Browser Allowing Software Installs… (IE6)

Topic

New Reply

I must have ticked the wrong setting somewhere…

Just lately, my browser is allowing software to be installed on my PC when I do nothing more than visit a webpage. In particular, it’s happening when I visit “lyrics” sites. I’m not even presented with a warning or an approval message.

I just visit the site (several different sites) and the downloading begins: BargainBuddy, DownloadWare, SCBar, NetworkEssentials, 180Solutions, IncrediFind, BroadcastPC, ImiServer IEPlugIn, NetPal, and many more. New folders are created, the My Favorites list has hundreds of new links added, StartUp Registry entries are made, scores of dll files are added…. All without my approval and behind the scenes.

I’m having to use Spybot and AdAware to clean things up and it takes several reboots to rid the system of this complete hijack attempt. A few days ago, I had to go in SafeMode to delete some entries from the registry.

Other than the obvious ” Stay away from those sites “, how should I go about preventing this? If these sites can make this happen, any site could…

Suspect Sites include: lyricsdepot.com, lyrics007.com, lyricsdomain.com, and others…

Reply | Quote

Replies

Hi Ricky:
Under Tools/Internet Options/Security/Internet Zone/Custom, make sure that scripts & Active X controls require a prompt. Of course, disable the unsigned & unsafe ones.
Hope this helps,

Reply | Quote

Thanks Phil. I have ticked the three choices that you noted in the diagram. Oddly enough, each of them were set to ‘Enable’ and I don’t recall making changes . I’ll keep an eye on it to make sure it sticks.

Reply | Quote

FWIW, I notice that each time I install updates, I have to check to see if they’ve changed my options. Som times they do & sometimes they don’t.

Reply | Quote

FWIW, I notice that each time I install updates, I have to check to see if they’ve changed my options. Som times they do & sometimes they don’t.

Reply | Quote

Thanks Phil. I have ticked the three choices that you noted in the diagram. Oddly enough, each of them were set to ‘Enable’ and I don’t recall making changes . I’ll keep an eye on it to make sure it sticks.

Reply | Quote

In the diaogue pictured below:

It appears that the My Yahoo! page is not loading completely without the use or approval of ActiveX. If I click ‘No’, then the message will continue to re-appear every few minutes as I use the internet…

If I were to click ‘Yes’, would it be a site or page specific setting? Or will it change my global settings and re-create the very issues I’m trying to avoid?

Reply | Quote

Hi Ricky:
This is normal when you have set Active X controls to prompt. Clicking “yes” will not change your settings & only applies on a one time basis. What I do is have Active X set to prompt in the Internet Zone. If I trust the site, I add it to my Trusted sites, where I do not require Active X to prompt.

Reply | Quote

Hi Ricky:
This is normal when you have set Active X controls to prompt. Clicking “yes” will not change your settings & only applies on a one time basis. What I do is have Active X set to prompt in the Internet Zone. If I trust the site, I add it to my Trusted sites, where I do not require Active X to prompt.

Reply | Quote

I would say that about 90% of the time when you get that prompt, it is a Flash animation of some kind, either one that you want from that site or one you don’t need in a banner or keystone ad. The problem is, the prompt doesn’t tell you!! One of the major changes in the version of IE bundled with Windows XP SP2 is that there will be much more detail about active content that has been blocked so you can make more intelligent choices about when to allow it. In this case, unless you are willing to say No, then view the page’s source code (e.g., search for <OBJECT, <EMBED and <APPLET), you have NO IDEA what you would be saying yes to. Actually, even if you view the page's source, you can't be sure, because so much stuff can get pulled in from other sites.

Reply | Quote

I would say that about 90% of the time when you get that prompt, it is a Flash animation of some kind, either one that you want from that site or one you don’t need in a banner or keystone ad. The problem is, the prompt doesn’t tell you!! One of the major changes in the version of IE bundled with Windows XP SP2 is that there will be much more detail about active content that has been blocked so you can make more intelligent choices about when to allow it. In this case, unless you are willing to say No, then view the page’s source code (e.g., search for <OBJECT, <EMBED and <APPLET), you have NO IDEA what you would be saying yes to. Actually, even if you view the page's source, you can't be sure, because so much stuff can get pulled in from other sites.

Reply | Quote

In the diaogue pictured below:

It appears that the My Yahoo! page is not loading completely without the use or approval of ActiveX. If I click ‘No’, then the message will continue to re-appear every few minutes as I use the internet…

If I were to click ‘Yes’, would it be a site or page specific setting? Or will it change my global settings and re-create the very issues I’m trying to avoid?

