downloading music illegally from p2p networks, etc, is copyright infringement as opposed to theft.
Fair enough, but this situation strikes me as somewhat different
Assuming hypothetically that this spyware actually was copying files from your HD and sending them to others, this is rather different to a p2p
example:
Bob buys a CD, published by Sony, and performed by Michael Jackson (prolly not signed to Sony. Don't care. it's just an example)
Bob then shares these MP3s on Kazaa, and someone downloads them.
Who's being stolen from? Not Bob. He's perfectly happy to share his MP3s. So if there even IS a case of theft going on here, the victim is between Sony or M.J... who it is between those two is left as an exercise for the reader..
Now.. the spyware scenario.
Bob has those same MP3s on his computer, but only because he finds it more convenient to listen to than having to dig out his legally bought CD. Being a very moral type, he would never think of doing something so terrible as sharing the MP3s with people who might not have paid for the CD, so no p2p networks here.
Then he sees this ad for this nifty IE toolbar that'll make his mouse cursor pretty, let him search without going to a search page / other useless "features"
After installing it, the provider of the toolbar starts copying Bob's files completely without his knowledge, and against his will
That, to me, sounds a lot closer to theft, or at least a major invasion of privacy/rights than downloading stuff on p2p
(footnote. If you've drawn any conclusions on my opinion of p2p networks from this post, discard them. I don't think they're wrong, I don't think they're right. They're just there.)
Curiosity was framed. Ignorance killed the cat.