Spyware Sucks : I ain't happy about this....., Internet Explorer 7

Always pay attention when you install software updates, otherwise you may end up with unwanted add-ins (and foot-in-mouth-disease)

sandi — Sat, 13 Jan 2007 04:23:00 GMT

It would be real nice if Andy Beal and his comrades in arms in various online news sites would concentrate more on accuracy, and less on sensationalism. If there is one thing that is sure to raise my hackles, it is misinformation, and grudging "updates".

There was an article posted on marketingpilgrim.com today, with the by-line "Exclusive - Yahoo Using Dirty Tactics to Switch Google & Firefox Users?"

The article states "Over email, Jarrod Hunt of Text Link Brokers explained how a recent upgrade to Yahoo Messenger includes an innocuous “auto-update” option. When the user gives Yahoo permission to “update” – what they think is just Yahoo Messenger – the updater downloads IE 7 (which we already know to be buggy) and then proceeds to hijack many browser preferences – including search engine settings."

This is what happened. "Jarrod" uses Yahoo Messenger. Yahoo Messenger prompted Jarrod to install an update. Jarrod agreed. Jarrod went with the default install. Jarrod ended up with an updated Yahoo Mesenger, but he also ended up with the Yahoo Toolbar, his home page was changed, and his search engine defaults were changed. Jarrod accused Yahoo Messenger of installing IE7.

Yahoo Messenger does NOT install IE7, and it took a comment posted more than 8 hours after the article went live stating "This story is a lie" for Jarrod to finally decide to check what version of IE he actually had installed, something that I suggest he should have done in the first place.

So what went wrong for marketingpilgrim? How could they get something so wrong, and allow an article with such a basic technical inaccuracy to go live?

First, Jarrod saw that he had tabbed browsing and he assumed that he had IE7, not realising that it was the Yahoo Toolbar that was creating the tabs as we can see from a comment that he posted more than 9 hours after the article went live that said "I’m looking at the version number in IE. It’s still IE6. I assumed that the new “Tabs” I was seeing were because of an upgrade to IE7. I have had IE6 for years now, and did not plan on upgrading. The new tabs I am seeing are part of Yahoo’s new toolbar. Don’t I feel like an Ass."

Ok, so maybe we can forgive Jarrod his knee-jerk assumptions when he saw the changes on his system. He is obviously unfamiliar with IE7. But why the heck would he automatically assume he has IE7 just because he has tabs? For example, the MSN toolbar gives IE6 users tabs and there are lots of skins and add-ons out there that give IE6 tabs. Not only that, the IE7 GUI changes are far more than just adding tabs to the Web browser as you can see if you check out the screenshots at www.ie-vista.com.

Putting aside the GUI issue, I am also concerned that if Jarrod is unfamiliar with even the basics of IE7 such as what it looks like, then how is he in a position to make an informed judgment about whether or not IE7 should or shouldn't be installed? I see a need for some research on Jarrod's part because IE7 brings with it very important security benefits - IE7, for example, was NOT vulnerable to virtually all of the exploits disclosed since it went into beta last year.

Andy Beal, on the other hand, is harder to forgive. It seems he did not check his facts before publishing the article. Did he write to Yahoo and ask for their comments BEFORE going live? Did he wait for a response? Did he install Yahoo Messenger to make sure that he could confirm the bona fides of Jarrod's complaint before going live?

Third, IE7 is not "buggy". There have now been over 100 million installations of IE7, and if marketingpilgrim's claims about IE7 being buggy were true then my sites, my forums and the newsgroups would be flooded with complaints. Instead, we are seeing no more than the normal problems that occur when software is updated - it is not technically possible to cover all scenarios, and problems do slip through (such as the printing bug a minority of users are having problems with), but that is no reason to advise *everybody* to avoid IE7. Reality is that users are far more likely to be part of the majority who have no problems, than the minority that do.

I've just checked the "IE7 is buggy" column that the article links to - it is dated 1 February 2006 and discusses a BETA of IE7 for chrissakes - not only that, it seems that the author tried System Restore *before* going to, you guessed it, Add/Remove Programs, to remove IE7 - he did things ass-backwards. Web sites not displaying properly? That's not an IE7 bug - its actually a problem caused by IE6 in that the affected sites were using various hacks to get around IE6 problems - problems that no longer exist in IE7. IE7 introduced many improvements to CSS compliance, and got rid of some long-standing, often complained about rendering bugs. We knew that there was going to be problems for site owners that used various IE6 specific hacks, and we did all we could to warn site owners during the beta, but it seems the author of that article would prefer the IE6 rendering faults to remain rather than be fixed? As for the 30 blank browser sessions, they are easily fixed, being a simple file type association mis-set.

