Finjan's site also has a number of tests, including one page which just creates a directory on your desktop and copies some files into it. Which, I must say as an independant consultant, are frikkin good, especially the desktop version - which checks HTTPS too. It's great for explaining to management why you need Finjan products.... ....but only really applicable to high security environments. (banks, FIs etc) Dom -----Original Message----- From: Nexus [mailto:nexusat_private-way.co.uk] Sent: 14 September 2001 15:27 To: Jeff Miller; vuln-devat_private Subject: Re: Unscrupulous websites installing apps Here's a few things that I use to prevent such things from starting: Utility to disable WSH http://www.symantec.com/avcenter/venc/data/win.script.hosting.html Finjan's freeware anti exe/vbs/java/activex/etc jobbie http://www.finjan.com/surfinguard/ And a stack of Pop-Up killers (not security per se, but stops the annoying little barstewards) http://www.freewareandstuff.com/popup.html #include the_same_old_disable_java_in_your_browser_comment.h Cheers, JJ ----- Original Message ----- From: "Jeff Miller" <jrm.waat_private> To: <vuln-devat_private> Sent: Thursday, September 13, 2001 7:50 PM Subject: Unscrupulous websites installing apps > I have a user who *somehow* got caught in one of those websites with > cascading window traps that opened up a bunch of new browser windows for > him. One of those windows was a prompt to install a program with the > choices YES and NO. He clicked the x in the corner instead, only to find > that somehow a program had been installed into his program files dir > complete with a shortcut in the start menu. > > I haven't seen this, but I'm wondering if it's possible for someone to > defeat IE's security that easily and actually install an application. Does > anyone know how this is done? > > Sorry I don't have any examples. >
This archive was generated by hypermail 2b30 : Fri Sep 14 2001 - 13:25:05 PDT