Re: Origin of the term "driveby download"

[madsaxon <madsaxon () direcway com>]

At 04:29 PM 1/31/03 +0100, Thor Larholm wrote:

> Because of this FUD term, articles such as
> http://wired.com/news/infostructure/0,1377,57467,00.html has sentences like
> this:
>
> "And the toolbar will install itself automatically when Internet Explorer's
> security settings aren't set to the highest level."
>
> As we all know (if you didn't know, then now you do), signed ActiveX
> components require explicit user consent before installing - on anything
> except the very MINIMUM security settings. The default settings, heck even
> lowered settings above the minimum (there are 4 default levels of settings),
> will ask for explicit consent.

I haven't tried to verify this myself, but some folks over on Slashdot are 
claiming that
earlier versions of IE bundled with 98 and ME are vulnerable to downloads
without user intervention.  I don't use IE for anything, so I haven't 
really followed its
tortuous bug trail very closely. There have also been some people who claim
that they've visited sites that gave them a "Xupiter plugin is necessary to 
view this site"
message.

Of course, updating your browser and refusing to download plugins whose
function you aren't sure of would obviate these issues, but we all know
that some people are less likely to take these steps than others, for a
variety of reasons.  Calling them "stupid" may make us feel superior, but it
doesn't make any progress toward solving the problem. When stupid people
download malicious code that gums up the Internet, we all suffer.

Overall, I can't help but think that Xupiter is sleaze at its worst.

m5x

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html