On Thu, 25 Nov 2004 Ted.Harding@nessie.mcc.ac.uk wrote:
What I'd like to ask knowledgeable folk is: how does it in fact work?
I thought these worked by supplying an ICS file (Internet Connection Settings) file to the client. Windows will use these files as a specification of how it should connect to the internet (phone number to dial, PPP settings, username/password, etc.). I imagine one of these settings is 'make this the new default'.
These were intended for ISPs to supply to clients and make the setup of their internet connection easier.
The trick is to execute them on the client somehow - I suppose the holes here are the same as any remote code execution. Windows/IE/OutlookExpress have got better at warning about running things you have downloaded from the internet, but people still pick 'yes' sometimes.
[In a way, I think it has got worse with recent developments - there are now such an enormous number of warnings for executing anything that people just tend to pick 'yes', 'yes', 'ok', 'righto', 'I understand' because otherwise nothing happens.]
I imagine there are some recent wrinkles on all this, but I think the basic principle is the same - there is no magic phone diversion or reconnection going on - I think it's just changing your ISP dial-up settings for a new default.
[Windows does, of course, display information about the number being dialled - but I think you can disable this. And most people have all the username/password settings preset, don't read anything and just press 'Connect'.]
- Bob