Slashdot Mirror

← Back to Stories (view on slashdot.org)

World's Most Annoying IE Toolbar

Posted by michael on from the someone-will-surpass-it-soon dept.

nautical9 writes "Following the same devious footsteps of the infamous Bonzi Buddy, Gator, and Comet Cursor "enhancements", Xupiter now has their own self-installing toolbar for IE. There are many claims that if you leave your security preferences at their default level, it will install itself without your express permission. And once on your system, it's gracious enough to reset your homepage to xupiter.com, forward all your searches to their search engine, download and automatically launch applications (like gambling applets), and blocks all attempts to set these back to normal. Removing it isn't trivial either - it automatically checks for updates upon reboot, where it constantly changes the registry settings it uses, making the jobs of spyware removal programs like AdAware or Spybot Search & Destroy much harder. No word yet if it collects and forwards personal data."

11 of 817 comments (clear)

  1. If it looks like a duck and quacks like a duck... by eXtro · · Score: 5, Interesting
    When I first started using IBM compatibles there were forms of software which would install themselves on your system and were written to evade removal as well as modify your system in ways that you may or may not have approved of. Writing these packages was considered bad, and propogating them was even considered illegal. These small applications were called viruses.


    If it looks like a duck and quacks like a duck then it's usually pretty safe to say that it's a duck. In this case all of these enhancements sound like viruses to me, or at least a derivitave of a virus. Where viruses had to be cleverly coded in order to be as small as possible and avoid detection by a skilled hacker these new pieces of code are large and increasingly rely on being able to remove software that would remove it.


    If you modify my system without me requesting it then you've installed a virus on my system. I should be able to call the FBI computer crimes division and get proceedings underway that result in you getting some nice free government accomodations.

    --

    Chris Kuivenhoven is a thief, beware

  2. We'll show them... by quizwedge · · Score: 4, Interesting

    Might be fun to slashdot the site for a while to, uh, "thank" them for their generous "gift"

    Also, site said to report any problems to help@xupiter.com. How many requests do you think they'll get about the toolbard? :)

    --
    I have no .sig
  3. A Temporary Fix... by graphicartist82 · · Score: 4, Interesting

    Would be to activate IE's "Disable 3rd Party Extensions" option (In IE6: Tools-> Internet Options-> Advanced -> 12th Option Under the "Browsing" section)..

    I was fixing somebody's computer that had this toolbar installed and it would crash IE every time you opened IE (Or tried browsing the web via windows explorer). But once I Disabled 3rd Party Browser Extensions, it worked fine...

  4. Self-installing programs are illegal. by TheRaven64 · · Score: 5, Interesting

    In this country (UK) we have something called the 'Computer Missuse Act'. This is a very dull piece of legislation which says (among other things) that using someones computer without their consent is illegal. Any program which runs on your computer without your explicit consent therefore violates this. If you click 'Okay', on the other hand...

    --
    I am TheRaven on Soylent News
  5. Re:If it looks like a duck and quacks like a duck. by demon · · Score: 4, Interesting

    Hm. Sounds suspiciously like a trojan horse to me. Doesn't anyone know the difference anymore?

    • A virus attaches itself to other executables, and propagates by having the executable it's attached to run. It can attach to most any executable, or some attach to the boot sector.
    • A worm uses networks to attack exploitable services, and propagates that way. It doesn't necessarily require human interaction to spread.
    • A trojan horse is a program that's designed to look legitimate, but has some ill intent. It propagates by people running it. It doesn't infect other executables, it depends on people passing it on.
    --

    Sam: "That was needlessly cryptic."
    Max: "I'd be peeing my pants if I wore any!"
  6. Re:no it won't by 0x0d0a · · Score: 4, Interesting

    It's not much different than if someone downloads a file to the desktop and decides to double-click on it.

    I'd argue that it is. First they have to see a (familiar) file-dialog box pop up. They aren't just hitting "OK" in a box -- they know that they are saving a file somewhere. Even novice users are generally pretty familiar with the file open/save dialog boxes. Second, they have to navigate to their desktop. to save the file. Then they have to click "save", switch to Explorer, and then double-click the icon. Again, double-clicking is a fairly familiar action, and people are aware that yes, they are openin something. So we have many steps, including familiar steps that will tend to clue even a novice Windows user, rather than a single "OK".

    Ultimately, the user should read any warning message that pops up, whether it's from IE, your anti-virus software, or from your OS.

    Windows users are *innundated* by dialog boxes. Every time they delete a file. A whole slew of them when they install software. Four hours ago, my roommate was using a TV-viewing program that brough up a message box telling him that he'd "enabled option foo" each time he clicked a checkbox in the prefs dialog.

    In addition, Javascript can bring up message boxes (idiotically enough, this is enabled by default by MS). So most users (*especially* Internet Explorer users) run into a ton of message boxes while browsing. Yes, perhaps they should go through each dialog box and examine it, but that's very time-consuming. If you read through Apple's Human Interface Guidelines, you'll notice that the *vast* majority of rules for menus and modal dialogs are designed around one single goal -- letting the user *not* have to examine each dialog box once they're familiar with it or boxes in similar software. The point is that Windows users are sick and tired of dialog boxes, and *do not read them* in detail. And they shouldn't *have* to be screwed over if they skim or misread a box when simply web browsing. A Javascript should not be able to take malicious, destructive action just because someone clicked "OK" in one of a series of dialogs that a Javascript popped up. To set up IE to operate this was was irresponsible in the extreme by Microsoft.

