Here's a few things that I use to prevent such things from starting: Utility to disable WSH http://www.symantec.com/avcenter/venc/data/win.script.hosting.html Finjan's freeware anti exe/vbs/java/activex/etc jobbie http://www.finjan.com/surfinguard/ And a stack of Pop-Up killers (not security per se, but stops the annoying little barstewards) http://www.freewareandstuff.com/popup.html #include the_same_old_disable_java_in_your_browser_comment.h Cheers, JJ ----- Original Message ----- From: "Jeff Miller" <jrm.waat_private> To: <vuln-devat_private> Sent: Thursday, September 13, 2001 7:50 PM Subject: Unscrupulous websites installing apps > I have a user who *somehow* got caught in one of those websites with > cascading window traps that opened up a bunch of new browser windows for > him. One of those windows was a prompt to install a program with the > choices YES and NO. He clicked the x in the corner instead, only to find > that somehow a program had been installed into his program files dir > complete with a shortcut in the start menu. > > I haven't seen this, but I'm wondering if it's possible for someone to > defeat IE's security that easily and actually install an application. Does > anyone know how this is done? > > Sorry I don't have any examples. >
This archive was generated by hypermail 2b30 : Fri Sep 14 2001 - 10:11:17 PDT