I haven't seen this on my system yet, but I am a little
miffed over something I experienced last night though. I
was installing one of the cd packages from one of the
bigger known ISP providers (3 letters) and when I had it
all installed, and up and running, I found that when I
tried to exit the system, it pops up a message concerning
problems with MS Explorer, and starts into this 20 minute
download of a supposed fix. Now I don't know about you,
but I'd sure like to know what is getting pushed to my
system and given an opportunity to choose if I want to kill
it or not.
On Monday, September 15, 1997 6:10 PM, David LeBlanc
[SMTP:dleblanc @
iss .
net] wrote:
| At 10:47 9/15/97 -0700, you wrote:
|
| >In this morning's newspaper (reference follows), I found
| >an article of
| >some interest. In it, there was an interview with a beta
| >tester of IE
| >4.0. Apparently, IE 4.0 - if left unattended - will
| >routinely initiate
| >a connection to Microsoft. Purportedly, this feature
(not
| >a bug, a
| >feature) allows updates and special web pages to be
| >downloaded while
| >the user is away from the teriminal (busy, asleep, etc.)
| >These updates
| >are then stored on the hard disk drive of the user.
| >According to the
| >beta tester:
|
| >"I...discovered that my computer had connected itself to
| >the
| >Internet...I was completely freaking out. I pulled the
| >phone plug
| >right out of the wall."
|
| Odd - I've had IE 4.0 on my home box for some weeks, and
| it has never once
| taken it upon itself to call my ISP and connect to MS. I
| haven't really
| monitored what it does while on line extremely carefully,
| and I haven't
| taken any special precautions to prevent this from
| happening, either. It
| is possible this is because I don't have any of the
| "pointcast" junk turned
| on - blew up first time I tried it, and I haven't fooled
| with it since.
|
| Perhaps "freaking out" users may not be the most reliable
| source of info.
| Although I'd certainly be displeased if it did start
| dialing home, I can
| think of less destructive ways to stop this behavior than
| yanking on wires.
|
| >More bizzare yet is this: in
| >addition to the 250K download, his machine also UPLOADED
| >58,000 bytes
| >of information. The beta tester reported that he did not
| >know what
| >data had been uploaded.
|
| Be interesting to see what it is doing - it could be just
| requests and that
| sort of thing.
|
| >I am wondering this: suppose such a box was located
| >behind a firewall
| >but was allowed outside access. Does this not constitute
| >an EXTREME
| >security risk? If 4.0 is capable of uploading
information
| >from a local
| >drive of a 95 box, it can presumably do this from badly
| >managed shares
| >as well, no?
|
| No telling. IMHO, we need to examine this a bit before
we
| get cranked
| about it. Be interesting to see if it can be duplicated,
| then log the
| traffic.
|
|
| ------------------------------------------------------
----
| -
| David LeBlanc | Voice: (770)395-0150
| x138
| Internet Security Systems, Inc. | Fax: (404)395-1972
| 41 Perimeter Center East | E-Mail:
| dleblanc @
iss .
net
| Suite 660 | www: http://www.iss.net/
| Atlanta, GA 30328 |
|
|
