Full Disclosure mailing list archives
Re: Microsot DID DISCLOSE potential Backdoor
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 08 May 2008 10:06:23 -0500
--On Wednesday, May 07, 2008 17:27:18 -0400 Darth Jedi <darth.jedi () ihackformoney com> wrote:
Undisclosed breach of personal privacy, or great tool to thwart criminals? I'm a bit torn - I think it's great that this tool can be used to help identify and stop botnets (who really likes 'em anyway); but at the same time, I am not very impressed that Microsoft hid(?) this disclosure from the users - packaging the product as a tool to help users with malicious software - does it even remove the malicious software or just monitor it? I always was a bit confused when I couldn't find an interface for configuring my Microsoft supplied Spyware protection! =P
Note: "this tool" != MSRT. "This tool" == botnet hunter. You're comparing apples with oranges. The is precisely the muddying of the waters that J. Oquendo is seeking to stir up emotions.
Did anyone really have an idea that the Malicious Software Removal Tool was scanning and sending information about their computers & their network usage to Microsoft [and honestly - so what if the EULA said something to the likes that "we might use some information gathered" - that's so vague, who really reads that and thinks "Ok, they are going to be watching all the traffic across my network if I install this tool"] - perhaps the fault is to be laid at the users feet - who inherently trust Microsoft - I mean, is that really a good idea in the first place?
It clearly says that on the download page. It's not Microsoft's fault if you don't bother to read it.
I also wonder, these EULA's usually say something to the effect of "this information won't be used to personally identify you" - does the EULA of MSRT state this, and if so, do botnet owners not count, and if not, we're all pretty foolish to be installing it then aren't we?
Yes, their web page (I don't see any EULA) states that they don't collect personally identifiable information. Furthermore, the botnet tool is a separate tool. The page also states that after the tool is run, it deletes itself. So, when you are infected with something, the tool will detect and clean it *and* send some information about the infection back to M$. I'm willing to bet they still won't know your pants size or where you bank. -- Paul Schmehl (pauls () utdallas edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Snort Signature to detect credit cards, (continued)
- Re: Snort Signature to detect credit cards Ivan . (May 08)
- Re: Snort Signature to detect credit cards Christopher Jacob (May 08)
- Re: Snort Signature to detect credit cards Ray P (May 08)
- Re: Snort Signature to detect credit cards Simon Smith (May 08)
- Re: Snort Signature to detect credit cards Randal T. Rioux (May 09)
- Re: Snort Signature to detect credit cards T Biehn (May 09)
- Re: Snort Signature to detect credit cards Siim Põder (May 09)
- Re: Snort Signature to detect credit cards poo (May 09)
- Re: Snort Signature to detect credit cards Ureleet (May 12)
- Re: Microsot DID DISCLOSE potential Backdoor Darth Jedi (May 08)
- Re: Microsot DID DISCLOSE potential Backdoor Paul Schmehl (May 08)
- Re: Microsot DID DISCLOSE potential Backdoor J. Oquendo (May 08)