[Full-Disclosure] Re: Origin of the term "driveby download"

From: Brian McWilliams (brian@pc-radio.com)
Date: 01/31/03

  • Next message: KF: "Re: [Full-Disclosure] RE: [tFull-Disclosure] SQL Server patch - why doesn't Windows update help?" 
    To: "Richard M. Smith" <rms@computerbytesman.com>, <full-disclosure@lists.netsys.com>
From: Brian McWilliams <brian@pc-radio.com>
Date: Fri, 31 Jan 2003 10:23:58 -0500

    At 07:49 AM 1/31/2003, you wrote:
    >Yes, there is ActiveX warning message for a driveby download, but I
    >think it is classic "blaming the victim" to call users who click the yes
    >button as "stupid". Most computer users today just see a computer as a
    >tool and they are not programmers. Vendors like Xupiter and Gator are
    >working the percentages by relying on users to not read the warning
    >boxes carefully enough and hope they hit "Yes" button to make the boxes
    >go away as quick as possible.

    I have a hard time feeling real outraged on behalf of the kind of users you
    are describing. Anyone who 1) visits the sort of sites where Xupiter is
    offered, and 2) has their IE security settings low, and 3) is in the habit
    of impatiently clicking "yes" to any prompt that comes their way ... well,
    that's like driving drunk while talking on a cell phone.

    To protect these folks against this kind of scumware, perhaps we need the
    digital equivalent of air bags. When are antivirus products going to add
    detection for Xupiter et al?

    Brian

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    • Quantcast