World's Most Annoying IE Toolbar 950
nautical9 writes "Following the same devious footsteps of the infamous Bonzi Buddy, Gator, and Comet Cursor "enhancements", Xupiter now has their own self-installing toolbar for IE. There are many claims that if you leave your security preferences at their default level, it will install itself without your express permission. And once on your system, it's gracious enough to reset your homepage to xupiter.com, forward all your searches to their search engine, download and automatically launch applications (like gambling applets), and blocks all attempts to set these back to normal. Removing it isn't trivial either - it automatically checks for updates upon reboot, where it constantly changes the registry settings it uses, making the jobs of spyware removal programs like AdAware or Spybot Search & Destroy much harder. No word yet if it collects and forwards personal data."
If it's going through all that trouble... (Score:5, Insightful)
Oh yea... as if they're going to go through all of that trouble and deception and not collect and forward personal data.
Right.
-S
With somethign that invasive sounding (Score:2, Insightful)
Pretty easy fix (Score:5, Insightful)
If you're using IE, you're running a piece of software *on your machine* which is advertising and providing the ability for a web page to basically screw your system up. If precisely this happens...well, you should have tried another browser.
(If you don't like the Moz suite approach, try Phoenix)
Thank God for Mozilla (Score:2, Insightful)
Re:*groan* (Score:1, Insightful)
It also has no uninstaller. I had to go through the registry by hand to clean it out. That is, until I downloaded ad-aware...
Sympathy (Score:2, Insightful)
This goes double for the people I've already warned. Every time something nasty like this happens, I tell them the solution is to use something else. Then they come crying to me the next time it happens.
Re:Sick the Lawyers on Them (Score:5, Insightful)
For a while now (Score:5, Insightful)
The problem with these damn things is that you never quite know how they got onto your machine. I'm always very careful about what I install, and which dialog boxes I say "OK" to, but there's always the possibility that I accidentally let something slip through. I suppose that's why people aren't 100% sure if it can install itself right from IE without confirmation.
I'm getting increasingly sick of using IE, but I'm constantly running across sites that Mozilla just can't handle properly (or swiftly). And yes, I've cranked up the security level, though god knows why there exists any level of "security" that would allow unconfirmed installs.
Can we have some actual sanity? (Score:2, Insightful)
1 -- It does not magically install itself, you have to either tell IE to let any old junk execute or click on the OK button yourself. Either way, it's your fault.
2 -- It is not hard to remove. There's even an uninstaller provided that works (I just tried it on a sacrificial computer).
3 -- No matter how much you like Linux or Mozilla or whatever, mere anti-MS fear and loathing is not news.
Thank you for your attention.
Re:Was it smart to include the link? (Score:2, Insightful)
Despicable as it may be what they're trying to do, they do want me to keep using it, so it's not like they're going to format my harddrive or show me endless goatse.cx popups.
Re:no it won't (Score:5, Insightful)
I just went through 20 minutes of deleting it!
Re:no it won't (Score:4, Insightful)
Let's see, we have the technically illiterate on one hand. These people fall prey *far* more to malicious remote-install links than they are benefitted by deliberately remote-installing software. Not benefit to IE's behavior there.
Then we have the technically ept, who are quite able to download, save, and run an installer if they really want to run it. No benefit to IE's behavior there.
Frankly, IE's behavior takes a position of extreme trust of the remote end, which is just plain *stupid* in today's world.
Re:Sick the Lawyers on Them (Score:3, Insightful)
Umm, if most people don't care, why should most representatives?
You want to get lawyers and litigation rolling for something like this when there is such a backlog of legislation pending in areas like, say, healthcare where most people DO care? There is a reason "our" voice is small on "legal" matters like this: It's because it's a waste of legislators' time!
Re:Sympathy (Score:2, Insightful)
These people are agreeing to the install. As soon as you make it impossible to do this, they will start complaining that they can't get flash, $random-movie-player to run.
To summarise, this is a social problem, with stupid people. It doesn't matter what browser/OS/firewall you use, if you're an idiot you're gonna fuck it up.
