browsers and trojan-like behaviour

   Hi,

   I have always been aware that certain applications might develop 'initiatives' such as sending information about the host machine/system to their home sites. Until now, I thought of that as of an abstract thing, but today I accidentally dumped such a 'conversation', started by my 'Opera' browser. Here's an excerpt of what it sent:

POST http://rps2.opera.com/scripts/cms/xrps.asp HTTP/1.0 User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Linux 2.4.19 i686) Opera 6.02 [en]
Host: rps2.opera.com

[...]

<?xml version="1.0" encoding='ISO-8859-1'?>
<xacp version="1.0.0">

   <activity_report vendor="Opera" product="Opera_Linux" product_version="600" distribution="Lin_602" user_code="a8c01805104863399445821" tag="0000000 en0731">
<client_connection last="2003-03-25" units="days" count="1"/><acpo code="3">
<exposure location="top" date="2003-03-25" count="3"/>
</acpo>
<profile>
<property name="Language" val="en"/>
</profile>
</activity_report></xacp>

   I honestly consider this a trojan-like behaviour, since I have not been asked about it, and I do not expect a web browser to initiate TCP connections on its own.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

   The fact that, as stated in their EULA, 'IN NO EVENT SHALL OPERA SOFTWARE [...] BE LIABLE FOR ANY [...] LOSS OF BUSINESS INFORMATION, PERSONAL INJURY, LOSS OF PRIVACY OR OTHER PECUNIARY OR OTHER LOSS WHATSOEVER) ARISING OUT OF USE OR INABILITY TO USE THE SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES' does not entitle them to disclose information about my operating system, kernel version or anything else about my machine or myself, as this was the case. The very thought that it could have uploaded any file that I could access concerns me.

   If you don't mind, I would like to read a few other opinions on this issue.

   Sincerely,
   Bogdan Hamciuc Received on Sun Apr 6 10:44:25 2003