Reply | Quote

Hi Ricky:
Under Tools/Internet Options/Security/Internet Zone/Custom, make sure that scripts & Active X controls require a prompt. Of course, disable the unsigned & unsafe ones.
Hope this helps,

Reply | Quote

Hi Ricky

A small program I use to control this problem is Startup Monitor (a link here).
Also, I believe Spybot S&D also warns of install attempts but I can’t find the setting for it. Maybe someone else can confirm this.

Have a Great day!!!
Ken

Reply | Quote

Ken

It’s the TeaTimer option. Only run it if you have a newish box, since it takes about 5% of the CPU on my 133 MHz NT4 box!

John

Reply | Quote

Thanks John
I do have TeaTimer installed but I didn’t realize it was responsible for this function.

Have a Great day!!!
Ken

Reply | Quote

Thanks John
I do have TeaTimer installed but I didn’t realize it was responsible for this function.

Have a Great day!!!
Ken

Reply | Quote

Hi John:
I don’t have Tea Timer installed, but I know Spybot gave me a warning about something being downloaded. I happened a couple of times, but I don’t recall if it was warning me of a file, an Active X, or what. I seem to recall that I didn’t even have Spybot loaded at the time. I wonder if there’s another setting for it also.

Reply | Quote

Hi Phil

Would it possibly be the “Immunize” (“bad download blocker”) feature?

Have a Great day!!!
Ken

Reply | Quote

That must be it, Ken. I can’t think of anything else that would do it. Actually, I accidentally “immunized” because I pressed the button wanting to see what would happen. I thought there would be another dialog box where you could pick & choose what to immunize against.

Reply | Quote

That must be it, Ken. I can’t think of anything else that would do it. Actually, I accidentally “immunized” because I pressed the button wanting to see what would happen. I thought there would be another dialog box where you could pick & choose what to immunize against.

Reply | Quote

Hi Phil

Would it possibly be the “Immunize” (“bad download blocker”) feature?

Have a Great day!!!
Ken

Reply | Quote

Hi John:
I don’t have Tea Timer installed, but I know Spybot gave me a warning about something being downloaded. I happened a couple of times, but I don’t recall if it was warning me of a file, an Active X, or what. I seem to recall that I didn’t even have Spybot loaded at the time. I wonder if there’s another setting for it also.

Reply | Quote

Ken

It’s the TeaTimer option. Only run it if you have a newish box, since it takes about 5% of the CPU on my 133 MHz NT4 box!

John

Reply | Quote

Thanks Ken – I just downloaded and installed both Startup Control Panel and Startup Monitor . Both seem like useful and unobtrusive utilities. Still, I’m hoping that the simple change of settings within IE will prevent the installation of this garbage software in the future.

The more I think about it, the madder I get. It should be a crime for these companies to install software on anyone’s PC who doesn’t specifically request it. It’s like someone stopping by and painting your car in the middle of the night, jeez!

Is there anyone in the world that would welcome these blind-sided installations and find them useful? Or are the programs only useful to the companies who sneak them on to our machines.

Hey Jefferson – Can I sue?

Reply | Quote

More often than not you do agree to let these companies install software on your PC-you just don’t know it. Some companies do it entirely without permission and in some places that is a crime. Most, however, ‘piggyback’ on some other software that you do agree to install. To discover what you’re agreeing to requires that you read the entire licensing agreement-carefully.

To use your analogy, it would be like hiring somebody to paint your house-but in the contract (fine print) it said ‘house & surrounding property’.

A number of years ago in the US the true interest rate on loans & credit purchases was often buried in the fine print. A law was passed requiring prominent disclosure & now the problem is less. I’m sure that the same thing will happen, eventually, with spyware/piggyback installations. I’m just impatient, I guess.

Reply | Quote

More often than not you do agree to let these companies install software on your PC-you just don’t know it. Some companies do it entirely without permission and in some places that is a crime. Most, however, ‘piggyback’ on some other software that you do agree to install. To discover what you’re agreeing to requires that you read the entire licensing agreement-carefully.

To use your analogy, it would be like hiring somebody to paint your house-but in the contract (fine print) it said ‘house & surrounding property’.

A number of years ago in the US the true interest rate on loans & credit purchases was often buried in the fine print. A law was passed requiring prominent disclosure & now the problem is less. I’m sure that the same thing will happen, eventually, with spyware/piggyback installations. I’m just impatient, I guess.

Reply | Quote

Thanks Ken – I just downloaded and installed both Startup Control Panel and Startup Monitor . Both seem like useful and unobtrusive utilities. Still, I’m hoping that the simple change of settings within IE will prevent the installation of this garbage software in the future.

