Home > Computers and Internet > Over Security Insecurity

Over Security Insecurity

The other day I was at my in-laws and while using their Windows XP computer, tried to do a search in Internet Explorer 8. I go to Bing, and something odd happened, the Bing picture didn’t load. No big deal, but when I tried to type in the search bar, no characters appeared in the search box. The browser had Google set at the search provider, so I did my search there and found what I wanted. But I wanted to see what else might be blocked on this computer. So I went to Google, Yahoo!, Ask, and Dogpile and at all of the websites I could not type into the search bar. I found it very odd that whatever was blocking these was allowing me to use the search provider of the browser, but not the websites directly.

One other thing that I noticed was how prevalent and in-your-face Norton was on their computer. For instance, every search result has a little green check box next to it, showing that Norton approves of the website. Also ,the Norton bar was loaded into Internet Explorer with a search box of its own called “Safe Search”. So I tried safe search and that ended up doing a search from Ask, but with Norton styling overlaid on top of it.

The next thing I tried was to find the Internet Options in the Windows Control Panel, but it wasn’t there. From Internet Explorer, trying to access its options only resulted in a pop-up saying that the option was disabled. Suspecting a virus I decided to explore further.

I opened up Firefox and Chrome and went to the different search websites. I wasn’t blocked from doing searches from any of them. The other thing I noticed was that Norton didn’t have a toolbar in these browsers.

It turned out the problem was Norton. Norton went out of their way to prevent Internet Explorer from doing web searches that weren’t using Norton Safe Search (unless it was from the search provider). To take complete control over Internet Explorer, Norton disabled the computers Internet Options. I cannot describe in words how stupid this is. The end result was that my in-laws didn’t know what was wrong with Internet Explorer and started using other browsers “because they work”. So Norton, in an attempt to protect the user from themselves, locked down Internet Explorer so much that it became undesirable. Which in turn, caused the users to use products that Norton didn’t have locked down. The end result is that in Norton’s attempt to have more control over the computer, it ended up having less control. If Norton really wants to lock down a computer to force the users of the computer to use their Safe Search, Norton is going to have to find a way to lock down all of the browsers.

Having discovered this as made me wonder what threat Norton is trying to protect users from. I’ve heard of one which involved Google image search. What happens is that a website is infected, and by going directly to the webpage nothing bad happens. But when the images from the website are loaded in a Google search result, images are shown that redirect to websites containing malware. I recently discovered one more which involved SQL injection attacks in the urls of search results. In either case, the search results are being hijacked and don’t do anything bad to your computer directly. They just redirect your session to a website that tries to do something bad to your computer.

So if Norton really wanted to protect users from these types of attacks they should block the users computer from viewing images from Google. The solution Norton came up with though, of locking down IE, did nothing to protect their customer. The real solution is not to block users from going to websites, it’s to block websites from installing programs and block RPC’s from browsers to other executables. Blocking RPC’s won’t happen though, because that would block Flash, and no one is going to do anything that blocks Flash. Plus, some website could figure out a way around Norton, so instead of attack the problem head on, Norton decided to give the users a false sense of security and horrible user experience.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: