Nmap Development mailing list archives
Who uses the Nmap Windows silent install feature, and why?
From: Fyodor <fyodor () nmap org>
Date: Thu, 22 Dec 2016 18:48:06 -0800
Hi folks! We were thinking of making some changes to the little-known "silent" install feature of the Nmap Windows installer (the /S command-line option), but I wanted to check first who (if anyone) is using it now, and why? Basically there are a couple problems with having this feature: 1) This doesn't happen a lot, but sometimes malware/rootkits/botnets will either include Nmap or have the compromised system download it as needed and then install Nmap with /S so the actual system user/owner isn't aware of it. This is undesirable for many reasons, but a particular concern is that it could hurt the reputation of our new EV codesigning certificate if the Windows Nmap installer we distribute is used for malicious purposes like this. Of course the malware could make their own installer or install Nmap on the system manually, but that's more work for them and at least they can't sign it with our key in that case. So systems like MS SmartScreen are more likely to detect it and warn the user. 2) The Nmap license does not allow companies to redistribute Nmap within proprietary software unless they buy a special license for that. The idea is that everyone who redistributes Nmap should either be giving back by making their own software open source too, or by buying a license which helps fund the project. Of course some companies try to illegally sneak Nmap into their products anyway. They usually install in silent mode so the Nmap screen doesn't pop up and give them away. One obvious "solution" to these problems is just to remove the /S option from the Nmap Windows installer and make an OEM installer for legitimate redistributors. But we don't want to do that without first asking whether anyone here actually uses /S for good/important purposes? Cheers, Fyodor
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Who uses the Nmap Windows silent install feature, and why? Fyodor (Dec 22)