Boy,
I agree with Gary on this one.. I just installed IE 4.0 on one my machines
and it does a lot of changes to the registry and such, but even after
examination of the changes. It does not leave you with an audit record of
the real changes it did to the system.. Even at one point during the
install "Now optimizing system" I have no idea what this message means,
but since I did not know what it was doing, I uninstalled it.. Programs
that size that change your environment, should have audit trail through the
process to ensure or guarantee to the user that it is not
installing/changing settings you have done.
I have seen those 20 minute fixes for certain programs. I am truly amazed
that corporations who design software that try to make it easy for the
client or end user that the security factor is almost eliminated from the
equation.
My .02
/mht
----------
> From: Gary Crumrine <gcrum @
us-state .
gov>
> To: 'David LeBlanc' <dleblanc @
iss .
net>; osiris @
gnss .
com
> Cc: firewalls @
GreatCircle .
COM
> Subject: RE: Microsoft vs The world (apology)
> Date: Monday, October 06, 1997 6:41 AM
>
> I haven't seen this on my system yet, but I am a little
> miffed over something I experienced last night though. I
> was installing one of the cd packages from one of the
> bigger known ISP providers (3 letters) and when I had it
> all installed, and up and running, I found that when I
> tried to exit the system, it pops up a message concerning
> problems with MS Explorer, and starts into this 20 minute
> download of a supposed fix. Now I don't know about you,
> but I'd sure like to know what is getting pushed to my
> system and given an opportunity to choose if I want to kill
> it or not.
>
> On Monday, September 15, 1997 6:10 PM, David LeBlanc
> [SMTP:dleblanc @
iss .
net] wrote:
> | At 10:47 9/15/97 -0700, you wrote:
> |
> | >In this morning's newspaper (reference follows), I found
> | >an article of
> | >some interest. In it, there was an interview with a beta
> | >tester of IE
> | >4.0. Apparently, IE 4.0 - if left unattended - will
> | >routinely initiate
> | >a connection to Microsoft. Purportedly, this feature
> (not
> | >a bug, a
> | >feature) allows updates and special web pages to be
> | >downloaded while
> | >the user is away from the teriminal (busy, asleep, etc.)
> | >These updates
> | >are then stored on the hard disk drive of the user.
> | >According to the
> | >beta tester:
> |
> | >"I...discovered that my computer had connected itself to
> | >the
> | >Internet...I was completely freaking out. I pulled the
> | >phone plug
> | >right out of the wall."
> |
> | Odd - I've had IE 4.0 on my home box for some weeks, and
> | it has never once
> | taken it upon itself to call my ISP and connect to MS. I
> | haven't really
> | monitored what it does while on line extremely carefully,
> | and I haven't
> | taken any special precautions to prevent this from
> | happening, either. It
> | is possible this is because I don't have any of the
> | "pointcast" junk turned
> | on - blew up first time I tried it, and I haven't fooled
> | with it since.
> |
> | Perhaps "freaking out" users may not be the most reliable
> | source of info.
> | Although I'd certainly be displeased if it did start
> | dialing home, I can
> | think of less destructive ways to stop this behavior than
> | yanking on wires.
> |
> | >More bizzare yet is this: in
> | >addition to the 250K download, his machine also UPLOADED
> | >58,000 bytes
> | >of information. The beta tester reported that he did not
> | >know what
> | >data had been uploaded.
> |
> | Be interesting to see what it is doing - it could be just
> | requests and that
> | sort of thing.
> |
> | >I am wondering this: suppose such a box was located
> | >behind a firewall
> | >but was allowed outside access. Does this not constitute
> | >an EXTREME
> | >security risk? If 4.0 is capable of uploading
> information
> | >from a local
> | >drive of a 95 box, it can presumably do this from badly
> | >managed shares
> | >as well, no?
> |
> | No telling. IMHO, we need to examine this a bit before
> we
> | get cranked
> | about it. Be interesting to see if it can be duplicated,
> | then log the
> | traffic.
> |
> |
> | ------------------------------------------------------
> ----
> | -
> | David LeBlanc | Voice: (770)395-0150
> | x138
> | Internet Security Systems, Inc. | Fax: (404)395-1972
> | 41 Perimeter Center East | E-Mail:
> | dleblanc @
iss .
net
> | Suite 660 | www: http://www.iss.net/
> | Atlanta, GA 30328 |
|
|
