SANS is reporting that some of the leaked copies of IE7 beta 1 floating around may be bugged with spyware. Now, seriously, is anyone surprised by this? That’s always a risk with warez. I’m reluctant to grab any program, even one that allows free redistribution like Firefox, via P2P, unless there’s a way to verify it. (BitTorrent handles this internally—assuming you trust the torrent site.)

If you’re not getting a program directly from the supplier or a distributor that you trust, you should always check it before installing. Even if you are getting it from a trusted source, it’s worth checking, since servers do occasionally get hacked. Most open-source programs distribute either a PGP/GPG signature or a checksum using an MD5 or SHA1 hash along with their downloads. Assuming you get the checksum from a trusted source, you can verify that the package hasn’t been altered.

For IE7, if you have to try out beta 1, go through proper channels (MSDN or the beta program) or get it from someone you trust…who went through channels. Otherwise, you’re better off waiting for beta 2.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.