dcsimg
RealTime IT News

Alternative Browser a Virus in Disguise?

The Arachne browser will never threaten Internet Explorer or Navigator for market share dominance. But a data-destroying programming error in the current version of the slim and fast browser for DOS and Linux systems certainly isn't helping its popularity.

In recent weeks, newsgroups have been buzzing with rumors that Arachne v1.66 contains a malicious virus. Several users have reported that their entire C:\DOS directory -- which contains several key system files -- was deleted after installing the alternative browser.

In an email to InternetNews on Thursday, Michael Polak, the Czech programmer who created Arachne, said "Arachne is not intentionally destructive." But Polak admitted that, due to a programming "oversight," in some situations the browser will delete a user's C:\DOS directory if his or her PC is configured to dump temporary files there.

As it installs, Arachne v1.66 places several files in the PC's default temp directory, and when finished, cleans up after itself by doing a wildcard delete on all files there. Unfortunately for Polak and an undetermined number of Arachne users, C:\DOS is the default temp directory for Microsoft DOS version 5.0.

While Arachne has been praised by users for its small footprint and minimal system requirements, the browser's install scheme is simply bad programming, said Bruce Hughes, a malicious code expert with the International Computer Security Association.

"The guy has created a nightmare. It's not smart at all. It's very easy to create your own temp directories and just delete the installation files there," said Hughes.

According to Polak, Arachne has been downloaded more than 100,000 times and has about 10,000 active users. Polak said he plans to modify the program's set-up wizard in forthcoming release to prevent the accidental deletion of system files.