Who Profits from Security Holes?

How bad is this problem? How much junk can get installed on a user's PC by merely visiting a single site? I set out to see for myself -- by visiting a single web page taking advantage of a security hole (in an ordinary fresh copy of Windows XP), and by recording what programs that site caused to be installed on my PC. In the course of my testing, my test PC was brought to a virtual stand-still -- with at least 16 distinct programs installed. I was not shown licenses or other installation prompts for any of these programs, and I certainly didn't consent to their installation on my PC.

See a very scary video of the installations. Scary in the sense that ordinary users using Internet Explorer might experience this.

Read the article

And in some related news:
With the threat of a sophisticated spyware attack looming, a renowned security researcher says the most popular detection and removal tools "fail miserably" at addressing the growing spyware/malware scourge. He found that the best-performing anti-spyware scanner failed to detect about 25 percent of the "critical" files and registry entries installed by the malicious programs.
Read the article

November 25, 2004 11:40 AM | Posted in Interesting


Back Next


The only approach that I've heard about that might solve these spyware problems require the desktop and the OS to be changed quite a bit. The idea is that when a program runs, it doesn't need all the authority of the user, so let's not give it to him. So if notepad opens a file with a notepad virus, it won't be able to write system files or open network connections. Although the principle of least authoriity is well accepted in security, it turns out very few OSes actually implement it.
It turns out the usability aspects can be solved to keep security pretty simple. Check out http://erights.org for more info.

Site icon Comment by Julien Couvreur (Dumky) [TypeKey Profile Page] at November 26, 2004 07:01 PM | Permalink

Post a comment

Remember Me?

Please enter the security code you see here

You're here: Home - Who Profits from Security Holes?
Get the Mozilla Firefox browser