Prevention tactic (Score:5, Insightful)
attrib +r "C:\Program Files\Xupiter"
Re:no it won't (Score:3, Insightful)
Ultimately, the user should read any warning message that pops up, whether it's from IE, your anti-virus software, or from your OS.
This Is Exactly Why... (Score:2, Insightful)
I recently updated IE (it has a problem with Cartoon Network's [cartoonnetwork.com] gToons game [cartoonnetwork.com]) so I could do a little gaming. I noticed when I bumped it up to 5.5 that it gave me a list of things to install along with it, including Media Player, Outlook and Script Support. Script Support? Isn't that IE's problem in the first place? You'ld think they'd take that sorta crap out. Long story short, I unchecked everything but the browser update, and sat back while my painfully slow 56K connection chugged away.
After about an hour (damn Adelphia [adelphia.net]), I ran the update and of course, rebooted. Once I was back in Windows, I fired up IE, only to be greeted with an alert window telling me "Hey! You need to get Script Support!" Now, didn't I tell it that I didn't want that in the first place? After telling it that I never want that crap installed on my machine, things have been fine, but I still can't play gToons. Not to mention the damned thing made itself my default browser again without asknig my permission...
Crap like this Xupiter nonsense is exactly why either Microsoft needs to clean up it's act (script support is usually what starts up web-based virii), or people need to actually try and learn something about computers instead of sticking with the Beast for the easy factor.
Re:Pretty easy fix (Score:3, Insightful)
Re:If it looks like a duck and quacks like a duck. (Score:5, Insightful)
I agree. But it's interesting to note that if this software had been written by an individual, rather than a corporation, the FBI would already be looking for the culprit. For some reason, corporate misbehavior is below the FBI's radar.
From the article:
It's a browser toolbar that some swear is doing "drive-by downloads" -- installing itself without users' permission -- then taking over their systems and making it impossible to uninstall.
Technically, this is a virus. And IIRC, "unauthorized alteration of a computer system" is punishable by 5 years in prison and up to a $250,000 fine.
Re:Wrong (Score:3, Insightful)
No, they should blame Microsoft. Like that article posted earlier about Slammer, the idea of blaming the victim for the crime is a little skewed. Microsoft needs to engineer better products. Because after all,
isn't that the digital equivalent of mugging and rape?
Er, a bit dramatic, but yeah, kind of. You can't (shouldn't?) call someone 'stupid' for getting mugged or raped.
Re:Sick the Lawyers on Them (Score:1, Insightful)
There will be more and more increasingly complicated laws whether you like it or not. You can quibble philosophy and oppose "large, complicated laws" or you can get to work making sure those laws serve you and the rest of the American people (or whatever country you're from).
Whining that there's too many laws is about the same as whining that modern computers are too complex and inefficient. You're probably right, but we can't just trash our computers and start from scratch. Same with the laws...
Sharman Networks breathes a sigh of relief (Score:2, Insightful)
Re:Wrong (Score:3, Insightful)
The last time I tried to download a security update to a windows product, I was asked to:
1) Agree to new licensing terms
2) Download the ENTIRE update for office 2000 - tens of Meg.
It's not stupidity - it's the enormous hassle of downloading. The whole patch system Microsoft has put in place is just too screwed up to deal with.
Re:Wrong (Score:5, Insightful)
Then those Slashdotters would be wrong. Federal law prohibits unauthorized access to a computer.
Granted, you could argue that running IE and not installing the tons of patches MS has slapped over many of its plethora of holes is "granting authorization" to the remote site, but I don't think a judge's sense of irony would go that far.
This will wreak havoc with end users.. (Score:5, Insightful)
I find it hard to believe that it would install itself with everything set to default on a properly updated copy of IE 6.0 SP1. It's much more likely that Xupiter is just betting on people clicking yes to the security warning prompt.
