Images Research Events Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
Search EarthWeb Network

Be a Commerce Partner
Corporate Gifts
Prepaid Phone Card
Cheap Cameras
Compare Prices
Cheap Airline Tickets
Conference Calling
Degrees Online
New Car Prices
Auto Insurance
Marketing Products
Domain Registration
Home Equity Loans
IT Discount Club

IT Management : Columns : Executive Tech: Worst Browser Threats May Not Be Security Holes

Symantec Data Management Solutions
Whitepaper: The Benefit of Continuous Data Protection
Data volume continues to grow at nearly 40% to 50% each year, making back up of mission critical data very difficult. For any organization looking to manage data growth, improve reliability, and speed data recovery, continuous data protection provides the avenue to address the challenges in a method that will improve overall data protection without weighing down IT with costly solutions.
Register Now to Download.
Whitepaper: Breaking Through the Dissimilar Hardware Restore Challenge
This paper discusses recovery to virtual computer environments, hardware migration strategies, hardware repurposing for optimal resource utilization, meeting recovery time objectives, and increasing disaster tolerance.
Register Now to Download.
Whitepaper: Converging System and Data Protection
From resilience against threats to efficient restoration of normal operations, Symantec can help keep your business up, running, and growing—no matter what happens.
Register Now to Download.
Webcast: Symantec Brings Disk-based Data Protection and Advanced System Recovery Together
Symantec Backup Exec™ and Symantec LiveState Recovery™ allow rapid and easy backup and recovery of virtually any Windows data and Windows system.
Join us for an informative Webcast to learn how to:
  • Create backups and restore to specific system recovery points
  • Maintain data availability and minimize server downtime
  • Eliminate backup windows, improving increased system reliability
  • Dramatically minimize downtime by rapidly recovering entire systems to dissimilar hardware platforms or even to virtual environments
Register Now to Watch.

Related Articles
Can Microsoft's Metro Replace PDF?
Microsoft Metro Threatens Adobe Acrobat
Computer Experts Allege U.S. Vote Fraud
Give Your PCs An Immune System
- ITSMWatch Newsletter -
IT Focus
Wireless in the Enterprise

Wireless technology continues to make great inroads into networks. But IT pros still must contend with a number of issues such as security, access and integration.

Ready? Set. Go!

Mobile Workers Never Looked So Thin

The Incredible Hidden Wireless Connection

Product Watch
Reload - Backup Platform for GroupWise Features Single Message Restore
KnowledgeTree - Document Management Platform with Workflow and Metadata Searching
Interop Secure Shell - SSH and SFTP Server/Clients for Windows w/SFU, SUA
SiteAssure - Anti-Phishing and Two-Factor Authentication Platform
SenSage - Clusterable Infrastructure for the Collection, Analysis of System Events

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

QuickBase Free 30-Day Trial: QuickBase is a proven, user-friendly, Web-based solution enabling teams to gain visibility and better manage information necessary to make mission-critical decisions.

Worst Browser Threats May Not Be Security Holes
May 17, 2005
By Brian Livingston

Brian Livingston Experts in combating "spyware" and "adware" are now warning that the widely publicized security holes that plague Internet Explorer and other Web browsers may not be the most common ways unwanted software gets into computer users' PCs.

Eric Howes, a frequent contributor to and a consultant to antispyware companies, says the media focus on security holes is overshadowing a larger issue. It's true that hackers can take advantage of weaknesses in browsers to secretly install spyware programs on users' PCs, Howes agrees. But equally important is the fact that spyware programs are often installed because users are fooled into clicking "Yes" by dialog boxes that look like official Windows notices, he says.

Interestingly, Howes asserts that the latest version of Windows XP, which includes an upgrade called Service Pack 2 (SP2), makes Microsoft's Internet Explorer (IE) browser handle such threats better than Firefox, the fast-growing open-source software distributed by the Mozilla Foundation. Let's examine this claim.

How Spyware Tricks Users Into Installing It

The Firefox browser offers at least four ways to install new forms of software, Howes says. He feels two of these ways are fairly safe, while the other two are open to abuse by spyware authors.

Setup programs. These are the most traditional kind of software install. Using a browser, an executable file is downloaded, saved to disk, and then run once to install an application. While any program poses potential risks, Howes says, traditional setup programs at least make themselves visible to the user, who much choose to run them.

Browser plug-ins. Plug-ins are programs, such as Macromedia Flash, that enable a browser to display special content, such as multimedia files. These are also fairly safe in Firefox, Howes says, because users are presented with information about the plug-in before installing it, and can read any end-user license agreement (EULA) associated with it.

