ClmsnTgrFan
Thrifty, Not Cheap
Premium
join:2001-06-02
Crestview, FL
clubs:
| reply to andy_c
Re: Win Explorer wants to connect to sa.windows.co
Yeah, this is known behavior. I won't say expected behavior, because I agree it is not expected. Here is an article at the Register about it.
In and of itself, it doesn't seem too bad, but why would it do that by default? Seems like something the user should have to want it to do. |
|
andy_c
join:2001-01-31
Louisville, CO
 ·ViaTalk
| Thanks for that article reference. It covers what I was seeing with Media Player as well.
This all came about when I started thinking about an issue that came up at work. I work for a company that makes a very expensive (5 figures) piece of software. It uses a third-party protection scheme which is known to have been defeated by crackers. Our code actually uses the IWebBrowser COM interface to Internet Explorer to connect to a web site, and upload and log IP address and registration key information in an attempt to identify known cracked license keys. Even people who have personal firewall software will usually still allow Internet Explorer full access, so this process will typically go undetected. I realized that this whole IWebBrowser interface issue represented what I consider to be a significant risk, if not to security, then at least to privacy. So I decided that connecting through Internet Explorer was something I didn't want my system to do at all.
Getting back to these MS programs connecting without my consent, there's another thing that's still bugging me: I wasn't getting these messages when I allowed Proxomitron (and thus IE through HTTP) full access. So this says these programs are trying to connect in two different ways - first through the back door of IE (probably using the IWebBrowser interface), then using code within the program itself. This sure looks to me like "Try the least easily detected technique first, and if that doesn't work, try the more efficient but more easily detected approach of using code that's within the program itself". As a developer myself, I can't think of a good explanation for attempting a less efficient approach first, other than just being sneaky.
Andy C
[text was edited by author 2002-11-25 12:41:06] |
|
ClmsnTgrFan
Thrifty, Not Cheap
Premium
join:2001-06-02
Crestview, FL
clubs:
| Glad the article was useful.
Do you have any references for the IWebBrowser thing? I haven't heard of it before, but it sounds like a huge security hole. I did a few quick web searches, but found nothing that really explains it.
Thanks. |
|
andy_c
join:2001-01-31
Louisville, CO
·ViaTalk
| Here's the MSDN info: http://msdn.microsoft.com/library/default.asp?url=/workshop/browser/prog_browser_node_entry.asp
The method for sending data to a web server is the IWebBrowser2::Navigate() method described here:
http://msdn.microsoft.com/workshop/browser/webbrowser/reference/IFaces/IWebBrowser2/Navigate.asp
Notice the fourth argument, "PostData". That's the data to send to the server. Here's the description: "PostData [in] Pointer to data to send with the HTTP POST transaction. For example, the POST transaction is used to send data gathered by an HTML form."
Andy C
[text was edited by author 2002-11-25 13:46:57] |
|
