“It looks like Microsoft tried to get a little benefit for itself when it repaired a serious security flaw,” Stephen H. Wildstrom reports for BusinessWeek. In early February, “Microsoft released a patch for a ‘critical’ vulnerability in MSN Messenger [that] went a bit further than was strictly necessary. During the course of installing of the update, the user is offered several options unrelated to security, one of which is ‘Make MSN My Home Page.’ It is checked by default. So if you don’t pay close attention — and you should always pay close attention to these options when doing any sort of installation — the next time you start IE, your home page will have changed. This is perilously close to the browser hijacking that’s a characteristic of many spyware programs.”
“Microsoft should be ashamed of itself for trying to turn its own security flaw to its commercial gain. There’s no reason to believe that customers installing a mandatory security fix also want to change their browser home page to an MSN portal, and there’s even less excuse for trying to spring a change on the unwary,” Wildstrom reports. “Interestingly, the test version of Microsoft’s new AntiSpyware program does something similar. When it detects a browser hijacking, it attempts to change the home page to MSN rather than to a blank page or a page of the user’s choosing, in effect, hijacking the already hijacked page. It’s Microsoft’s privilege to set MSN as the default home page for Internet Explorer, but if the customer decides to change the setting, Microsoft should respect the choice and stop looking for sneaky ways to change it back.”
Full article here.
MacDailyNews Take: Anyone on Earth surprised?