Most of the lastest versions appear to install themselves using the ByteCode Verifier vulnerability in the Microsoft Virtual Machine. MS do not publish full system specs, and they use undocumented features
Fully patched systems don't get the stuff installed. Or - after others found this backhole, they decided to seal it. You can not
themself. So, what other companies are doing? Yes, correct, they are experimenting, searching for the undocumented features. They found it, and no one can separate bugs and undocumented features. These are all results of MS approach _I am doing everything myself and do not want others to compete with me_. Ok, so please do not complain on those who uses your undocumented features, undocumented API (and ohh, it is not my API, it is a bug... as they are saying now). Are you sure that it is a bug, but not a backhole created by MS for themself? I am not. prove that it is a bug, as I can not prove that it was a feature. Any undocumented API is not different from a bug - it is just something which is not documented but exists.
I'm sure the authors are working on newer injection methods.... Just as MS is working on new undocumented API's. Of course, they are - hackers, spyware designers and MS developers... I do not see a difference.
Though the blame might be placed on Microsoft for having a flaw in their code, this wasn't part of any IE feature. Please, specify a difference between 'flaw in the code' and 'backhole created for their own purposes'. If they claim 'our developers use only specified API' and 'we specify and document every system call and every function which can be used legally, from technical point of view', then I agree. But they never did and never would. if they do it, they lost their monopoly. Result - full zoo of pets, pests, and other animals in every home computer running Windoze.
May be, this particular feature was a bug, I can agree - but I do not see a difference (still).
I do not blame MS, but what about spyware on MAC-s - is it so easy to write and install spyware there?
I don't really want to get into the argument of why people choose Sorry, it was a _technical_ question - is MAC OS known as having pests and ad-ware in the comparable numbers (if any)?
microsoft products to attack, but if someone was going to choose a product to attack, from which they were going to try and make the most money/impact off of, do you think they would choose the product with the largest user base? I think that's the case here. It would be a poor business decision not to, and these people are definetly out to make as much money as they can off of these exploits.
This is 100% legal at this point (and even if it is not legal, who bored about it outside of USA? No anyone!).
It really shouldn't be legal. It is someone gaining unauthorized
Hmm. Is it legal for MS developers (for example, office developers) to use undocumented APIs? What's a difference? What does it mean 'access' - you open my web page, and your IE download my GIF file - is it authorised (my GIF is installed into your computer)? You allow Active X to run, even if ActiveX can install software - it is enough to be authorised. These is common sense - if there is a road, it is authoruised to hike it (except if there is a closed gate or an angry dog on the way). At least, it is common sence on 90% of the world. Of course, we can create many laws making common sense useless, but do not expect anyone outside to follow it. Internet is not located inside, so - you can make a conclusion. MS provoked people to search for undocumented things - it is common sense which say me that it results in my home computer making unpredicted actions - and I can not blame spyware writers, I should blame MS writers... (I do not like spywriters, anyway, but they are making their business..)
access to computer systems and altering data on those machines. Not to mention that people are profiting from these intrusions. Of course, they are. MS is profited from undocumented API's, as well. Where is a difference?
-Brian