IE and explorer merge, scripting of files in folders


As of version 4, Internet Explorer (IE) has become an integral part of Windows Explorer and vice-versa. The feel and look of Windows Explorer is similiar in many ways to IE. Along with the similiarities in functions of Windows Explorer with IE, the bugs and vulnerabilities are also migrated over.

If you configure Windows Explorer to look and feel like the web (enable web contents), which is set that way by default, scripting can be automated within a folder. Which means to say that if your IE is not patched, hacker or users with malicious intents can actually dump a batch file (or a program file) in your shared folder and rename it as the first file in that folder (eg abc.bat), set it make modification to your startup files or set to run a program or edit your registry.

Once you access to that folder, it will cause the file to autorun. The user will only see the appearance of a black box momentarily while the script is processing.

This "feature" will only be disabled if you are running IE 6 or higher. But with the first installation of Windows becoming sluggish with time, many would be tempted to do a re-format of the hard drive and perform a fresh install of Windows. But some would probably reinstall without the patches because Windows update for 98 and ME alone is around 18 MB and IE6 upgrade another 10 MB.

Machines behind unsecured routers with overworked IT administrators that has no time to patch all the Windows machines and home users with a direct cable or broadband link are most vulnerable.