Please let me make this perfectly clear. I hate software bundling, and have said so on this blog many times. I hate it that so many free products try to install toolbars or change my Web browser settings, whether it be Yahoo Messenger, or MSN Messenger, or Adobe Acrobat, or Sun Java or the myriad other products that try to do the same thing. The CNET article is right insofar as the default install of Yahoo Messenger changes your Web browsers home page and search engine settings an adds a toolbar and the Yahoo Messenger installation does NOT make it clear that these things will happen. It should NOT be necessary to select 'customise your install' or 'custom install' before you can see the tick boxes for the additional changes. But that being said, my strong dislike for bundling does not cancel out a similarly strong dislike for misinformation.

If you want to see what happens when Yahoo Messenger is updated, check out this video - for me, at least, the video quality sucks, but at least you can hear the commentary:
http://news.com.com/1606-2-6144280.html

Internet Explorer 7 Beta 2 Preview Build 5335.5 comes with a little extra tweaking...

sandi — Tue, 21 Mar 2006 10:54:00 GMT

Heads up: the latest IE7 Beta 2 Preview Build seems to include the activex 912945 update described here:
http://msmvps.com/blogs/spywaresucks/archive/2006/03/04/85409.aspx

Ok, this is a surprise and a shock. Maybe I've simply missed an announcement or heads up, but I don't remember any mention of the 912945 update being included in build 5335.5.

Granted, the changes will be included in the next security update, but it would have been nice to have some warning.

TrendMicro Antispyware for the Web causing issues again - this time nuking the Windows Genuine Validation Tool

sandi — Sat, 11 Mar 2006 00:46:00 GMT

Important Update: http://msmvps.com/blogs/spywaresucks/archive/2006/03/15/86345.aspx

------------------------------------------------------------------------------

This could prove to be a very serious problem.

The Windows Genuine Advantage Validation Tool *must* be installed before many downloads are made available to users via Windows Update and the Download Centre.

Trend Micro Antispyware for the Web is detecting the Windows Genuine Advantage Validation Tool KB892130 CLSID as Adware_iSearch. Once the CLSID is deleted by TMAS, the user will be re-prompted to download KB892130 the next time he or she goes to Windows Update.

Check out this thread:
http://aumha.net/viewtopic.php?t=18492&postdays=0&postorder=asc&start=0

I'm going to pass this on to George and Andy at Trend... we need to make sure that SMB product is not being affected in the same way - I'm betting it is.

Generally the Corporate (SMB) version is updated very quickly when false positives like this are found. Those responsible for the consumer space, including online web scan are much slower to react. Trend's history of delay in fixing false positives in the consumer versions of Antispyware will be a big problem this time. Please guys, let's get this sorted damned fast.

Charles (aka Chasbox in the aumha.net forum) did very well to draw the connection between TMAS and the Windows Update problem he is seeing. I've confirmed the problem on several PCs.

Here is the alert.

The threat details:

The CLSID key being flagged:

The key you see is the *only* entry in the Ext folder, therefore must be the source of the alert.

DO NOT ALLOW THE TREND PROGRAMME TO DELETE THE CLSID

BTW, Trend Micro Antispyware on the Web seems to be broken in IE7, at least it is for me... had to fire up IE6 on another PC on my network to confirm the false positive. Its a bit hard to select 'Start Scan' when there's no scan button to click on... ;o)

------------------------------------------------------------------------------

Update - 12 March 06, 12.10am Perth, WA time (+0800): The false positive has, apparently, been fixed for the packaged product (pattern 3.31) since 10 March, but NOT the online scan. I know, because I tested the online scan 10 minutes ago.

This is a source of ongoing frustration to me. The packaged product is fixed quickly when a false positive, but the online scan can be left, at times, for months. I despair.

Not happy with Softwarepatch.com

sandi — Sun, 05 Feb 2006 09:52:00 GMT

Softwarepatch.com are publicising the IE7 Beta 2 Preview on their site:
http://www.softwarepatch.com/windows/

The site makes no mention of the fact that there are Release Notes available (which, as far as I am concerned, is essential reading), nor does it mention that the download is targeted at Developers and IT Professionals. There is no mention of where and how to get support, nothing about the Developer and IT Pro checklists, nothing about the Technology Overview that is available. All there is is a generic warning about installing Betas.

And, they're wrong - its not "Beta 2" - it is a *Preview* of what Beta 2, when it is released, will be like.

I don't think it is a good idea for a third party site to link directly to the IE7 download while at the same time ignoring the documentation that goes with it. If softwarepatch want to pull hits to their site by publicising IE7 Beta 2 Preview then they should link to the Microsoft download page so that their readers get the benefit of the content that is available at http://www.microsoft.com/windows/ie/ie7/ie7betaredirect.mspx