Taken from Xupiter's end user agreement [xupiter.com]: To further enhance your media viewing experience, Xupiter reserves the right to run advertisements and promotions based on URLs and/or search terms users enter when navigating the Internet. Other enhancements and to allow access, users web browser, start page, search page, auto search option, bookmarks and default error page will be changed, along with the Xupiter accessory toolbar added to the web browser. Active desktop panel will be installed on the users desktop which will enable active desktops on the system for special promotions. Our software license requires that users browser start page be set to Xupiter.com in order to continue use of the Xupiter toolbar, from time to time we verify that users start page url is set to Xupiter.com, if it is not we reserve the right to alter it back.
Great - it enables active desktop too; what fun!
Re:Sympathy (Score:5, Insightful)
And the woman who wears provocative clothing is asking to get raped.
What about the poor sods who have to use IE at work? What about technical neophytes? Should nobody be allowed to use a computer until they've studied CS for a couple of years and know who RMS is? I use Opera--quite happily--at home but I'm posting this (unfortunately) from a machine at work with IE, on which another browser is not an option. Educating an employer is often a slow, painful, laborious process. I'm trying, but it takes time.
Re:Prevention tactic (Score:3, Insightful)
I followed this on friend's computer and it works.
http://vil.nai.com/vil/content/v_99904.htm
This isn't the only one... (Score:5, Insightful)
The funniest part: this is the second time she's brought her computer in with these toolbars. After we had removed them the first time, we explicitly told her NOT to download web enhancements and toolbars...here she was again.
I have owned a computer since 1990, and since 1990, I have yet to use a passive virus scanner. Since 1990, I have yet to get a virus...this girl has had several in the past month, and she DOES have a virus scanner running.
Less clicking, more reading.
Re:Prevention tactic (Score:4, Insightful)
Turn off "Third Party Browser Extensions" in IE (Score:2, Insightful)
I've had some users at work who (knowingly or not) install 50 different toolbars on their workstations.
They are sometimes hard to uninstall and can cause serious problems. It's fun to try and fix IE when it causes an Illegal Operation the second you start it.
Toolbars = Evil
I'd force everyone to use Mozilla but there's still a few problems with it.
Re:Wrong (Score:3, Insightful)
If they got dressed in hooker clothes, went to a seedy part of town, got very drunk and woke up in someone else's bed and claimed "rape!", then I'd call them stupid. And that's what not patching for six months is.
MS is partially at fault for not catching the bug when they wrote the software, but no one who writes code can claim to have bug free software (unless you write custom versions of "Hello World" for people). I doubt you can find many critical software projects without a single patch released.
Re:Windows Update incredibly unstable (Score:3, Insightful)
I have actually found it pretty convient. Perhaps there were other pre-exisitng problems with the system?
Most windows users screw up thier system way before windows update has a chance to do it.
Re:Wrong (Score:2, Insightful)
Re:Wrong (Score:2, Insightful)
And if the whole world was as computer savvy as you, I'm sure I would agree with you.
However, this isn't a worm that only affects enterprise software and professional webservers that have admins that monitor patches and read bugtraq.
This is a security flaw that affects Grandma and Little Brother. People who use the Internet to look up cooking recipes or look for pots on eBay. They don't know that patch exists, don't know there is a security flaw in the first place, and wouldn't know how to fix it if they did. They have more important things to worry about -- like Timmy's little league game and Johnny's play.
To call the masses "stupid" for not patching is downright wrong. I completely blame Microsoft for not going out of their way to make sure everyone knows about that security flaw and making it easy for everyone to patch. To me, that's the cost of the monopoly -- and one that Microsoft is LONG overdue to pay.
Re:Wrong (Score:1, Insightful)
Re:Wrong (Score:4, Insightful)
But let's compare that to reality.
1) Microsoft intentionally markets to consumers that they know are incapable of mildy difficult technical tasks.
2) Microsoft patches are incredibly perverse in their installation procedures, often break other things, and sometimes don't work at all.
3) The sheer volume of Microsoft exploits means that a person would be compelled to spend the great majority of their waking hours applying the damn things, just to keep their head above water.
4) Microsoft hides news of their vulnerabilities in the Labyrinth of their website to the point that a person would be compelled to check a large list of other security websites just to remain aware of what the dangers were.
