What can it hurt?
It's free content with no strings attached... But the shackles may chafe.
Thursday, February 17, 2005
BY : Brian Ashe
So you come across an advertisement for some great free content. It could be music, movies, pictures, adult content, etc. They don't want any credit card info or any personally identifying information other than an e-mail address. Hey, you're too slick to fall for that old gag anyway. You even gave them an e-mail address you just made up on a free e-mail service. So you won't get the spam they'll probably try to send for giving you the content.
Now all you have to do is quickly install a simple "viewer" program so that you can see and download it. Well, that makes sense, they may be giving it away for free to you because you signed up, but they don't want it going out on the P2P (peer to peer) networks or getting resent by you via e-mail and destroying their "free content to get a huge mail list" business model. So you read the first couple of lines about what it is they will install and then click through. It is just some little extension to the web browser. What could it do?
It can actually do quite a lot.
Internet Explorer (IE) is a much more complex piece of software than most people realize. It is not just something that displays simple text and images with the occasional animation in Flash™ thrown in. It is a full development platform. That means that anything you could do with a normal program you can also do inside of IE. So a malicious web site, if it can get you to say yes to just one "Do you want to install this extension?" pop-up, can take near complete control of your computer. This problem is not limited to IE, though it may be the most dangerous, as the Mozilla family of browsers (Netscape, Mozilla and Firefox) also allow extensions. They are simply more limited in what someone could do on your machine.
So just what could someone install this way? At best what is installed will track where you are going and launch pop-ups of ads related to the pages you are viewing (commonly known as ad-ware). At worst, it will be a full blown monitoring program (commonly called spy-ware) that tracks where you go, logs your keystrokes and sends that information to identity thieves. It may also download and install more software without your approval or knowledge and scan your harddrive for files that may contain information that can be used for further exploits like Quicken™ files or address books.
So when a website asks if it is OK to install something, click on cancel and get away quickly. There isn't anything free worth the risk involved.
|
