Arachne Browser Architect Dismisses Virus Charge

[InfoSec News <isn () C4I ORG>]

Forwarded By: "Berislav Kucan BHZ" <bhz () net-security org>

http://www.computeruser.com/news/00/08/28/news1.html

By Michael Bartlett, Newsbytes
August 28, 2000

Michael Polak, a Czech scientist whose browser has been causing so
many problems for its users that he was accused of disseminating a
virus, issued an explanation on his Web site this week.  Polak, who
offers Arachne free of charge for non-commercial use, had received
numerous complaints from people who had their files wiped out after
they installed the browser.

The statement began by asserting that Arachne was not a virus and did
not contain a Trojan virus. It warned that Arachne would indeed delete
the user's C:\DOS directory if the TEMP variable pointed to C:\DOS.

Polak blamed Microsoft for this glitch, because he felt the DOS files
should not be so vulnerable. "The DOS files are not temporary files in
any way," Polak writes. "Therefore, pointing TEMP to C:\DOS is one of
the most stupid things I have ever heard of."

The statement goes on to explain that Microsoft chose this setting to
be the default in DOS version 5.0, and possibly version 6.0 as well.

Polak proposes to fix the Arachne "setup wizard" to test if TEMP is
really pointing to the temporary directory.

Polak's company, Arachne Labs, created the Arachne browser. The Web
site describes Arachne as a fullscreen graphical browser that runs on
DOS-compatible operating systems. The browser claims to have very low
hardware and operating system requirements.

More information on Arachne can be found at http://browser.arachne.cz.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".