Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

XML based software interfaces and browser hijaking

From: "Carey Myers" <cmlist170 () hotmail com>
Date: Mon, 04 Oct 2004 08:52:40 -0800
Recently I have spent a significant amount of time restoring a few computers of friends/family that have had the following problems:
One or more of any number of downloader trojans were installed, presumably from using an unpatched browser to access a malicious site. 
Their browsers were severely hijacked.
Neither machine was current on virus definitions. Neither machine could be updated for virus definitions or scanned because the AV software was using an XML interface with a modified Internet Explorer browser window, which was immediately redirected to the hijacked browser web page. The same went for any "scan my computer" function I tried. Only by installing an alternate browser and doing a scan from online (importing AV defs from another PC was not possible as there was no PC available) was I able to identify and remove the virus.
Internestingly, corporate editions of the same brand of AV product still use a standard window-based interface.
To extrapolate further, any software product with an XML interface would become unusable, making the impact of browser hijacks deeper and more damaging.
I was just wondering if this XML trend seems as potentially dangerous to others as it does myself. With current virus definitions, the AV product would have prevented the infectious components from being written to hard disk. But with computers shipping with 3-month trial subscriptions to AV software, it is very easy for AV to become outdated.
I don't want this to break down into "Users should take care of their computers or get off the net" debates, I just want to see what others think about XML interfaces for software (especially AV) products and the consequences of this shift in the consumer market.
Is XML interfacing a potential security liability? Should AV vendors protect their user interfaces better? 


CM

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
Previous By Date Next
Previous By Thread Next

Current thread: