1x1


ONLINE FEATURES Book Reviews BW Video Columnists Interactive Gallery Newsletters Past Covers Philanthropy Podcasts Special Reports BLOGS Auto Beat Bangalore Tigers Blogspotting Brand New Day Byte of the Apple Economics Unbound Eye on Asia Fine On Media Green Biz Hot Property Investing Insights Management IQ NEXT: Innovation NussbaumOnDesign Tech Beat Working Parents TECHNOLOGY J.D. Power Ratings Product Reviews Tech Stats Wildstrom: Tech Maven AUTOS Home Page Auto Reviews Classic Cars Car Care & Safety Hybrids INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads

FEBRUARY 24, 2005
HELP DESK
By Stephen H. Wildstrom

Microsoft Slips a Plug in a Patch
A security update may switch the home page of users to MSN. That's a dirty trick the giant should be ashamed of


  STORY TOOLS
Printer-Friendly Version
E-Mail This Story

Related Items
Help Desk Archive

POLL INSTANT SURVEY >>
With which of the following statements on outsourcing do you most agree?

The benefits of outsourcing to corporate America far outweigh the costs
There's an even split between the drawbacks and rewards
Any benefits are overshadowed by the loss of U.S. jobs
Unsure

VIEW POLL RESULTS >>
  PEOPLE SEARCH

Search for business contacts:

First Name :
Last Name :
Company Name :

PREMIUM SEARCH
Search by job title, geography and build a list of executive contacts

Search by Zoominfo
  Tech White Papers
Most Recent
Most Popular

Q: Last night I came home to find that my kitchen PC suddenly was using MSN, not Google, for its Internet Explorer home page. I was just changing it back, thinking the nanny had changed it, when my wife commented that all the PCs at her office had done the same thing. Then I found all my children's computers had done the same thing. As a point of principle, I'm deleting MSN Messenger from all my PCs since it appears that big brother Microsoft (MSFT ) has lost control of itself.

A: It looks like Microsoft tried to get a little benefit for itself when it repaired a serious security flaw.

Here's what seems to have happened to your computers. On Feb. 8, as part of a huge batch of Windows security updates, Microsoft released a patch for a "critical" vulnerability in MSN Messenger that could allow hostile code to be hidden in an image. Within a couple of days, information on how to exploit the vulnerability was circulating on the Internet, and Microsoft decided it needed to take further, more drastic action to protect Messenger users. So it made installation of the patch mandatory.


As of Feb. 11, users who had not updated their copies of the Messenger software were blocked from logging on to the instant-messaging service. Because of the nature of the vulnerability -- it could have compromised computers when users did nothing more than open an IM -- this was the right action to take.

However, Microsoft went a bit further than was strictly necessary. During the course of installing of the update, the user is offered several options unrelated to security, one of which is "Make MSN My Home Page." It is checked by default. So if you don't pay close attention -- and you should always pay close attention to these options when doing any sort of installation -- the next time you start IE, your home page will have changed. This is perilously close to the browser hijacking that's a characteristic of many spyware programs.

DOUBLE HIJACK.  Microsoft should be ashamed of itself for trying to turn its own security flaw to its commercial gain. There's no reason to believe that customers installing a mandatory security fix also want to change their browser home page to an MSN portal, and there's even less excuse for trying to spring a change on the unwary.

Interestingly, the test version of Microsoft's new AntiSpyware program does something similar. When it detects a browser hijacking, it attempts to change the home page to MSN rather than to a blank page or a page of the user's choosing, in effect, hijacking the already hijacked page. It's Microsoft's privilege to set MSN as the default home page for Internet Explorer, but if the customer decides to change the setting, Microsoft should respect the choice and stop looking for sneaky ways to change it back.


Wildstrom is Technology & You columnist for BusinessWeek. Follow his Flash Product Reviews, only at BusinessWeek Online
 BW MALL   SPONSORED LINKS
Buy a link now!


Get BusinessWeek directly on your desktop with our RSS feeds.XML

Add BusinessWeek news to your Web site with our headline feed.

Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video.

To subscribe online to BusinessWeek magazine, please click here.

Learn more, go to the BusinessWeekOnline home page
Back to Top


TODAY'S MOST POPULAR STORIES

  1. It's Too Darn Hot
  2. Why India Will Beat China
  3. The Diesels Are Coming. But Will Anyone Want Them?
  4. No Stock Offering for Wachovia_Yet
  5. Yahoo's Tenuous Case for Independence

Get Free RSS Feed >>
  MARKET INFO
DJIA 11632.38 +29.88
S&P 500 1282.19 +5.19
Nasdaq 2325.88 +21.92

Portfolio Service Update

Stock Lookup

Enter name or ticker



Copyright 2005, by The McGraw-Hill Companies Inc. All rights reserved.
Terms of Use | Privacy Notice

Media Kit | Special Sections | MarketPlace | Knowledge Centers
McGraw-Hill Cos.