5) Many of these exploits are the end result of bad coding practices, bad design philosophies and ill-concieved architectures, and not just obtuse, hard-to-recognize bugs that slip through *anyone's* quality control.
6) And while not exactly relevant to this discussion, if I ever see someone dressed up in one of those butterfly costumes, they are DEAD. Literally, I intend to murder them. I'm fairly confident that most juries won't ever convict.
So, taking all this into consideration, the metaphor would be more accurate if this person were drugged/brainwashed from birth, taught that it is only appropriate to be led around in chains 24/7 by strange men, was often sold to the highest bidder, beaten whenever she spoke up, was given no choices or significant decision-making privileges, and then woke up in the strange bed.
It might not be rape exactly, but something horrible did happen, and she is most certainly some type of victim. To ignore all the circumstances leading up to that event, and then claim "she never said No" is absurd beyond the pale.
Re:Wrong (Score:1, Insightful)
You seem to overlook that several (not to say "most") open source products -- take MySQL for example -- are equally guilty of the same, and don't warn their users through some online update system when a flaw is found or an update is available. They rely for 100% on the users coming to look for them on their own initiative, or hearing about them on news sites.
Re:Wrong (Score:3, Insightful)
I assume by that you're referring to the claim many slashdotters make that downloading music illegally from p2p networks, etc, is copyright infringement as opposed to theft.
Fair enough, but this situation strikes me as somewhat different
Assuming hypothetically that this spyware actually was copying files from your HD and sending them to others, this is rather different to a p2p
example:
Bob buys a CD, published by Sony, and performed by Michael Jackson (prolly not signed to Sony. Don't care. it's just an example)
Bob then shares these MP3s on Kazaa, and someone downloads them.
Who's being stolen from? Not Bob. He's perfectly happy to share his MP3s. So if there even IS a case of theft going on here, the victim is between Sony or M.J... who it is between those two is left as an exercise for the reader..
Now.. the spyware scenario.
Bob has those same MP3s on his computer, but only because he finds it more convenient to listen to than having to dig out his legally bought CD. Being a very moral type, he would never think of doing something so terrible as sharing the MP3s with people who might not have paid for the CD, so no p2p networks here.
Then he sees this ad for this nifty IE toolbar that'll make his mouse cursor pretty, let him search without going to a search page / other useless "features"
After installing it, the provider of the toolbar starts copying Bob's files completely without his knowledge, and against his will
That, to me, sounds a lot closer to theft, or at least a major invasion of privacy/rights than downloading stuff on p2p
(footnote. If you've drawn any conclusions on my opinion of p2p networks from this post, discard them. I don't think they're wrong, I don't think they're right. They're just there.)
Re:Wrong (Score:2, Insightful)
I guess if I don't wear a seatbelt in may car and get injured in an accident...I should blame Ford?
Seriously, the MS bashing on this site is soooooooo lame.
Re:no it won't (Score:5, Insightful)
No lawyers, no blaming, just your repsonsibility (Score:2, Insightful)
The fact that someone can remotely install whatever the hell they want onto your computer is not THEIR fault. It's not even their responsibility. When you break it down to the most basic level, you go to a website and their server says, "Hello, here's your page, and you need this!" If your browser is an inferior one, it says "OK, sweet! Thanks so much!" How is that their problem?
I agree the coders responsible for these kinds of things are sick individuals, but money can buy anything these days.
It is ON YOU to use software YOU know about. YOU can't BLAME ANYONE but YOURSELF for using IE. I mean we're talking about a browser that had a bug where if you clicked the "back" button on the right (err wrong) page, you could format your hard disk. I put it to you (IE Users) that it is YOUR fault for getting "violated"!
www.opera.com
www.mozilla.com
huh? (Score:1, Insightful)
I'd argue that it is. First they have to see a (familiar) file-dialog box pop up.
Where is your arguement? All you did is detail how Windows users save files. There is no argument there, since everyone already knew that.
Javascript can bring up message boxes (idiotically enough, this is enabled by default by MS).
idiotically? MS? I think that should read "conveniently enough, this is enabled by default by most browsers."
