Lobo042399
asked on
Spyware bundled with IE???
Hi guys,
This is a creepy story so make sure you read it with your lights on. Since I noticed the problem I've replicated it with the same result. Here it goes:
I'm helping a friend of mine build his first machine from scratch. Brand new case, mobo, CPU, hd, and a his own clean legal Windows XP CD. Recycled CD-RW and RAM.
After the first boot he's beaming at seeing his machine actually work. XP is installed with default settings. Then we install Norton Internet Security and Norton Systemworks. GoBack comes next. Then we install Spybot S&D and AdAware. Nothing else is installed in the machine and the box has not been connected to the Net. We run Spybot and it finds a DSO Exploit and the Alexa browser object. AdAware finds two more Alexa-related files and removes them.
Where did these come from? The box hasn't been connected to the Net once since it was built and no other software was installed besides the mentioned above.
Here's another example. While resetting one of my machines, I reinstalled W2K and after installing a couple drivers I proceed to install NAV, Internet Security, and GoBack. Again, I install Spybot S&D and AdAware. Again, Spybot detects the DSO Exploit and Alexa. Again AdAware detects two more Alexa files. All in removed. I run Windows Update and install SP4. After rebooting Spybot and AdAware report nothing. I run Windows Update again and install the Update for IE 6. Machine is rebooted after that. This time Spybot and AdAware find the same DSO and Alexa files... again! And this time the DSO is proving a bit harder to remove. I'll figure that out, tho. What is really bothering me is the possibility that Microsoft is bundling this Alexa crapware INSIDE distributions of IE? and why? The only thing that was installed in between a clean machine and an Alexa report was the IE update.
If any of you guys have an extra box that you can use for a test, give it a try. Since this is not really a Question I'm offering the points as an incentive to test this stuff and try to figure out what's going on with IE and Alexa.
Good Vibes!
Lobo
This is a creepy story so make sure you read it with your lights on. Since I noticed the problem I've replicated it with the same result. Here it goes:
I'm helping a friend of mine build his first machine from scratch. Brand new case, mobo, CPU, hd, and a his own clean legal Windows XP CD. Recycled CD-RW and RAM.
After the first boot he's beaming at seeing his machine actually work. XP is installed with default settings. Then we install Norton Internet Security and Norton Systemworks. GoBack comes next. Then we install Spybot S&D and AdAware. Nothing else is installed in the machine and the box has not been connected to the Net. We run Spybot and it finds a DSO Exploit and the Alexa browser object. AdAware finds two more Alexa-related files and removes them.
Where did these come from? The box hasn't been connected to the Net once since it was built and no other software was installed besides the mentioned above.
Here's another example. While resetting one of my machines, I reinstalled W2K and after installing a couple drivers I proceed to install NAV, Internet Security, and GoBack. Again, I install Spybot S&D and AdAware. Again, Spybot detects the DSO Exploit and Alexa. Again AdAware detects two more Alexa files. All in removed. I run Windows Update and install SP4. After rebooting Spybot and AdAware report nothing. I run Windows Update again and install the Update for IE 6. Machine is rebooted after that. This time Spybot and AdAware find the same DSO and Alexa files... again! And this time the DSO is proving a bit harder to remove. I'll figure that out, tho. What is really bothering me is the possibility that Microsoft is bundling this Alexa crapware INSIDE distributions of IE? and why? The only thing that was installed in between a clean machine and an Alexa report was the IE update.
If any of you guys have an extra box that you can use for a test, give it a try. Since this is not really a Question I'm offering the points as an incentive to test this stuff and try to figure out what's going on with IE and Alexa.
Good Vibes!
Lobo
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
And yes, it will show up on any PC that has IE at least any version that incorporates the Related Links feature.