The more I think about it, the madder I get. It should be a crime for these companies to install software on anyone’s PC who doesn’t specifically request it. It’s like someone stopping by and painting your car in the middle of the night, jeez!

Is there anyone in the world that would welcome these blind-sided installations and find them useful? Or are the programs only useful to the companies who sneak them on to our machines.

Hey Jefferson – Can I sue?

Reply | Quote

Hi Ricky

A small program I use to control this problem is Startup Monitor (a link here).
Also, I believe Spybot S&D also warns of install attempts but I can’t find the setting for it. Maybe someone else can confirm this.

Have a Great day!!!
Ken

Reply | Quote

[indent]

---

Other than the obvious ” Stay away from those sites “, how should I go about preventing this

---

[/indent]Pssssst….best solution around….

Seriously, IE allows a lot of this crap to happen by its very design. ActiveX was one of the worst technologies Microsoft could have ever included in the browser.

Reply | Quote

Yup, agreed……

Some malware piggybacks on otherwise legitimate software. Both Spybot S&D and Startup Monitor should issue an alert when such malware tries to install….even with your “best solution”

Have a Great day!!!
Ken

Reply | Quote

Yup, agreed……

Some malware piggybacks on otherwise legitimate software. Both Spybot S&D and Startup Monitor should issue an alert when such malware tries to install….even with your “best solution”

Have a Great day!!!
Ken

Reply | Quote

Hey Mark – I’m certainly not opposed to trying Firefox. Is it possible to “test-drive” it without eliminating IE or does it have to be one or the other? And I know this question is probably more suited for another thread, but what would be some of the reasons not to use Firefox?

I would guess that most websites were designed and constructed for the audience of IE users… Would this mean that many sites would not look right, feel right, etc. while using Firefox?

Reply | Quote

Marks not online right now, but this is an easy one to answer (I’ll leave the hard ones for Mark ). I have Mozilla, Firefox, IE, & Avant Browser. One does not eliminate the other (except AB is uses the IE engine & so can’t run at the same time as IE). Take a look in the Other Browsers forum & you’ll see lots of recent posts on Firefox.

Reply | Quote

Marks not online right now, but this is an easy one to answer (I’ll leave the hard ones for Mark ). I have Mozilla, Firefox, IE, & Avant Browser. One does not eliminate the other (except AB is uses the IE engine & so can’t run at the same time as IE). Take a look in the Other Browsers forum & you’ll see lots of recent posts on Firefox.

Reply | Quote

[indent]

---

I would guess that most websites were designed and constructed for the audience of IE users

---

[/indent]That’s partially true. It would be more accurate to say that many site developers do not bother to test in platforms other than Internet Explorer. It’s laziness, really – if 95% of your audience is using the same browser, you can get away with not testing in Firefox and other browsers, but then that also means your code is sloppy. Personal opinion there but since I develop websites myself I’m sensitive to the issue.

As far as other sites not rendering properly…I have not really found that to be the case. More often than not they look similar, if not the same. The only ostensible reason I could see not to use Firefox – or any alternate browser – is the fact that some websites, particularly financial institutions, use ActiveX controls and these will not work. There may be an extension for Firefox that enables these but I haven’t looked for one, ActiveX is one of the reasons I avoid using IE.

A final though, Windows Update does not work without IE, so you have to keep it around just for that purpose.

Reply | Quote

Hi all

I can’t speak for US financial institutions but I, in Canada, do virtually all of my banking, bill paying, account transfers, etc. online using Firebird (haven’t upgraded to Firefox yet….waiting for ver 1.0 in September).

There are some websites that don’t work well, if at all, with Firebird but I haven’t found any, other than some Microsoft pages, that I can’t simply ignore.

Have a Great day!!!
Ken

Reply | Quote

Hi all

I can’t speak for US financial institutions but I, in Canada, do virtually all of my banking, bill paying, account transfers, etc. online using Firebird (haven’t upgraded to Firefox yet….waiting for ver 1.0 in September).

There are some websites that don’t work well, if at all, with Firebird but I haven’t found any, other than some Microsoft pages, that I can’t simply ignore.

Have a Great day!!!
Ken

Reply | Quote

[indent]

---

I would guess that most websites were designed and constructed for the audience of IE users

---

[/indent]That’s partially true. It would be more accurate to say that many site developers do not bother to test in platforms other than Internet Explorer. It’s laziness, really – if 95% of your audience is using the same browser, you can get away with not testing in Firefox and other browsers, but then that also means your code is sloppy. Personal opinion there but since I develop websites myself I’m sensitive to the issue.