So most users (*especially* Internet Explorer users) run into a ton of message boxes while browsing.
again, where are you? Where are these users? Where are they going that causes them to get a "ton" of message boxes? I don't think you have a grasp on the common user nor the power user nor even the internet. Please give me a couple URLs where I can see all these pop-up boxes that I have been missing.
A Javascript should not be able to take malicious, destructive action just because someone clicked "OK" in one of a series of dialogs that a Javascript popped up. To set up IE to operate this was was irresponsible in the extreme by Microsoft.
JavaScript can't do that except in unpatched browsers. MS did not "set it up" that way. Lying like that is irresponsible in the extreme of you.
but, hey, I could be wrong, please send me to one of these magic web sites that most users frequent and are constantly bombarded and maliciously toyed with by the All Powerful JavaScript Alert(); Or admit that you made up your own version of the story and forgot to post it in the 'short fiction' section instead of 'news'.
Re:no it won't (Score:2, Insightful)
Are you mad? How many programs do you install in the run of a day that you feel you are wasting a substantial amount of time reading dialogue boxes? And how poor is your memory that you can't remember what actions provoke which dialogue boxes? Never mind that causing users "to be screwed over" with "malicious, destructive action" is hardly being initiated by a toolbar app.
You know, whenever you drive in your car you have to check to see if traffic is coming. Do you stop doing this once you get tired of it, and just skim over the lanes of oncoming traffic? Or what about when you cross the street?
You seem to have an axe to grind against Windows, ostensibly because you are a Mac user, but if I am installing software onto my computer I want to know what it is doing and why, and if it is asking my permission then I should probably devote the brain power to read the request. This applies to ALL operating systems, and beyond that, this sort of "think about what you are doing before you do it" policy should apply to life in general.
Re:Wrong (Score:3, Insightful)
I completely blame Microsoft for not going out of their way to make sure everyone knows about that security flaw and making it easy for everyone to patch.
Automatic Windows Update popups aren't enough? What's MS supposed to do, lock you out of the computer until you click on the "Updates Pending" notification that pops up once a day?
When are these companies gonna be held accountable (Score:4, Insightful)
I think they should be shut down and prosecuted for this stuff, along with all the other companies that install spyware.
Re:If it looks like a duck and quacks like a duck. (Score:2, Insightful)
Naw, it's just that most virus authors are too lazy to include a 12-page "terms and conditions" shrinkwrap rider that grants them access to the victim's computer.
Re:Wrong (Score:2, Insightful)
But, if it's unfair to lump all open source software together for bug-counting purposes, it's also unfair to do the same thing for all Microsoft software. (Otherwise, to get an accurate assessment for Linux systems, you'd have to include the bugs from open source browsers and all other normal system add-ins or add-ons, on top of Linux's own bugs.) Instead, to avoid an apples/oranges comparison, it's better to look at specific brands, types, and builds of products across similar amounts of time: That's the only accurate way to see how, say, operating systems compare, or browsers compare, or E-mail programs compare, and so on.
Definition of a virus... (Score:2, Insightful)
Once executed it changes parts of your computer without your knowledge doing distructive acts...
yea... this sounds like a virus.
WHOIS (Score:1, Insightful)
Checking server [whois.opensrs.net]
Results:
Registrant:
Tempo Internet
P.F. 284
Gyongyos I, 3201
HU
Domain Name: XUPITER.COM
Administrative Contact:
Reg, Dom support@xupiter.com
P.F. 284
Gyongyos I, 3201
HU
+36.203548526
Fax: +36.203548526
Technical Contact:
Reg, Dom support@xupiter.com
P.F. 284
Gyongyos I, 3201
HU
+36.203548526
Fax: +36.203548526
Registrar of Record: TUCOWS, INC.
Record last updated on 18-Dec-2002.
Record expires on 31-May-2004.
Record Created on 31-May-2002.
Domain servers in listed order:
NS1.XUPITER.COM 63.236.32.51
NS2.XUPITER.COM 63.236.32.52
anyone know what country this is?