You want me to do what? And this is a good idea why?
Did anyone else get the “Subscription Status: Qualified” email from Network World?
I received an email today informing me that I qualified for a free subscription, and just click the link to verify. As always, I checked that the link pointed to the real domain without control characters, so it looked legitimate. Network World has some good stuff, so what the heck, I clicked the link, which takes me to a site that appears to be a legitimate Network World host. What shocked me is the link to the “download the content delivery manager”, and executable that wants to install on your machine, and it launched the download. Are they out of their minds?
Network World, I am told, is the Leader in Network Knowledge. They even have a section on their web site about security, so presumably there are people who know, understand and practice security. Never mind if the executable has been tampered with or not, I have no idea what is in this ‘content delivery manager’, which should be enough justification to avoid it. Keytroke logger? Is it grabbing my browser history? Scanning my registry? Turn my machine into a Zombie? Is it just a download tool for content, and if so, why? Something wrong with browsers and PDF?
I can only come up with a couple possible scenarios:
- Social Engineering: Network World is performing a social engineering experiment to see how many people are dumb enough to install this executable.
- Hacked: Network World site has been hacked and someone is spoofing their clientele.
- Benign Stupidity: The PR and Marketing people have never met anyone in Security and have, on their own, concocted an incredibly inept way of delivering content that may create liability (Sony Rootkit anyone?) for the company.
I am not claiming this thing is malicious, but I am saying this is a really bad idea. We have all installed software we cannot fully trust, but at least when I download virus protection files or software service packs, I trust the vendor and I have a secure connection. I may even have a verifiable hash that I can compare. Not great, but better than nothing. Why on earth would you attempt to distribute media in a method that violates good security practice? If you are an IT professional, why would you trust installing it?
I do not have a VMWare partition or machine I am willing to sacrifice to the cause. Has anyone actually installed this thing? If you have some other legitimate usage I have not thought of, please educate me.
Re: Network World installing Spyware???
I couldn't believe that in this day in age, with Sony Rootkits and DRM and spyware and..... that a PUBLISHER would be so foolish as to require additional software just to view their content!
Hmmmm... let's take something that we've paid $XXX to produce (sunk cost) and ERECT BARRIERS to the exposure of that material. HUH?
Isn't it all about eyeballs & accessability? If it's PDF, it's universally readable, ANYONE can view it on ANY platform (Win, Linux, Mac, etc...) and it doesn't require the installation of some piece of unknown software.
I get about 25 technical journals/mags, about 75% electronically, and EVERY SINGLE ONE except for Network World allows a straight download of the PDF to my computer, for perusal at my convenience. And oh guess what? That also means other people can also look at the periodical, which is only a GOOD thing.
Insane.
Comments
You can follow this conversation by subscribing to the comment feed for this post.