Drive By Downloads


Drive-By Downloads


Any time a file is downloaded to your computer without your knowledge or permission, it is considered a drive by download. It's a catchy name for an insidious pest as ubiquitous (and catching) as the common cold. Imagine your child innocently surfing the internet only to unwittingly download a file containing a virus that repeatedly redirects them automatically to adult websites. That's just one example of how much harm a drive by download can do.

Exploiting weaknesses in web browsers, operating systems, and email clients, drive by downloads work their way into as many systems as they can, wreaking all sorts of intended and unintended harm. For even if a drive-by download is disseminated as a "harmless tool", for example, it can still put a burden on your hard drive, slow down and in other ways interfere with efficient computer operations, change your personal settings and preferences, and replace default applications (among other misdeeds). In the worst of cases, a drive by download can even be responsible for erasing data and freezing or crashing a computer.

The most common forms of drive by downloads are of two varieties:

And even when a drive by download is a program that legitimately offers the user some additional or improved functionality, it almost invariably contains at least one of the two aforementioned nuisances.  To further aggravate matters, one downloaded file can include code that automatically downloads innumerable other problematic files and programs.

There are 3 primary ways that a person can expose their computer to a drive-by download:

A drive-by download can also occur, however, as you download and install an altogether different program that you actually want on your computer. Talk about shady!

Since each of these possibilities are actions taken by the user, the purveyor of a drive-by download can make the claim that the user "requested" the download, or at the very least, "gave permission" for it to occur.

One particularly sneaky drive by download tactic, in fact, prompts the user to click "OK" to accept the download before it occurs. Oftentimes, this is distinguished from a completely invisible and user-uninitiated download by being dubbed a pop-up download. Is it as bad as a full-on drive by download?  It does give the user a choice to decline. It falls within the bounds of accepted "opt-in" procedures, doesn't it?

Well that argument stands on shaky ground in extremely grey area. Because these one-click download ads (as there referred to in the industry) often appear like prompts from your computer, from Microsoft Windows, from the site you wish to visit, or from the program you're trying to access which imply that you must click on said link/button/window in order to have your desired action take effect. Many one-click download ads purport to perform vital updates or upgrades to your system. Many clothe themselves as prerequisite plug-ins for making the website or application function properly on your computer.  So we put the question to you - if you're tricked or fooled into "opting in", did you really opt in? Were you really given a choice?

But even if after reading this you never click on a pop-up window again, you'll presumably still visit websites and open emails. So how do you keep yourself from falling prey to these irksome - and sometimes detrimental - predators?

One of your first lines of defense is to consistently and promptly install all those routinely updated security patches, service packs and software updates issued by your OS, browser of choice, and most frequently used applications. 

[An interesting argument in favor of drive by downloads, incidentally, asserts that personal computers would be a lot safer if routine security patches and service were automatically downloaded the background, but that argument is riddled with flaws, not the least of which is how it might interfere with one's system configurations.]

Additionally, installing and keeping active one or more firewalls on your system can go a long way towards obstructing unwanted downloads.

Thankfully, though prime responsibility for protecting your computer from attacks like these falls to you, you're not alone in your struggle.  Browser-makers realize that they take the lead in the fight to thwart drive by downloads if they are to remain on your desktop. Microsoft is one at the helm, with their latest release of Internet Explorer, IE7, chock full of technology for preventing stealth downloads.

We're also getting some help from the federal government. Recently, for example, the Federal Trade Commission brought charges against a group of folks who were using drive by downloads to replace people's internet service providers with an expensive, 1-900 number dialup account.

In a recent study of 20 million internet addresses by computer scientists at the University of Washington, 1 out of every 62 conducted drive by downloads. Your computer, like your home, is your personal property. Don't let anyone invade the sanctity of your space, including your cyberspace. 

All content copyright 2006-2017, Bonobo Pty Limited. All Rights Reserved.
Privacy Policy | Terms Of Service