Spyware Sucks

Netscape 8 breaks IE (again) (XML)

If you want to be able to view XML pages using IE or any other browser, then your only option, until this problem is resolved, is to uninstall Netscape 8 and then navigate to this registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Delete the subkey (node) for XML.

Ignore the incorrect advice on community.netscape.com. First, you do not need to reinstall IE or Windows.  Second, deleting the key will not work if you keep Netscape 8 installed on your system.

http://blogs.msdn.com/ie/

http://community.netscape.com/n/pfx/forum.aspx?nav=messages&tsn=1&tid=1878&webtag=ws-nscpbrowser

Netscape 8 has already been patched and is now at version 8.0.1 BUT there is nothing in the release notes to tell us whether the XML problem is fixed in 8.01.

Update: 1 June 2005

Netscape says “We apologize for the inconvenience that this bug has caused you. This certainly isn't desired behavior and we didn't even intentionally change that registry key.  The development team is hard at work on a patch.”
http://community.netscape.com/n/pfx/forum.aspx?nav=messages&tsn=7&tid=1878&webtag=ws-nscpbrowser

They didn't intentionally change it? So they changed it accidentally?  Cripes, what sort of programmers do they have there?

And see this:
http://news.yahoo.com/news?tmpl=story&u=/cmp/20050528/tc_cmp/163701826

“"This is a very minor issue. The average user is never going to see an XML page. The only users who potentially might see this as a problem are programmers and developers. For the average user, it's zero.”

Well, that makes me feel better (not).  First, it is not a “very minor issue”, and second, the average user will be affected - do you want to be able to read RSS?  Play some online games (www.there.com, for example?) Sorry, but according to Netscape only programmers and developers do that!

Update 18 June 2005: 8.0.2 apparently fixes this bug:
http://msmvps.com/spywaresucks/archive/2005/06/18/53896.aspx

The danger of pop-up advertisements

Ok, so I've been reading this article
http://www.mnin.org/write/2005_trimode.html

Its heavy going, so I'm not going to ask you to grok the entire thing.  I'll distill it down to some salient points for the purposes of this commentary:

“So, the popper() function executes as soon as the page loads. If the user closes the browser then popp() and xit() execute. In other words, all 3 functions execute, no matter what the user does.“

“The user thought if she closed the browser immediately, then it would reduce the amount of damage. In fact she just acted as a catalyst for the infection. Upon closing the browser window, she executed xit():“

“Second, similar to the lose-lose situation presented earlier, the function is called no matter if the browser is shut down or if it encounters an error “

I mentioned similar nasty tricks briefly in my article published back in December:
http://www.microsoft.com/windows/IE/community/columns/adware.mspx

”Sometimes adware pop-ups are deliberately deceptive. I have seen examples where the "no" or "cancel" buttons are actually "yes" or "install" buttons. I have also heard of pop-up windows with fake Close buttons that when clicked trigger malware installations, much to the shock of their victims.”

With hindsight, I wish I had placed far more emphasis on such tricks in that article.

So, how do we protect ourselves?  What are the only safe ways to close pop up advertisements?

Use the Ctrl, Alt, Del key combination to start Task Manager. Then use Task Manager to close all iexplore.exe processes.

Alternatively, shut down all *other* programme properly, then turn your computer's power off without touching any browser windows - sometimes spyware will block access to Task Manager :o(

IE7 has tabbed browsing

To be honest, I'm underwhelmed about IE7 having tabs but that's what people want, so that's what people get ;o)
http://blogs.msdn.com/ie/

Rest assured though, that there is far more cool stuff in IE7 than just tabbed browsing.  Unfortunately, though, I'm not in a position to share details.  We have to wait for the IE dev team to release information in its own time, and we also have to wait and see what makes it into the final cut - I, for one, remember how spamblocking was removed from OE5 thanks to a precipitous lawsuit by bluemountain.com.

Watch this space, and the IE team blog, for more info as it comes public.

Firefox has been updated

Sorry guy, this is a few days late.  All my time has been taken up with getting my new site live...

