Re: Microsoft AntiSpyware: Will it be free and Vulnerable

[devis <devis () easynix net>]

Dan Margolis wrote:

> On Tue, Jan 11, 2005 at 06:51:16PM +0100, devis wrote:
>  
>
> > Buahwuahwuahwuawa ... you have to be gullible to think that M$ will not 
> > NOT cash on their own slack coding.  
> >    
>
> I'm confused. Are are you saying that "slack coding" by Microsoft is
> responsible for spyware/adware? Seems a bit of an odd interpretation.
> Here's mine:
>
> - It's very, very difficult to prevent people from voluntarily
>  installing spyware on their own systems. There's no way to write a
>  heuristic that can distinguish between an application that accesses
>  the 'net on a regular basis for spying and one that does so for, say,
>  monitoring a buddy list or checking for mail. 
>
> - You can certainly whitelist applications, but this would prevent
>  useres from being able to install obscure shareware apps, custom apps,
>  etc. 
>
> - Were MS to restrict access to their API in order to prevent spyware
>  makers from doing obscure tricks with the registry and whatnot, they'd
>  be accused, quite rightly, of anti-competitive tactics. 
>
> Certainly some spyware results from poor restriction of web controls or
> something--I don't know the details, as I don't even use Windows--but
> I'd bet you the vast majority comes from users installing stuff they
> shouldn't--Kazaa, Snood, whatever--or from users clicking "OK" on banner
> ads that promise to speed your Internet connection. 
>
> Much of the same goes for e-mail worms: so long as a user has permission
> to execute untrusted code and so long as that user has permission to
> send code to other people, he is easy prey for e-mail born worms. 
>
> So, here's the question: does most spyware exploit some actual bug or
> design flaw? Or does it just use the user's gullibility? I suspect the
> latter. 
>
> Flame on. 
> --
> Dan
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>  
It is prooved matter that spywares do exploits IE holes ( Iframes bugs, 
Active X etc etc ). Do your work on a few and you will see. Beside, you 
missed the point entirely: if an user, just by clicking, can install 
spyware on his machine, then the OS / browser is to blame, not the 
actual (bad) code (exploiting it) floating around websites.
Once again, you are missing the point completely, if M$ didn't 'slack 
code' their OS, spyware would :
1) not install
2) therefore not exist in the form, numbers and variety we know them

I'll give you a clue:
try to get a 'tool bar' or some 'other added bonus' automagically on 
bsd/unix/linux/solaris using any browser, on any site, clicking randomly.
As you said,
'It's very, very difficult to prevent people from voluntarily installing 
spyware on their own systems.' yes indeed, because MS made it that the 
average joe is an admin therefore has supreme powers out of the box.
Usability costs security. Always has, always will.

No Flames, Just information.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html