This is all due to the channel feature, with push technology, and it is
completely configurable by the end user: it can be shut off.
There is nothing shady going on here.
However, I still don't know what to think of it . . . it might be nice
for
people at 28.8 who don't want to sit there waiting for pages to load.
But, I wonder if the 'automatic' nature of this technology opens up
any potential security risks . . . also, another concern . . . I think
it
is very likely to increase bandwidth usage. I can see lot's of
irrelvant
information being downloaded for no reason.
Steve Greenwalt
> -----Original Message-----
> From: David LeBlanc [SMTP:dleblanc @
iss .
net]
> Sent: Monday, September 15, 1997 3:10 PM
> To: osiris @
gnss .
com
> Cc: firewalls @
GreatCircle .
COM
> Subject: Re: Microsoft vs The world (apology)
>
> At 10:47 9/15/97 -0700, you wrote:
>
> >In this morning's newspaper (reference follows), I found an article
> of
> >some interest. In it, there was an interview with a beta tester of IE
> >4.0. Apparently, IE 4.0 - if left unattended - will routinely
> initiate
> >a connection to Microsoft. Purportedly, this feature (not a bug, a
> >feature) allows updates and special web pages to be downloaded while
> >the user is away from the teriminal (busy, asleep, etc.) These
> updates
> >are then stored on the hard disk drive of the user. According to the
> >beta tester:
>
> >"I...discovered that my computer had connected itself to the
> >Internet...I was completely freaking out. I pulled the phone plug
> >right out of the wall."
>
> Odd - I've had IE 4.0 on my home box for some weeks, and it has never
> once
> taken it upon itself to call my ISP and connect to MS. I haven't
> really
> monitored what it does while on line extremely carefully, and I
> haven't
> taken any special precautions to prevent this from happening, either.
> It
> is possible this is because I don't have any of the "pointcast" junk
> turned
> on - blew up first time I tried it, and I haven't fooled with it
> since.
>
> Perhaps "freaking out" users may not be the most reliable source of
> info.
> Although I'd certainly be displeased if it did start dialing home, I
> can
> think of less destructive ways to stop this behavior than yanking on
> wires.
>
> >More bizzare yet is this: in
> >addition to the 250K download, his machine also UPLOADED 58,000 bytes
> >of information. The beta tester reported that he did not know what
> >data had been uploaded.
>
> Be interesting to see what it is doing - it could be just requests and
> that
> sort of thing.
>
> >I am wondering this: suppose such a box was located behind a firewall
> >but was allowed outside access. Does this not constitute an EXTREME
> >security risk? If 4.0 is capable of uploading information from a
> local
> >drive of a 95 box, it can presumably do this from badly managed
> shares
> >as well, no?
>
> No telling. IMHO, we need to examine this a bit before we get cranked
> about it. Be interesting to see if it can be duplicated, then log the
> traffic.
>
>
> -----------------------------------------------------------
> David LeBlanc | Voice: (770)395-0150 x138
> Internet Security Systems, Inc. | Fax: (404)395-1972
> 41 Perimeter Center East | E-Mail: dleblanc @
iss .
net
> Suite 660 | www: http://www.iss.net/
> Atlanta, GA 30328 |
|
|
