|
Many, if
not most, Internet Service Providers (ISPs) supply some sort of installation
disk or setup routine that makes it easy for users to sign up for their
service. This is reasonable. Many folks don’t have the background to deal with
issues like establishing email accounts and configuring connection parameters.
An automated process that asks a few simple questions and then handles the
technical details takes most of the pain out of the process. It also saves a
lot of wear and tear on the ISP’s help desk.
Problem is,
ISP setup routines also do some annoying things in the name of “customization.”
The most common offenses are:
- Modifying
the Internet Explorer and Outlook Express title bars,
- Changing
the Internet Explorer and Outlook Express throbber (the small animated
graphic in the upper right corner),
- Changing
Internet Explorer’s home page, and
- Adding
entries to the Internet Explorer bookmarks.
In the past,
I considered these ISP branding changes to be a minor nuisance. They offended
my sensibilities, but had no real functional impact on the system. If a
customer found them annoying or was switching to another ISP, I removed them.
Recently, I
discovered that at least some ISP setup routines record the user’s logon data –
the user name and password—in a plain-text installation file. That got my
attention. I was not amused!
So, if a
system shows evidence of ISP branding, it’s a good idea to ensure that the
user’s logon credentials are not viewable by any Nosy Parker with minimal
computer skills.
Removing
Exposed Logon Credentials
First off,
search for files having the ins extension—i.e., search the hard drive for *.ins There will be quite a few scattered around. What you’re
looking for is a single folder containing a bunch of them. The folder will most
likely be named signup.
Here is a
screenshot of the contents of a representative signup folder:
For this
particular ISP, the offending file is the one named 229.ins. Within it is
a section that looks like this:
[User]
Requires_Logon=Yes
Display_Password=Yes
Name=fred_flintstone
Password=pebbles
. . .
As you can
see, Fred uses his kid’s name as his password. Most people use the name of a
child, grandchild or pet, the name of their favorite sports team, or their
birth date. Fred is no exception.
But wait,
there’s more. A bit further down in the file is another section exposing Fred’s
email access credentials:
[Internet_Mail]
. . .
POP_Logon_Name=fred_flintstone
POP_Logon_Password=pebbles
. . .
The safe
and easy way out of this unacceptable situation is to delete the password data,
leaving the file otherwise intact. Check the entire file. If you’ve already found
two instances, don’t assume there’s not a third or a fourth.
If you’re
feeling cranky and intend to remove some of the other ISP branding artifacts—specifically,
the title bar and throbber modifications—you can simply delete the contents
of the ISP’s signup folder. However, some of the registry entries you’ll be
cleaning up point to items in that folder. So, don’t zap any files until after you’ve cleaned up the title text and throbber graphics.
Cleaning
Up the Title Bar Text
Important Note! The procedures in this and the
following sections assume you know how to use the system registry editor. If
you do not know how to do this or are uncomfortable with the procedure, don’t
do it. You have been warned.
Here’s a
screen shot of Internet Explorer 7 inflicted with a modified title bar by a
small, fictional ISP named Fast Freddy’s Internet Emporium:
To remove
Freddy’s company name from the title bar, make sure neither Internet Explorer
nor Outlook Express are running, launch the registry editor and navigate to
this key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main
In the registry
editor’s right pane, you should see an entry named WindowTitle.
Double-click on this item and change the text to Microsoft Internet Explorer.
If there is no WindowTitle entry, create a new string value entry, name
it WindowTitle, and give it the text value Microsoft Internet
Explorer.
Next, find
this key and repeat the above procedure:
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Main
Fixing up
Outlook Express is similar. First, you need to drill down to this key:
HKEY_CURRENT_USER\Identities\{User_ID}\Software\Microsoft\Outlook
Express\5.0
Here, {User_ID} is a long string of hex digits
looking something like this:
{91217320-2072-11DA-B83E-B6FA9E8B723C}
If you have
more than one Outlook Express identity, you’ll have multiple Outlook Express-related
registry entries to modify, each with a different User_ID.
Anyways,
you again need to locate and modify the WindowTitle entry, just as you
did for Internet Explorer.
Restoring
the Throbber Graphic
Cleaning up
the throbber is a bit easier because both Internet Explorer and Outlook Express
use the same registry settings. Ensure neither program is running, launch the
registry editor and navigate to this key:
HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Toolbar
Find and
delete the following items (they may not all be present):
BigBitmap
SmallBitmap
BrandBitmap
SmBrandBitmap
Next, find
this location:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Main
Again,
delete any of the items in the above list. Chances are, only the first two will
be present, but don’t bet on it.
At this
point, you’re finished with the registry hacking. If you’d like, remove the
files in the ISP’s signup folder, although it’s not strictly necessary.
Cleaning out unwanted favorites and adjusting the home page are routine tasks
that can be accomplished from within Internet Explorer.
Direct a
lofty sneer at the offending ISP and go on to something more interesting.
|
