Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE7 Toolbar Mayhem

Posted by ryuzaki0 on from the bad-ideas-are-fun dept.

nikostheater writes "A user called anyweb tried to infect IE7 with as many toolbars as possible and it's interesting to see what happens and how secure IE7 is.." This is funny if only for the screenshot of a browser window with like 80% of the screen covered with toolbars.

13 of 296 comments (clear)

  1. What IF by scenestar · · Score: 2, Interesting

    MSFT came up with it's own extension central of the *same quality of that of the mozilla foundation* (I know there is one out there allready).

    Afaik these toolbars add "extra browsing enhancements". If MSFT told it's users that these bars are Teh evil if installed from some random adress I'm sure the "toolbars" will die out soon.

    --
    perpetually dwelling in the -1 pits
  2. FTA by big_groo · · Score: 3, Interesting

    "And considering what I put Internet Explorer 7 through, the reset tool did a very very very good job, see below, just one toolbar left, and it was Yahoo's, maybe that's a telling result ?"

    We'll see how well this works a year after release. That said, it's about damn time MS did something about IE.

  3. So how is this a security issue? by jorghis · · Score: 2, Interesting

    So whats with the submitter implying that allowing third parties to install toolbars is a security hole? The article even said they went looking for them and clicked "yes/install/whatever" to every window they were presented with.

    The only possible way to prevent this (and why would you want to prevent users from using their favorite toolbars?) would be to completely disallow downloading toolbars from the internet in IE.

    By the way, did the submitter actually refer to Google toolbar as an "infection" with the implication that IE should have prevented it?

    It looks like these upcoming MS releases are actually going to be good products based on the things slashdot articles are having to resort to in order to bash them.

  4. Hmmm... by thanq · · Score: 1, Interesting

    This is funny if only for the screenshot of a browser window with like 80% of the screen covered with toolbars.

    Is like CmdrTaco like really a blond? Like I would expect an article to be like more like using more than like simple language, you know?

    It either is 80% or is not 80%. It is NOT like 80%. Am I the only one irrated by this?

  5. "Failing by design" Is Proper? by EXTomar · · Score: 1, Interesting

    In school, a design professor never hesitated to point out, "If it is possible to 'break' the application as a concenquence of the selection made, then you must think of it like that. The number of people that are going to answer 'Yes' to "Do you wish to ruin your computer? Yes/No" is irrelevant since you shouldn't have offered them to chance to see that dialog in the first place."

    Most of the UI systems I've studied tell me that if the design has a "need" to ask the user to consider doing something bad, then the system designer should reconsider doing it all. I don't think it is very shocking that IE can be screwed up. I do think it is shocking that Microsoft knows of at least 4 interactions that shouldn't be done by the user and allows them the choice of doing it anyway.

    1. Re:"Failing by design" Is Proper? by KDR_11k · · Score: 2, Interesting

      Microsoft's products already have enough situations where the software decides the user doesn't want something and doesn't give even the most experienced users the option to do it nonetheless, they really don't need more.

      And I'm sure many people wouldn't appreciate not being able to install any uncertified extensions for the browser at all (which is the only way to prevent installing malicious toolbars since the browser cannot determine with absolute accuracy if something is malicious so it'd have to show the warnings whenever there is doubt). What if a company wanted to use IE 7 for some company internal stuff that involves a plugin with full system access? Telling them "We think you don't want that" certainly isn't the correct approach.

      --
      Justice is the sheep getting arrested while an impartial judge declares the vote void.
  6. Re:Um... by whoever57 · · Score: 5, Interesting
    I think the better point is that at the end, even after screwing up IE 7 so badly, the author was able to remove all the toolbars with relative ease (save the Yahoo toolbar
    This does look like MS has improved security in IE. IE7 made some of the installations sufficiently difficult that a naiive user would not be able to complete them.

    The real question is how long will this situation persist? Will spyware vendors find means to disable the security features of IE7, or will IE7 continue to be resistant?