Here's a great article i found:
http://www.imilly.com/alexa.htm
especially the part about redirecting the Related Links to use google!
http://www.imilly.com/alexa.htm
especially the part about redirecting the Related Links to use google!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi dis & asta,
Thanks for the heads up on Alexa. It sux that MS is including it anyway. I do not use IE but still, I'd rather have my machine clean of any of that... ummm... stuffware.
The DSO Exploit reported by Spybot is a bug. I did a bit of research on it and found that the guys at Spybot are aware of it and will fix it in the next update so I can breathe easy on that one. Here's a post by Team Spybot at their official forum regarding the issue:
http://forums.net-integration.net/index.php?showtopic=17159
Good Vibes!
Lobo
Thanks for the heads up on Alexa. It sux that MS is including it anyway. I do not use IE but still, I'd rather have my machine clean of any of that... ummm... stuffware.
The DSO Exploit reported by Spybot is a bug. I did a bit of research on it and found that the guys at Spybot are aware of it and will fix it in the next update so I can breathe easy on that one. Here's a post by Team Spybot at their official forum regarding the issue:
http://forums.net-integration.net/index.php?showtopic=17159
Good Vibes!
Lobo
Thanks, Lobo, I could not agree with you more, though we choose to use IE due to the number of end-users and the OS that aligns with it. Doesn't mean we're not 'exploring' alternatives. It sure keeps us all challenged; but so often because of history and other issues, the IE element fixes things that developers err on that other Browser's don't (good news and bad news, of course). But can't help thinking that if we were more aggresively working with MS, we could use the various feedback options to help them help us better than we do in terms of escaping to other solutions because of the "big guy" and all those other syndromes, IMHO. But that said, also researched the issue of DSO exploits extensively when I saw all the hits on our systems, and managed without problems to get rid of all such occurrences, using IE.
If you like, I'll be happy to post the step-by-step, if still an issue when I get to those systems sometime this weekend. They've never reoccurred.
":0) Asta
If you like, I'll be happy to post the step-by-step, if still an issue when I get to those systems sometime this weekend. They've never reoccurred.
":0) Asta
ASKER
Hi asta,
I've seen a couple of Registry fixes for the DSO (bug) thing. Mine is under control and I'm gonna wait for the Spybot fix.
I've been a Netscape user since waaay back and the only times I use IE is when some clueless designer has used so many FrontPage extensions in a site that it won't render on anything else. A lot of people I know is using encarnations of Mozilla (FireFox seems to be very solid) and I've seen small companies using Netscape and Netscape Mail to avoid the bugs that plague IE and Outlook. There are alternatives out there.
Oh, the fixes for DSO, better let me create a new Question with DSO in it. That way the PAQ becomes usable to others.
Good Vibes!!
Lobo
I've seen a couple of Registry fixes for the DSO (bug) thing. Mine is under control and I'm gonna wait for the Spybot fix.
I've been a Netscape user since waaay back and the only times I use IE is when some clueless designer has used so many FrontPage extensions in a site that it won't render on anything else. A lot of people I know is using encarnations of Mozilla (FireFox seems to be very solid) and I've seen small companies using Netscape and Netscape Mail to avoid the bugs that plague IE and Outlook. There are alternatives out there.
Oh, the fixes for DSO, better let me create a new Question with DSO in it. That way the PAQ becomes usable to others.
Good Vibes!!
Lobo
Sounds totally excellent! Firefox has top-notch reviews so far.
":0) Me
":0) Me
Wow, thanks, Lobo. I feel special .... and seriously, I learned in this process and sure appreciate your thoughtfulness.
Best wishes and smiles,
":0) Asta
P.S. This was the manual process for DSO Exploits that helped me a bit more than my other 'finds':
http://www.dslreports.com/forum/remark,10295736~mode=flat?hilite=DSO+Exploit
Best wishes and smiles,
":0) Asta
P.S. This was the manual process for DSO Exploits that helped me a bit more than my other 'finds':
http://www.dslreports.com/forum/remark,10295736~mode=flat?hilite=DSO+Exploit