Internet Explorer is the problem

Today, someone broke into the server on which my “Norwegian weblog”:http://antibiomatika.net/ is hosted. All due to what my host admitted to being a stupid human error — they booted the machine on which the site resides with the wrong kernel (a vulnerable 2.4.18 kernel) and opened themselves up for a root exploit.
I blame Internet Explorer for this problem.


No. You didn’t miss anything: _I blame Microsoft Internet Explorer_ for this problem.
Once more, with feeling: _Internet Explorer is the problem_.
You see, this particular breakin wasn’t done by the average scriptkiddie with a need to deface web sites with his “0wn3d” tag. The breakin was done by someone with an economic motive for breaking in.
On every index.html document on the server (and this being shared hosting, there were quite a few of these), the following code was inserted right after :
bc.
A friend of mine discovered this, because her computer crashed every time she went to my site, after some porn program had tried to install itself on her computer. If we look at the document referenced in the iframe, it contains:
bc.


The middle document, tool.html is the culprit here, as it points to http://install.xxxtoolbar.com/ist/scripts/prompt.php – a Javascript that attempts to do a drive-by-install of a porn toolbar ActiveX control. The spyware in this case is known as “ISTbar.Slotch”:http://www.safer-networking.org/index.php?page=threats&detail=586. According to the info on “Spybot Search & Destroy”:http://www.safer-networking.org/ it Tries to install the FCI dialer on nearly every window <it opens.
So, as you see, the people who attempted the breakin on my hosts server had a clear economic incentive to break in and silently altering web pages. And they do know how to hide their tracks. The domains pointed to reside in Latvia, Panama, Russia and Canada, and I wouldn’t be too surprised if the whois information is as fake as a blow-up doll.
So, _I blame Microsoft Internet Explorer for this problem:_ If Internet Explorer hadn’t made users such an easy target for scams, these scumbags wouldn’t have had the same incentive to break in and mass-alter web pages
If this collection of organized criminals were unable to use _a browser_ to hijack someone’s phone line and monitor their habits, the sites involved would never have been a target.
My Norwegian blog is entirely non-commercial, and I discovered the problem within a few hours, so I didn’t loose any money over this, just time and temprament. But, for a small-time Internet business, this could have been a lot worse. Being tainted with having “installed porn” on a users machine might drive customers away on a permanent basis and ruin your reputation.
And I repeat: None of this would have happened if Internet Explorer had been a safe, sandboxed browser to begin with. A web browser has no business whatsoever installing software. _None, never!_

Previous Post
Next Post

6 Comments

  1. All three major Windows browsers allow a web page to install software with one click from the user:
    IE: ActiveX
    Firefox: XPI
    Opera 7.23: Downloading a .exe file
    Button names: Firefox has Install Now/Cancel, which is clear. Internet Explorer has Yes/No, which is common on Windows and too vague for a security dialog. Opera has Open/Save, which is downright deceptive — “Opening” something should never cause untrusted software to run on your computer unsandboxed.
    Default button: Only Firefox gets this wrong and makes “Install Now” the default button.
    Warning: Firefox’s warning is clear and in bold. Internet Explorer’s is vague and buried. Opera has no warning.
    Distractions: Internet Explorer’s dialog makes a big deal of the fact that the code is signed, making it seem safer than it is and making it less likely that a user will see the warning.
    I don’t think this is a good thing, but IMO you’re wrong in attacking Internet Explorer when other browsers are comparable.

  2. Ok, let me clarify: The problem is “drive-by-downloads”:http://whatis.techtarget.com/definition/0,,sid9_gci887624,00.html.

  3. Well, if you ask me, the problem is rather users who doesn’t update their systems. I tested the link in mention on an un-trusted machine with fresh updated OS (Win XP Home ed.) and IE, and nothing was installed.
    Internet Explorer might be a very poorly made program – but all systems will have faults and flaws, and the user is responsible for keeping his or her system updated.

  4. I agree that Internet Explorer is a problem, but I won’t give it all the blame. The biggest problem is users. Users who don’t update their systems. This is, however, just a result of Microsoft’s poor security policy. With systems older than Windows 2000, it’s afaik impossible to get automatic updates. And in 2000, the automatic update isn’t installed out of the box.
    Microsoft has made all their software too difficult to update, and much too easy to attack. They have had every pipe open by default, and are trying to close them one by one now. Needless to say; it’s too late.
    If a good security policy with automatic updates were enforced from day one, you wouldn’t see these kinds of problems. People would get the updates without any fuzz, and the pipes wouldn’t be open by default.
    So, when push comes to shove, the problem isn’t Internet Explorer or the users of the browser, but Microsoft itself. If the company did everything right, there would still be problems, but they would be itsy bitsy compared to those we see today.

  5. steven hopper

     /  2006-01-13

    Right on track. Now how about something on anti-spyware comapnies who spoof trial users into buying their product? Including freeware ones who seem to devise ways to motivate users into making ‘donations’?

  6. Steven, there is a “permanent solution”:http://www.ubuntu.com/ for that.