RE: Link "Hijacking"?

From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Wed Jan 30 2002 - 07:49:01 MST


Loree Thomas wrote,
> You misunderstood... It didn't install itself without
> my knowledge. It was one of the components listed in
> the set up screen. I could have chosen not to install
> it.

I am glad that you had such a choice when you installed it. I have no
objection to this. However, what you seem to have missed is that this
software is bundled with other products and gets installed without
permission. Most people don't know it is being installed, and they never
requested it. They just suddenly find these unsolicited links popping up in
menus on their browser. They don't know why they are there, where they are
coming from, or how to get rid of them. I pointed to this particular site
because they had a script to detect if the software was present on your
machine, as an aid for people who don't know what is going on. I have no
objection to you using the software if you desire this type of behavior.

> nor does it hijack links or direct children to
> porn sites (I noticed you choose not to respond to
> that part of my complaint with the "Scumware"
> website!).

You don't consider it hijacking because you chose this behavior. Imagine if
you didn't want this, but still found it installed on your computer without
permission.

As for the porn, this is a well-known problem with search engines. Porn
sites often list lots of keywords on their site to get any search engines to
list them. Searches often bring up porn sites that have nothing to do with
the search. This is one of the annoyances of the Internet, but it is a
known annoyance. TopText is no different than other search engines in that
it sometimes displays porn links. Now imagine these unsolicited porn links
popping up in the link menus on your child's computer because of software
that appeared without your permission. I think your attitude would be a
little different if you had not chosen for this software to be installed.

> You are a security professional... at least that is
> what is says in your sig. I trusted you. I went to
> that website on your recommendation... My trust is
> now less than before.
>
> Save the "Security Alert"s for actual security
> hazards. Using it this way merely dilutes your
> credibility.

I'm sorry that you felt this was a waste of your time. The security angle
for many of us is that we want to control what software runs on our
computers. Any software that can install itself without permission or run
without our knowledge is a big security whole in our computer controls. If
a computer can start doing things that I don't want because some outside
person decided that they wanted this on my computer, this is a classic
security risk.

--
Harvey Newstrom, CISSP <www.HarveyNewstrom.com>
Principal Security Consultant, Newstaff Inc. <www.Newstaff.com>
Board of Directors, Extropy Institute <www.Extropy.org>
Cofounder, Pro-Act <www.ProgressAction.org>


This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 13:37:37 MST