Extensions. Firefox extensions, small programs that may, for example, add a menu item to the browser, present a more serious problem, Howes maintains. Once a user clicks a yellow "information bar" at the top of the browser window that offers to install an extension, they see a dialog box that prompts them to allow the software to install. This dialog, Howes says, provides no information about the source of the software, nor does it provide any link to a EULA.

Java applets. The greatest risk, Howes warns, comes from the ability of Java applets to display dialog boxes that look exactly like ordinary Windows notices. Many users are accustomed to clicking "Yes" when they see a dialog box informing them that, for example, an updated media player or "codec" is required to play some requested content. Since Firefox currently displays nothing but the name of a possibly obscure software company, all too often users click "Yes" without even reading the information.

To install as many software programs as possible, some adware companies even make up company names such as "Click Here To Continue." This name shows up prominently in Windows dialog boxes, making many users believe they have no choice but to click "Yes" to complete their task, according to an article by Ben Edelman, a spyware researcher who is currently studying at Harvard Law School.

How Internet Explorer in XP SP2 Works Differently

With the release of Service Pack 2 for Windows XP in September 2004, Microsoft made a positive change in the behavior of IE, which is bundled with Windows. "It took them a number of years to get it," Howes says, "but they eventually did get it."

Instead of popping up a dialog box when a Web site tries to install, for example, an ActiveX program, IE with SP2 now displays a much less intrusive alert about the situation. "They put it in the Information Bar to take the dialog boxes out of people's faces," Howes notes, "so they don't feel pressured into making potentially bad decisions."

It's still possible for a user to click IE's Information Bar, find more information about software that a Web site wants to install, and click "OK" to install it. But it's much less likely. This, hopefully, will prevent many copies of spyware and adware from being installed. (Users of Windows XP who haven't installed SP2, as well as users of Windows 2000 and earlier versions, don't enjoy even this much protection against trickery, unfortunately.)

Adware Publishers Begin Using Java Applets

Adware makers are already distributing files on the Internet that launch Java applets on Firefox and other Mozilla-based browsers. According to Howes, these programs include 180search Assistant, istbar, PowerScan, Sidefind, PeopleonPage, and the YourSiteBar.

Other programs, including iSearch/iDownload, present dialog boxes to Firefox users through browser extension methods, according to a PDF statement (page 2, paragraph 3) by Sunbelt Software, an antispyware maker that has consulted with Howes.

It's certainly true that computer owners should be able to install just about any software they want. The problem arises when official-looking dialog boxes are presented to users, who often see no difference between them and other Windows dialog boxes that they must click on every day.

Officials of the Mozilla Foundation, which makes the Firefox browser, did not respond to e-mails seeking comment by press time.

Defending Against Deceptive Dialog Boxes

"The Firefox 'yellow bar' gives little notice of what is actually trying to install itself, and so, in that respect, IE does have some small advantage," according to Christopher Boyd, a spyware researcher associated with Boyd is a Microsoft "Most Valuable Player" for security, an honor the Redmond company bestows on individuals who aren't employed by the firm but who play an important role in educating end users on Web forums and elsewhere.

At the same time, Boyd says, "until Microsoft untangles IE from the operating system, the number one target for spyware/malware will always be IE. The problem we have now is that, realizing Windows and IE are becoming more hardened (coupled with the raft of security tools people now employ), attackers are simply resorting to cruder methods of attack -- namely social engineering and cheap tricks."

Company executives can't expect computer end users to guess correctly when confronted with Windows dialog boxes urging them to click "Yes," Boyd states.

"A security professional who neglects the human aspect of an attack is not a security professional," he says. "Here's something that could get to your PC across almost all browsers, regardless of secure lockdowns. All it took was a simple click of a 'Yes' prompt. And unfortunately, users click 'Yes' to things!"


It's still important for companies to stay current with security patches that emerge from Microsoft and other software companies. But these patches can't prevent spyware and adware from getting into your company's computers. It's equally important for you to guard against dialog boxes, which may seem perfectly innocent, but can be deceptive. All too often, even the most careful person will guess wrong.

A big step forward would be for all browser developers to prevent dialog boxes from being thrust in the face of PC users by Web sites they may visit. If a site really needs visitors to install a certain piece of software, it can explain that fact right in its text and provide a dedicated download page.

Until then, I'm afraid the market for spyware and adware removers will continue to grow.

An 11-page PDF report Howes prepared for Sunbelt Software on the problem, which was originally scheduled for publication in March but was never formally released, is available at a University of Illinois host, where Howes is based.

Brian Livingston is the editor of and the coauthor of "Windows Me Secrets" and nine other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Executive Tech Archives

JupiterWeb networks:

Search JupiterWeb:

Jupitermedia Corporation has three divisions:

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Jupitermedia Corporate Info | Newsletters | Tech Jobs | E-mail Offers