Internet Explorer 7 in toolbar mayhem
By anyweb, October 2006.This post is mirrored here.
Introduction
* part 1 - smileys anyone ?
* part 2 - a handful of toolbars
* part 3 - more toolbars !!
* part 4 - more toolbars plus can we reset Internet Explorer ?
Introduction
I've read many articles about Internet Explorer's 7's new security features and coupled with the imminent release of Vista this got me interested. I recall seeing a rather funny screenshot (which I found on the internet) which showed Internet Explorer 6 in Windows XP stuffed full of spyware/toolbars/etc.
I wanted to see if IE7 was any better than that screenshot of IE6, how would it cope with a user that simply clicked 'yes/allow/next/accept' to everything that was presented to them.
In addition, I wanted to see how the User Account Control reacted to this, and in the end, could I restore IE7 to it's former glory.
Please remember, this test assumes that the end-user clicks 'yes/apply/accept/next' to just about anything, so security or not, how will IE7 cope with a click happy toolbar junkie? The test was carried out on a full install of Windows Vista Ultimate Edition version 5728 (Aero was not enabled) with IE7 as shipped. I used the default user that Vista prompted me to create at the end of the install which according to Users/Groups, is a member of Administrators.
Unless otherwise mentioned, all of the software installed for this test is not considered to be spyware (according to the manufacturers of said software), I'll leave you to make up your mind about that.
Back to top ^^
Part 1
Smiley's anyone ?First of all here's how IE7 looks before I started the test.
Pretty standard. Nothing much to write home about. ok now lets head over to a well visited site called smileycentral (why anyone WOULD go there voluntarily is still beyond me...). IE7 prompted me to install Adobe Flash Player 9 as you see in this screenshot
I clicked on 'install' and IE7 now renders the smiley site correctly (or so i believe, trust me when I say this was the FIRST and LAST time I went to that site) and still no smiley things stuck to my IE7 yet. Now that I can view the site correctly, I click on 'download now' and I'm prompted to install an Active X script via a yellow WARNING bar at the top of IE7.
Next I click on that warning bar and choose 'install Active X script', then I am prompted twice to accept some new software, the first time the details of which are listed as some cryptic {Bd......} registry class looking key, the second time it mentions 'Ask Jeeves' So I click 'install' of course !.
Once done, another big box appears 'Internet Explorer Security'
This one is interesting as it notes that the program, will open outsite of protected mode. Being the windows-noob that I am, I click 'Allow'. Amazingly enough, IE7 or Vista, or something seems to have caused the smileycentral program to fail to install. All is not lost however, as it wants us to try a 'manual install' instead.
After clicking on the manual install download link, I chose 'run' to install it. Vistas User Account Control protection popped up asking me did I want to allow the program to 'run', I clicked 'continue'. I then clicked 'accept' to the smiley EULA, and 'Finish'.
Ok, now I'm getting somewhere ! IE7 is now starting to look more 'used'.
Next I type in http://www.live.com (IE7's default page) to see whats new. I can now see that IE7 displays the page fine but at the bottom right hand corner in IE, it says 'Internet Protected Mode OFF' whereas in the the original screenshot it was Internet Protected mode ON (the default).
Hmm, ok time for the next stage, I opened up windows Task Manager to see if things look interesting, and sure enough, our smileycentral fiends have added a new process to my list - gee thanks.
In addition to loading a new process, they have very kindly placed some registry entries on my computer, one of which is pictured below.
Next up I closed IE7 and restarted it, this time http://www.live.com came up in protected mode. Interesting !.
Back to top ^^
Part 2 >>