Protecting Against DriveBy Downloads of IE Add Ons

A recurring cause of instability in Windows machines is attributable to what's sometimes called "drive-by" downloads from the Web. How many times have you visited a website only to see a popup dialog box saying you need to install software for the website to work on your browser? Sometimes it's clearly stated why this is necessary (for playing a video, a proprietary sound file, or Flash animation, for example), and other times, the reason is not so clear. All you know is that you are faced with the decision of letting some (typically) unknown source install software on your computer so you can enjoy the web page, or opting out and moving on. Maybe you assume it can do no harm because it's only an addition to IE and not to your operating system. But because IE is often the back door through which viruses, adware, spyware, Trojan horses, and other malware infect your computer, being cautious at this juncture is extremely important.

These spur-of-the-moment additions that websites can push at you are called IE add-ons, and they are typically ActiveX controls (although not all are). ActiveX controls and active script (sometimes called script or JavaScript) are small programs used extensively on the Internet. Without scripts, websites would be much more static and boring. Script and ActiveX controls allow all sorts of animation and other entertaining features on the Internet. Websites become more interactive by offering customized content based on information about your computer, your browser, and so on. Common addons include extra toolbars, animated mouse pointers, stock tickers, and pop-up ad blockers.

Add-ons can be installed from a variety of locations and in several ways, including these:

• Download and installation while viewing web pages

• User installation via an executable program

• As preinstalled components of the operating system

• As preinstalled add-ons that come with the operating system

A risk of add-ons is that these programs can also be used to collect information from your computer for harmful purposes. After 6 months or a year of surfing the Web with IE, many users don't recall what add-ons they authorized and don't know what those add-ons might be doing to compromise the stability of their systems.

You could unknowingly have many add-ons installed. This can happen if you previously gave permission for all downloads from a particular website, or because the add-on was part of another program that you installed. Some add-ons are installed with Microsoft Windows. You'll sometimes be given more information about potentially damaging add-ons so you can make an informed decision about installing one. Some add-ons have digital signatures that verify who wrote them. This is called a certificate. IE verifies a signature and can tell you if it's valid. If a signature is reported as invalid, you definitely shouldn't trust the publisher as asserting a truthful identity. Allowing installation of ActiveX controls that have invalid signatures obviously is not recommended and introduces additional risk to your computer.

IE blocks file downloads in these circumstances when you are using the default security settings:

• When a file has an invalid signature on its certificate

• When a file has no signature on its certificate

• When you or someone else who uses your computer has blocked the source of the file

Even if an add-on has a legitimate certificate, it doesn't mean the program won't mess up your computer. In the end, it is your decision whether to install an add-on. Make the decision based on whether you know the source to be trustworthy. After installing an add-on, if your system or IE becomes unstable, use the information in the following section to track and remove the add-on.

Certificates provide authoritative proof of identity to establish trust between two parties in an online transaction.

Was this article helpful?

0 0
Its a MAC

Its a MAC

Get All The Support And Guidance You Need To Be A Success At Using Your MAC. This Book Is One Of The Most Valuable Resources In The World When It Comes To The Tips And Tricks Of Having Fun With MAC.

Get My Free Ebook


Post a comment