As far as other sites not rendering properly…I have not really found that to be the case. More often than not they look similar, if not the same. The only ostensible reason I could see not to use Firefox – or any alternate browser – is the fact that some websites, particularly financial institutions, use ActiveX controls and these will not work. There may be an extension for Firefox that enables these but I haven’t looked for one, ActiveX is one of the reasons I avoid using IE.

A final though, Windows Update does not work without IE, so you have to keep it around just for that purpose.

Reply | Quote

Firefox is perfectly happy being your “second browser.” The main difference is that the primary browser, whichever you choose, will take over the task of handling hyperlinks in e-mail and probably other places, too. (If you get a weird “find link browser” dialog when you click a link, search on the other browsers board for a fix).

As for web sites, there are a couple of ways in which Mozilla-based browsers differ from IE. In my view, the most important involve scripting, and in particular the use of the document.all collection in IE-specific scripts. The W3C did not adopt the document.all collection into the standards for the document object model, but many script authors used it anyway, since MS moved faster than the standards setters and something like 90% of browsers on the web are IE4-5-6. If you find that a form is not working in Firefox, open the JavaScript console. If it is full of errors referring to document.all, then that form needs to be launched in IE, or an IE-based browser. Oh, and WindowsUpdate won’t run in Firefox, either.

Reply | Quote

I still have IE as my default browser, but when I click on a hyperlink in an email (using Netscape 4.75), it fires up Netscape, not IE. I don’t even know a way to change it (what browser the hyperlink opens).

Reply | Quote

Sorry, Phil, I just assume everyone’s using Outlook. My mistake! Outlook 2000+ uses the settings in Windows’ File Types dialog. Apparently Netscape 4.x uses some internal setting.

Reply | Quote

Sorry, Phil, I just assume everyone’s using Outlook. My mistake! Outlook 2000+ uses the settings in Windows’ File Types dialog. Apparently Netscape 4.x uses some internal setting.

Reply | Quote

I still have IE as my default browser, but when I click on a hyperlink in an email (using Netscape 4.75), it fires up Netscape, not IE. I don’t even know a way to change it (what browser the hyperlink opens).

Reply | Quote

Firefox is perfectly happy being your “second browser.” The main difference is that the primary browser, whichever you choose, will take over the task of handling hyperlinks in e-mail and probably other places, too. (If you get a weird “find link browser” dialog when you click a link, search on the other browsers board for a fix).

As for web sites, there are a couple of ways in which Mozilla-based browsers differ from IE. In my view, the most important involve scripting, and in particular the use of the document.all collection in IE-specific scripts. The W3C did not adopt the document.all collection into the standards for the document object model, but many script authors used it anyway, since MS moved faster than the standards setters and something like 90% of browsers on the web are IE4-5-6. If you find that a form is not working in Firefox, open the JavaScript console. If it is full of errors referring to document.all, then that form needs to be launched in IE, or an IE-based browser. Oh, and WindowsUpdate won’t run in Firefox, either.

Reply | Quote

I “test drove” firefox for a few days. I didn’t care for it so I unintalled it. I then had to run regedit to clean up what didn’t get uninstalled. I then had to fix the file associations so I could click a link in my Eudora email and have IE open as it used to. All in all I think it was way to much work to get back to IE after “test driving” FireFox. Just my opinion. This was on a win98 machine. XP may be different.
John

Reply | Quote

>I “test drove” firefox for a few days.

Are you sure you didn’t decide to make Firefox your “default browser”? The symptoms you are describing are consistent with that. FWIW, when “test driving” anything, it is generally better to make sure that the Test Drive application does not become the default for {i]any[/i]thing.

Reply | Quote

Now that you mention it, I probably did make firefox my default browser. Guess I shouldn’t have done that just for a test drive. But then, I really wanted an alternative to IE. Next time I will know not to do that. Thanks for the pointer.

Reply | Quote

Now that you mention it, I probably did make firefox my default browser. Guess I shouldn’t have done that just for a test drive. But then, I really wanted an alternative to IE. Next time I will know not to do that. Thanks for the pointer.

Reply | Quote

>I “test drove” firefox for a few days.

Are you sure you didn’t decide to make Firefox your “default browser”? The symptoms you are describing are consistent with that. FWIW, when “test driving” anything, it is generally better to make sure that the Test Drive application does not become the default for {i]any[/i]thing.