Firefox has been updated to version 1.0.4.  Please make sure you update as soon as you can.  It includes a fix for the vulnerability discussed in my blog entry:
http://msmvps.com/spywaresucks/archive/2005/05/10/46343.aspx

Seriously - I am getting a little tired of having to download and install an entire new browser every time Firefox needs to be patched.

Sandi's Site has been updated

Hi all,

I've finally started dragging my old site, kicking and screaming, into the modern world of CSS.

This, of course, means many long-standing links may not work.  Fear not, my old site still exists in its entirety until I have finished moving across years of old data.

How to convert old links to be compatible with my new site
If an old link does not work, edit it as per the following example:

Old link
http://inetexplorer.mvps.org/answers.htm

New link
http://inetexplorer.mvps.org/archive/answers.htm

Download.com bans products with bundled adware

WOOHOO!!  Finally some good news.

Download.com have banned the distribution of software from their website that bundles adware AND will actively screen submitted software to ensure that it complies with their terms and conditions:
http://www.upload.com/1200-21-5143026.html

Some gems from their Download.com's conditions include prohibiting software that:

1. Serves advertisements or sponsored search listings, through a Web browser, a third-party search engine, or other means, that do not offer substantial benefit or provide a key function of the software.
2. Collects and transmits information about an end user or the end user's use of a computer without adequate prior notification.
3. Diverts or modifies an end user's default browser, search engine home page, provider, security, or privacy-protection settings.
4. Is determined by us to interfere with a user's control and privacy.

This change has a very nice trickle-down effect.  A lot of the software available at download.com is offered, by download.com at Microsoft's Windows Marketplace - adware bundlers have been hit with a double whammy!

Mozillazine needs to improve its forum

Why doesn't http://forums.mozillazine.org/index.php have a security forum dedicated to publicising information about exploited security vulnerabilities that their users can watch for alerts? 

http://aumha.net/ has dedicated Security News forums, so does http://forums.spywareinfo.com/.  Even msnews.microsoft.com has several security related forums. 

Double-whammy security flaws target Firefox

Here is the security notice:
http://www.mozilla.org/security/announce/mfsa2005-42.html

Internet security firm Secunia rates the security flaw as "extremely critical", because code to exploit the flaws is publicly available.

Firefox suggests:

1. Do not have any sites in your “Allow web sites to install software“ whitelist.
2. Disable javascript.

Further information here:
http://www.frsirt.com/english/advisories/2005/0493

At time of writing, no patch is available for this vulnerability.  Be prepared to download a full installation build [4.7 meg] to fix this problem.

Norton Antivirus and "Why antivirus is a con"

I buy a local PC magazine here in Australia called “APC”

The May 2005 edition has a very interesting interview with a guy called Peter Tippett.  Do you know who this guy is? I didn't.  Apparently, he is 'the person behind Norton Antivirus'. 

Yes, that's right - Peter Tippett apparently developed the product that eventually became Norton Antivirus (NAV).

If you can, get your hands on a copy of the May 2005 edition of APG Magazine and read the interview. 

I have tried to find an online copy of the article to link to, but have been unsuccessful.  That being said, a small quote falls within the scope of “fair use”, and is sure to encourage you to go out and buy the magazine so you can see what else Peter had to say, so here is a taste:

“The first version I produced stopped any virus that could be produced. 'No updates required' was the byline.  It recorded the state of all software on your system and anything new just wouldn't run ... As an afterthought we added virus signature scanner and sold it to Symantec. ... Symantec felt that nobody could understand the generic new software-blocking stuff, so that feature quietly dropped away.”

Peter Tippett, nowadays the Chief Technology Officer of security consulting firm Cybertrust, has definite opinions about antivirus programs based on signatures and their usefulness (or lack thereof) and network security.

Just imagine how different the internet world would be if Peter's idea of allowing the good guys instead of trying to block the bad guys had been allowed to stay after Norton bought in.  Is it too extreme to say that spyware wouldn't exist?  I wonder.

I admit, 'good lists' can be problematic - blocking the wrong thing can certainly cause problems, but such blockings are easily fixed, unlike modern malware, but as Peter (and many others, including me) have said - it is a lot easier to create and maintain a good list, than it is to maintain a bad list.

We're fighting a losing battle here guys. It would be worth revisiting the good guys list.