Sunday, October 3, 2010

Do you want the following program to make changes to this computer

Similar to an item mentioned in another article, this is yet another annoying message from Windows:

Do you want to allow the following program to make changes to this computer?

Program name: Microsoft Windows
Verified publisher: Microsoft Corporation
File origin: Hard drive on this computer
CLSID: {BDB57FF2-79B9-4205-9447-F5FE85F37312}


The above is what you get. Who knows what it's about? Apparently, it is some program *using* Microsoft Windows to do something, but what? Unfortunately, Windows, which in my case was being hijacked by a malicious site won't tell you. You just have to take your chances.

In my case, the thing causing this was a 'pop-under' window attempting to serve up an advertisement for through a known adver-spamming outfit at using a tortured series of obscured calls going from one server to another, planting web 'bugs', etc. This is not even close to anything legitimate which I did or would agree to start loading software on to my machine.

It should be against the law for these firms to do this sort of thing. In fact, it may already be against the law. Meantime, it flies under the radar by taking advantage of what I could only describe as a security hole in Microsoft Windows. It was *NOT* Microsoft or its operating system Windows that was actually originating this attempt to misuse the resources of my system. It was a source I would *NEVER, NOT EVER* trust. In fact, the domain '' is usually redirected to (the address of your local machine) on most of my machines to prevent them from ever loading any pages on my system. The one particular machine had an out of date hosts file.

What sort of malicious stuff was it trying to do? Well, for one thing, it was somehow managing to circumvent security on my system by forcing a 'popunder' window to load. My systems usually employ a variety of methods to stop that from happening. These guys are constantly looking for cheats to bypass security on the systems of their victims. For another, it surely was attempting to plant tracking 'bugs' on my machine and as near as I can tell it was successful with this. Worse than those, though, is the fact that it attempted to hijack my CPU, my bandwidth and my attention.

This is SPAM, plain and simple. It costs next to nothing for the 'perps' to deliver that stuff on to my machine and costs me dearly to be infected by it.

The bottom line is that if you get that message you should almost certainly say 'NO' and may want to investigate which hostile site is attempting to misuse your trust.

No comments:

Browser Check

What We Know About You IP Address: Loading... Browser Name: Browser Version: Operating S...