[Haiko de Poel, Jr.]

Responsible marketing and distrubution this isn't!

[bedelman]

Good find. Lots more where this came from, of course. Look especially closely at sites targeting children -- who are perhaps more likely to be tricked into pressing YES.

It's also troubling to see VeriSign standing by and letting this happen -- issuing (and failing to revoke) certs used for these misleading installations. I'm working on an article about this aspect of the ActiveX/drive-by problem.

[UncleScooter]

I have gotten this before as well. If your browser takes more than a few seconds to get to any given address, it redirects to their web site. Was fairly easy to get rid of though, had to delete it from the registry.

[Leader]

Quote:

Originally Posted by scohaz

Was fairly easy to get rid of though, had to delete it from the registry.

Messing with the registry doesn't sound like something most people would find "easy..."

[ecomcity]

Does this count as an example of an Adult Adwhore (SAHS) paying some freebee pervert to sucker punch a 6 year old.

[bedelman]

I just posted a new article specifically on the subject of this deceptive method of installation. I've provided some particularly outrageous examples -- for example, an ActiveX signed by a company purportedly called "Click yes to continue." Also notable, and in fact the subject of my new article, is the fact that VeriSign allows and profits from these scams -- failing to enforce VeriSign's own rules as to accuracy in company names and as to prohibition against deceptive, malicious, or harmful installations.

How VeriSign Could Stop Drive-By Downloads

[ecomcity]

I say some quotes online from that article. Good sleuth work there Ben. The Feds are dying to make some of big networks and datamining perps like Comscore fork over huge fines in exchange for jailtime.

[UncleScooter]

I am on someone's spam list selling software at ridiculously cheap prices.
One day, I clicked on their link just to look and see what kind of site it is. This is where I got it.

Ben,
If you don't mind I will forward you the next e-mail I get like this. Of course they are all from different people, but it is very easy to pick them out.
The time I clicked on it, I got the bug and never saw a popup window or anything. It is obviously very easily and very secretively installed.

[websmith]

Can someone enlighten me on what exactly a drive-by-install actually is.

I assume it is catching some sort of spyware without any action by merely viewing a web page, but what is the mechanism in broad terms?

Is it to do with Activex X which I have always disliked as a way of distributing program code over the net as it is too dangerous,

I have got all the Activex options set to either be Disable or Prompt.

I have Javascript and Java enabled as I have always assumed the latter is OK and the former makes the web much easier to use.

Les

[bedelman]

Websmith: A drive-by, to my mind, is any software installation that begins merely as a result of viewing a web page (other than a web page actually needing such software, or any web page specifically for the purpose of installing such software). An ActiveX installer fits this method, because the code (CAB file) is downloaded to a user's PC before the user is even told what's happening. Installation through security holes certainly also fits this definition.

Some folks think an installation is only a drive-by if user consent is not required at any stage of the process -- so security hole installations would meet the definition, but ActiveX installations would not, in general. Based on the harms users face from ActiveX installs, like what Haiko posted at the start of this thread, I think the better definition of drive-by is the more inclusive definition that includes the misleading ActiveX installations. But draw your own conclusions.

[Haiko de Poel, Jr.]

I spoke with Marc Braunstein (CEO of SaHS) today and after clarifying what actually transpired, we both agreed that this was NOT a drive by *install* but, notwithstanding, this advertising medium ... as is, was flawed in "ethical" downloadable app marketing.

More on this on our next Affiliate Marketing Today Radio Show 2/15/05

[bedelman]

It all depends on what "drive-by" means. Does a "drive-by" only occur when software is installed on a user's computer with absolutely no consent whatsoever? Or can we use that term to describe a misleading installation that begins randomly, as users perform some unrelated task, but admittedly still requires some user "consent" (e.g. pressing YES in a popup)? I think the term is still appropriate in the latter circumstance -- especially when the installation prompt was triggered by a totally unrelated site (particularly outrageous: a site targeted at minors or other unsophisticated users), and especially when the installation disclosures are deficient in any material respect. So I still think the term drive-by is appropriate for the screen-shot shown above.

[Drewbert]

Hey Ben,

How's your site holding up to being slashdotted for the http://www.benedelman.org/news/020305-1.html article? :^)

[ecomcity]

Take it too Verisign Ben as they have a simple cure to deceptive drive-by installs if the BHO perps and the IAB/DMA haven't paid in some hush monies.

[bedelman]

No problem with today's Slashdot'ing. DDoS has stopped, which makes things that much easier.

I think VeriSign is on shaky ground in issuing certs to facially invalid company names like "Click Yes to Continue." We'll see what happens...

[Drewbert]

The power of trust, yadda yadda.

Blerkkkkk.