    --
    The real "Libtards" are the Libertarians!
  7. IE toolbars are a plague by williambbertram · · Score: 2, Interesting

    Those toolbars are a plague. Does every company in the world need a toolbar? It has nothing to do with filling a need for anyone, it's pure marketing trash. In the early days of IE6 there was literally no defense against them, and some of them were practically impossible to remove (hotbar, cool web search). The anti-spyware tools (at the time) were horribly inadequate; using Ad-Aware and Spybot with up to date definitions back then would only remove some of the toolbars. My company spent a lot of money removing that crap. Fortunately people started using another web browser and Microsoft finally admitted that spyware was a problem (years too late IMHO). That whole situation was enough to get me off of Microsoft products. I've been an Ubuntu Linux user for quite some time now, and never had a *single* unwanted toolbar or spyware installed on my computer. The old cliche's about "you must be visiting questionable web sites if you have spyware" is completely ridiculous. I can't tell you how many times I've heard techs (or Microsoft) wrongly blame users for crappy OS and web browser security. It is 100% possible (and likely) for someone to get spyware and unwanted toolbars in Internet Explorer without visiting questionable web sites or agreeing to install it. It's a virus plain and simple. And where are the anti-virus companies? Instead of adding virus definitions for spyware to existing AV products, they IRRESPONSIBLY used the opportunity to create a new category of viruses and sell additional products. MS has used the opportunity to themselves launch anti-spyware products (Defender is currently in free beta, but word is that it will be pay only when out of beta). Nevermind that IE is the ONLY browser with this problem. What makes it worse is that companies like Adobe and Sun bundle toolbars with their software. So if someone isn't paying close attention they get Yahoo or Google toolbar. The fact that IE now has a "cleanup" option is completely meaningless IMHO. The fact that the browser can be loaded down with crap toolbars filling up 80% of the page in less than a few minutes should tell Microsoft that IE still needs a LOT of work.

  8. Re:Mirror. by jargon82 · · Score: 2, Interesting
    First thought

    Will the 75 popup blockers block the popups that the 219 non-popup blocking toolbars produce?

  9. Gimme a screen shot of Firefox please by 140Mandak262Jamuna · · Score: 2, Interesting

    Now go to mozilla's website. Download and install every damn extension there is for Firefox. Take a screen shot and post it please. I am no MSFT supporter. But TF(antastic)Article is just stupid.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  10. Re:Is it really an infection if... by TrekkieGod · · Score: 2, Interesting

    Oh, come on. First of all, the computer should never prevent you from doing something you want to do, regardless of how dangerous or stupid it might be. It should most definitely warn you that it is dangerous and stupid. If the user really does click 'yes' for everything, it should get installed. As long as you get stern warnings about it (and as long as an admin can prevent it from happening to work computers by locking it down), it's plenty secure.

    That said, even clicking 'yes' on everything didn't allow stuff to get installed. Did you see his explanations? "Being the windows-noob that I am, I will click allow." Then when that fails to install, he said, "all is not lost, as it wants us to try a 'manual install' instead." The windows-noob who clicks 'allow' for every single screen he sees would have no idea how to try a "manual install." Regardless of how easy it is, it's not automatic.

    --

    Warning: Opinions known to be heavily biased.

  11. Re:Is it really an infection if... by cheater512 · · Score: 1, Interesting

    Do show me how you can install a Firefox extension without manual intervention.

    Infact show me how anything can automatically install a Linux program.

  12. Re:Is it really an infection if... by penix1 · · Score: 2, Interesting

    I think you both are missing the true point to this article. The last page says it all when he rolled back and it got rid of all but one (yahoo) toolbar! Try that with IE6. The Yahoo toolbar staying does trouble me though. I can see those others reverse engineering the Yahoo toolbar just to see how it was able to survive the rollback. Still, it is much better than IE6.

    B.

    --
    This is a sig. This is only a sig. Had this been an actual sig you would have been informed where to tune for more sigs.