From Fred Langa's column:
<< Smells Like A Scam To Me
If you're attuned to cheesy, fear-mongering marketing tactics, you won't be
surprised to learn that some security test sites overplay supposed
vulnerabilities in your system in an attempt to drive sales of related
security software. For example, a site called "How Secure Is Your Computer"
carries this to an amazing extreme.
Its security test page states, "Internet security is and always will be an
important issue for anyone online?. Click on the TEST SECURITY link below
and if access is granted, your system is NOT SAFE."
The "Test Security" link brings you to a page that states "Access Granted,"
and then displays the contents of your hard drive. To the uninitiated, it
looks as though the "security test" has found a way to peek at your files.
Wow, better buy some security software, right?
Wrong. Beneath some page redirection and DHTML smoke and mirrors, the "test
page" doesn't test anything at all. It simply issues a "file://c:/" command
to your browser, which then locally (and harmlessly) displays your
hard-drive contents. Nothing is sent to or from the remote site; the
process is entirely self-contained within your PC. You can accomplish the
same thing a lot less mysteriously simply by typing "file://c:/" in the
address bar of your browser. Try it!
But again, to the uninitiated, it's frightening to see your hard-drive
contents appear in your browser window.
You might think this a harmless prank, but I don't. That's because the site
is using this ruse to scare users into buying a copy of Black Ice Defender,
a personal firewall, supposedly to prevent this "vulnerability." (If you
examine the site's sales URL, you'll see that the site owner is an
"affiliate" of Network Ice, the publishers of Black Ice Defender. The site
owner retains a percentage of any sales generated from the site.) >>
Russ, NCNE
<< Smells Like A Scam To Me
If you're attuned to cheesy, fear-mongering marketing tactics, you won't be
surprised to learn that some security test sites overplay supposed
vulnerabilities in your system in an attempt to drive sales of related
security software. For example, a site called "How Secure Is Your Computer"
carries this to an amazing extreme.
Its security test page states, "Internet security is and always will be an
important issue for anyone online?. Click on the TEST SECURITY link below
and if access is granted, your system is NOT SAFE."
The "Test Security" link brings you to a page that states "Access Granted,"
and then displays the contents of your hard drive. To the uninitiated, it
looks as though the "security test" has found a way to peek at your files.
Wow, better buy some security software, right?
Wrong. Beneath some page redirection and DHTML smoke and mirrors, the "test
page" doesn't test anything at all. It simply issues a "file://c:/" command
to your browser, which then locally (and harmlessly) displays your
hard-drive contents. Nothing is sent to or from the remote site; the
process is entirely self-contained within your PC. You can accomplish the
same thing a lot less mysteriously simply by typing "file://c:/" in the
address bar of your browser. Try it!
But again, to the uninitiated, it's frightening to see your hard-drive
contents appear in your browser window.
You might think this a harmless prank, but I don't. That's because the site
is using this ruse to scare users into buying a copy of Black Ice Defender,
a personal firewall, supposedly to prevent this "vulnerability." (If you
examine the site's sales URL, you'll see that the site owner is an
"affiliate" of Network Ice, the publishers of Black Ice Defender. The site
owner retains a percentage of any sales generated from the site.) >>
Russ, NCNE