At 12:40 PM 1/30/2003, Richard M. Smith wrote:
Richard, try it yourself? Go toHi,Has anyone looked into this new Xupiter toolbar to see how it is being installed on people's computer? In particular is it using some IE security hole for the install or does it just use the standard ActiveX drive-by download mechanism?
http://www.xupiter.com/search2/install/install.html
Even with IE set to the "default" (medium) security setting for the Internet zone, you should get a pop-up prompting whether you want to install Xupiter.
Hardly a "driveby" download. Maybe there are other instances of the ActiveX out there that work differently. But I'm told that IE by default prompts before installing signed ActiveX.
In other words, you have to *lower* Microsoft's default security settings (seldom a good idea) to get a drive-by install.
Brian
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