    --
    May we never see th
  7. FUI Dialogs? by davetrainer · · Score: 5, Interesting
    Healan said some installations probably occurred when people clicked "OK" in a pop-up box without really knowing what they had agreed to, or when they meant to close the pop-up window.

    Probably because the popup is a fake user interface dialog. How in God's name does even a novice user inadvertently grant permission for a software install when their original intent was to close the window? Or is it common knowledge these days that the X in the top right corner of a dialog box is synonymous with the OK button.

    Bonzi is being sued for this, and these scumbags deserve the same.

  8. why are they allowed to do this? by gabe · · Score: 5, Interesting

    a thirteen year old kid writes a virus that emails itself to everyone in your address book. he's found, caught, sentenced and tossed in jail.

    a company comes along and writes a piece of "software" that installs itself on your computer without your knowledge, changes your preferences, watches your every move and reports it back to the marketeers, and digs itself into your system so the only way to get it out is to reinstall your entire computer... (oops, by the way, now that you're using Microsoft products, you may just have to buy a new version due to licensing BS) ... and the worst that happens to the company is some negative press (which, as we all know, bad press is better than no press at all).

    so, why the hell isn't the FBI busting these peoples' door down and arresting them? what is the damn difference between what they do and what script kiddies do?

    Disclaimer: I am aware that I am exaggerating, are you?

    --
    Gabriel Ricard
  9. Re:Sympathy by Peer · · Score: 4, Interesting

    Could we please not all switch to Mozilla. Otherwise it will become commercially intresting to target Mozilla users with this kind of crap.

  10. Re:It's a monster by Rich0 · · Score: 4, Interesting

    My wife was unfortunate enough to "click through" and victimize herself with this thing.

    This is my biggest nightmare at home. I have XP Home Edition - so I figured I finally have a solution to this problem - just make everyone else who uses the system a "limited user" - they finally figured out what unix did 20 years ago.

    Nope - turns out half the software out there doesn't run without administrator access. And it isn't just lousy shareware junk either - try running MS Flight Simulator 2002 Professional as a "limited user". So now I need an admin account for the kids to play games - I set up the ground rules as being "don't web browse when logged into the games account", but of course there is no way to enforce that. I have Mozilla installed, so that at least is a start, but IE is still out there, and even with mozilla a computer-illeterate user can download a hostile .exe.

    My only solution is to backup reasonably often. Still, I don't backup everything - just data - since it would use gobs of media. So if somebody hoses my system I'll be reinstalling everything - and that is quite a bit of junk - hundreds of megabytes of it having been downloaded from the web (redownloading over a 26k modem link isn't fun either).

    If MS would at least code their software to not require admin access I'd be happy... Then again, maybe I should find an old PIII somewhere for the kids to play games on - of course it wouldn't have the GeForce III Ti accellerated graphics...

  11. Re:Wrong by Blkdeath · · Score: 4, Interesting
    Even if they copy everything off of your hard drive and send it to their own servers, according to most Slashdotters, that is only copyright infringement (not theft), provided they don't delete anything.

    This is why argument by analogy is so maligned here on Slashdot.

    The analogy you refer to is most likely the distribution (rights?) of RIAA and/or MPAA sanctioned materials, including music files and movies, correct?

    In order to download these, I do not need to violate any individual's privacy. Instead, I download (voluntarily) any number of freely available P2P applications and initiate transfers from people who have willingly configured their software packages to allow me access to a 'shared' portion of their own systems. These people populate this folder with files they have copied, downloaded, or created themselves. The source materials for these transfers were made available to the public by the aforementioned entities, so nobody had to violate their computer systems or physical locations to obtain the source.

    There is no subterfuge involved, nor is there any involuntary transfer of otherwise private materials. (Vis, the files, e-mail, and information stored therein on my home PC(s)).

    (Note that I am stating no position, pro or con, on the topic of P2P applications or their content, merely discussing your analogy. I don't want to open any further cans of worms).

    They are not threatening you, taking your money and/or valuables,
    ...
    IANAL, but if you sue them you might be able to pick up a keen $5000 fine. That figure doesn't include legal expenses, of course.

    IANAL either, but I do believe there is legal footing for such a case. The users' computers are made to operate in a mannar in which they were not prepared, or willing to have it operate. Everything from the homepage being changed to software that alters the overall behaviour of the system to software of unknown quantity that opens potential security holes in the system.

    The other factor to consider is the costs associated with repairing the system which are quantifiable. For example, if I have to visit a company and purge six office workstations of this software, the company is looking at not only a lost afternoon's work, but also a bill from me for $60/hour for anywhere up to six full hours. That's assuming that a) there are only six infected machines, b) the software is not in any way self-replicating, b) the software is readily removed from the systems, and does not ressurect itself. The other thing I would have to do while on the premeses is update all Windows installations (Windows Update) and all virus software and definitions as preventitive measure, thereby bringing the potential time per workstation up to the full hour mark, if not greater (dial-up would require either a long download, or a return to a broadband connection and CD burner to download the updates manually).

    Long story short, since there are quantifiable costs, lost productivity, and damages that can be attributed to software of this type, I do believe suit could be brought against the makers. Based on the installation methods, I do believe fraud charges could also be lain.

    --
    BD Phone Home!

    Shameless plug. Like you weren't expecting it.