[opensource] New Web Browser

Brian Swaney swaney.29 at osu.edu
Thu Oct 25 13:53:14 EDT 2007


There is an option at the bottom of the page to manually download an
executable installer, but I made the point because ActiveX, at least by
my experience (with the exception of setting update.microsoft.com as
your home page) it's a really bad practice. Every month or so I had to
clean out trojans and occasional viruses (last big one was 4 backdoors,
a keylogger, and 1 delete-random-system-file-on-boot viruses, with 20 or
so trojans; I'm guessing downloaders played a big part but still...),
some appearing in a folder called "ActiveX Objects". After having this
friend install Firefox, telling the whole family not to use Internet
Explorer, and teaching them about malware, that got reduced  to maybe
once or twice a year at most. If OSU is to protect the campus from
viruses, ActiveX is not a good idea, but that's just my opinion.

Paul, I'm not sure what you mean by "in the context of your username".
You don't have to log in to install it, despite the license agreement
warning not to distribute the program to those not affiliated with the
institution. One of the school's public articles has the download URL in
a screenshot, which is where I sampled/honey-potted it from.

-Brian Swaney


On Thu, 2007-10-25 at 13:38 -0400, Paul Betts wrote:

> > but how does it "lock down" students' *entire*
> > interaction with the OS (e.g., prevent them from closing or minimizing
> > the browser)?
> 
> If they're running their own ActiveX control, they can do *anything they 
> want*. They are running arbitrary C++ code in the context of your username.
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.cse.ohio-state.edu/mailman/private/opensource/attachments/20071025/f15d262c/attachment.html


More information about the Opensource mailing list