Fog Creek Software
Discussion Board




how can "new.net" install without asking?

It's the first time I see any app install iself without even an OK warning... How can they do this? Is it potentially dangerous?

Manuel Razzari
Friday, May 17, 2002

It's spyware it i remember correctly. it's not dangerous but well worth removing imho.

John C
Friday, May 17, 2002

Try this link to find out more:

http://www.cexx.org/

http://www.lavasoftusa.com/aaw.html

Ged Byrne
Friday, May 17, 2002

Eegads,

I had no idea...  Soon, that computer is going to be like one big "Max Headroom" -- all talking and squalking, and it'll never shut up.

Nat Ersoz
Friday, May 17, 2002

Where can I find more information on "new.net"? Is it a particular program? I can't find anything on Google for "new.net".

Zwarm Monkey
Friday, May 17, 2002

Yawn. More Microsoft bashing.

pb
Friday, May 17, 2002

What has this got to do with Microsoft ???

Armand Tansarian
Friday, May 17, 2002

New.Net is a company that makes up their own domain name extensions and creates browser plug-ins so that you can visit those sites by typing in their fake domain name directly into your browser.

For more info:

http://www.cexx.org/newnet.htm

I don't know anything about how their software could install without permission (I've never used their software), but you might want to change your internet settings (in IE navigate to Tools > Internet Options > Secutity > Custom Level) to make sure that you are prompted before downloading any Active X controls.

Benji Smith
Friday, May 17, 2002

My bad. I'm confused. Sorry.

pb
Friday, May 17, 2002

"How can they do this? Is it potentially dangerous?"

All they need is a certificate (which you can buy for a few hundreds) and create an application that is compatible with IE guidelines for autoinstallation. We have the reaction of hit "yes" without even read the dialog boxes, so we are easily scammed with this kind of stuff (see also the Comet Cursor, which is same as evil, IMHO)

The simple solution is to increase the security level of IE, or to use some better browser, like Mozilla (I have rediscovered it, and I like it a lot :-))

Leonardo Herrera
Saturday, May 18, 2002

I'm not sure whether this is new.net, but at least one spyware application used IE vulnerabilities to bypass the "Yes/No" dialog and directly install on the user's machine.

FYI, there are numerous hotfixes for IE appearing on a more-or-less weekly basis, with a "cumulative patch" coming out about once a month. Everyone, whether or not they are aware of the risk, is bound to be bitten at some time or the other - it's simply impossible to keep up with all of the patches; Script Kiddies and hackers generally have the upper hand.

I switched back to Mozilla when 0.9.5 came out, and haven't looked back since (except to read Hebrew sites, which Mozilla doesn't perfectly support yet). It's way faster, it kills pop-up ads, the tabbed browsing feature is a killer (even though the GUI for it is horrible by any standard). I've never left Netscape/Mozilla as mail software - the only thing Outlook does better for me is calendaring, and it does everything else worse.

People, if you're not ultra conservative, give Mozilla a chance (now at version 1.0 release candidate 2 - you don't need to be adventurous to use it). If you are ultra conservative, wait till the final 1.0 release is out, and then give it a try. It simply works well, and has much less chance of accidentally putting spyware of your computer (though the probability does exist - netscape did have it's share of vulnerabilities).

Ori Berger
Sunday, May 19, 2002

*  Recent Topics

*  Fog Creek Home