Reply | Quote

I “test drove” firefox for a few days. I didn’t care for it so I unintalled it. I then had to run regedit to clean up what didn’t get uninstalled. I then had to fix the file associations so I could click a link in my Eudora email and have IE open as it used to. All in all I think it was way to much work to get back to IE after “test driving” FireFox. Just my opinion. This was on a win98 machine. XP may be different.
John

Reply | Quote

Hey Mark – I’m certainly not opposed to trying Firefox. Is it possible to “test-drive” it without eliminating IE or does it have to be one or the other? And I know this question is probably more suited for another thread, but what would be some of the reasons not to use Firefox?

I would guess that most websites were designed and constructed for the audience of IE users… Would this mean that many sites would not look right, feel right, etc. while using Firefox?

Reply | Quote

[indent]

---

ActiveX was one of the worst technologies Microsoft could have ever included in the browser.

---

[/indent]I’ll agree with that assessment, but then again they did have the foresight to build in a ‘killbit’. If you know the CLSID of the offending ActiveX component you can set it to never run, or never install if it is not already installed. SEE How to Stop an ActiveX Control from Running in Internet Explorer I’m not sure, but I do believe this would be very similar to what Spybot does with its ‘immunize’ feature.

[indent]

---

—————————————————————————-
Spyware & Adware ActiveX Blocker File
Copyright by Spyware-Guide.com
—————————————————————————-

IMPORTANT: READ THIS BEFORE INSTALLING!

**** What and Why? ****
Tired of all that Spyware and Adware crap being installed by ActiveX ?
But don’t want to loose out on functionality?

We have created a system that blocks all known “bad” ActiveX controls from
running inside Internet Explorer by setting the “Kill bit”.

When a page tries to install a component from our list, it will fail.
When a page tries to use a component from our list that was already present
on your system, it will fail too!

Other, “friendly” components are not affected.

---

[/indent]

Reply | Quote

[indent]

---

ActiveX was one of the worst technologies Microsoft could have ever included in the browser.

---

[/indent]I’ll agree with that assessment, but then again they did have the foresight to build in a ‘killbit’. If you know the CLSID of the offending ActiveX component you can set it to never run, or never install if it is not already installed. SEE How to Stop an ActiveX Control from Running in Internet Explorer I’m not sure, but I do believe this would be very similar to what Spybot does with its ‘immunize’ feature.

[indent]

---

—————————————————————————-
Spyware & Adware ActiveX Blocker File
Copyright by Spyware-Guide.com
—————————————————————————-

IMPORTANT: READ THIS BEFORE INSTALLING!

**** What and Why? ****
Tired of all that Spyware and Adware crap being installed by ActiveX ?
But don’t want to loose out on functionality?

We have created a system that blocks all known “bad” ActiveX controls from
running inside Internet Explorer by setting the “Kill bit”.

When a page tries to install a component from our list, it will fail.
When a page tries to use a component from our list that was already present
on your system, it will fail too!

Other, “friendly” components are not affected.

---

[/indent]

Reply | Quote

[indent]

---

Other than the obvious ” Stay away from those sites “, how should I go about preventing this

---

[/indent]Pssssst….best solution around….

Seriously, IE allows a lot of this crap to happen by its very design. ActiveX was one of the worst technologies Microsoft could have ever included in the browser.

Reply | Quote

Do you have all the IE and Windows security patches installed? There was an exploit recently that installed spyware using the ADODB Stream object. The exploiters found a way to spread it to numerous otherwise legitimate web sites. I have no idea whether this is related. (And I’m using Firefox so no point in visiting.)

Reply | Quote

Thanks Jefferson – I have my machine set to automatically download the MS updates, patches, etc. Occasionally, I’ll see the tray notifier that my updates are ready to install… I’m thinking that this keeps my system up-to-date but since you mentioned it, I’m going to visit the MS site and double-check.

Seems like the bandits remain three steps ahead of the MS boys. All they’re doing is reacting to new threats rather than writing bullet-proof software in the first place. Still, I better not be too critical: #1 – I couldn’t do better! and #2 – This latest issue will probably end up being my fault!

Reply | Quote

Thanks Jefferson – I have my machine set to automatically download the MS updates, patches, etc. Occasionally, I’ll see the tray notifier that my updates are ready to install… I’m thinking that this keeps my system up-to-date but since you mentioned it, I’m going to visit the MS site and double-check.

Seems like the bandits remain three steps ahead of the MS boys. All they’re doing is reacting to new threats rather than writing bullet-proof software in the first place. Still, I better not be too critical: #1 – I couldn’t do better! and #2 – This latest issue will probably end up being my fault!

Reply | Quote

Do you have all the IE and Windows security patches installed? There was an exploit recently that installed spyware using the ADODB Stream object. The exploiters found a way to spread it to numerous otherwise legitimate web sites. I have no idea whether this is related. (And I’m using Firefox so no point in visiting.)

Reply | Quote