Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE7 Toolbar Mayhem

Posted by ryuzaki0 on from the bad-ideas-are-fun dept.

nikostheater writes "A user called anyweb tried to infect IE7 with as many toolbars as possible and it's interesting to see what happens and how secure IE7 is.." This is funny if only for the screenshot of a browser window with like 80% of the screen covered with toolbars.

7 of 296 comments (clear)

  1. Failing by design by patio11 · · Score: 3, Informative

    There is nothing to see here: he systematically disables all of IE7's protections, clicks past up to FOUR warning boxes to get some of the toolbars, and goes through the manual install process (!!) for some of them because IE was like "Uh oh, sorry, you look determined to shoot yourself in the foot and I just can't let you" and denied the install through the browser.

    --
    Help poke pirates in the eyepatch, arr.
  2. Host took out Pictures by jafiwam · · Score: 3, Informative

    Looks like the host took out the pictures.

    (Some were large JPGs.)

    Interesting text nonetheless.

    There was a video of some guy recording his browse by infection of IE a while back that was very revealing. Just visited a site and his computer was infected, he proceeded to try to pull the stuff out and noted the techniques the spyware authors used to keep a user from being able to uninstall it.

    The critical difference in security though is not what the user can do (as he or she is probably running as administrator anyway) but what can be done without their permission. That's where the work needs to go. Not stopping someone from doing something they have to agree to (no matter how nefarious the wording is).

  3. SlashDotted by Anonymous Coward · · Score: 5, Informative

    Mirror

  4. There is some 'news' in the article by I'm+Don+Giovanni · · Score: 3, Informative

    One thing that the author encountered in his tests was that once a user says OK to a UAC dialog in IE, then IE turns off "protected mode" and that mode remains off until IE is shutdown and restarted. "Protected mode" prevents IE from writing anywhere in the filesystem except the cache (without explicit implicit user permission, such as the File-Save dlg), so malware installed on top of IE can't do any harm. But if "Protected mode" is off, then the IE process can write to any place allowed by the permissions of the user, meaning that malware running within IE's process can do the same. This might be a legit bug in IE7 (which hasn't reached RTM yet, so there's still time to fix it, if it is indeed a bug).

    --
    -- "I never gave these stories much credence." - HAL 9000
  5. Missed point ... by ProfM · · Score: 3, Informative

    After reading several comments on how this isn't news (because disabling protections to install stuff is easy) ... the point that was COMPLETELY MISSED that was in the article, was that the "IE Reset" function actually worked, sans Yahoo.

    This, I believe is the main point of the article, because this will help EVERYONE keep junk off of IE. Not that it deletes anything, but allows the clutter to be easily fixed.

  6. Mirror. by Janek+Kozicki · · Score: 4, Informative

    Ok, I managed to wget the final screenshot, enjoy: http://cosurgi.googlepages.com/iemess2.jpg

    --
    #
    #\ @ ? Colonize Mars
    #
  7. Re:Um... by digidave · · Score: 5, Informative

    Windows and IE security may be getting better, but there are two glaring holes evident from this article.

    1. Vista Ultimate Edition's default user has administrative rights.

    2. If you choose to accept to install something from the web, IE7's protected mode turns off until you restart the program. This could leave you vulnerable if you install a legitimate program (Google toolbar) and continue to browse the web.

    --
    The global economy is a great thing until you feel it locally.