funsec mailing list archives
Re: mildly ironic issue with Microsoft anti-spam download
From: Aryeh Goretsky <goretsky () gmail com>
Date: Mon, 30 Oct 2006 19:49:06 -0800
Hello, Well, I'd understand (and be less surprised) if it was something like an updated paint program or text editor, but this is a component which is supposed to improve end-user security. One would think that for something like this a signed package would be required. Regards Aryeh Goretsky At 07:28 PM 10/30/2006, Valdis.Kletnieks () vt edu wrote:
On Mon, 30 Oct 2006 01:08:15 PST, Aryeh Goretsky said: > Hello, >> Microsoft has a new plugin available for reporting spam to Microsoft directly> from within Outlook. More information, plus download instructions at: >> <http://www.microsoft.com/downloads/details.aspx?FamilyID=53541292-ce94-4c5b-9127-b7d56f11b619&DisplayLang=en> > > What's strange is that the .MSI file is not signed. > > It is mildly ironic that Microsoft didn't place the file in an AuthentiCode > wrapper. I would think that a tool designed to improve user security would > have this. Yeah well, they had to cut a few corners to make the ship date - after all, they only have 2 months left to solve the spam problem like Bill Gates promised. :) More seriously though - does it really *matter*? Consider the class of users that will report spam directly to MS - they wouldn't understand if it was signed, or what the benefits are. Conversely, the people who understand what AuthentiCode is almost certainly already have procedures in place. "Wow, I'm so clued I know what Authenticode is. Gee, I'd report all thisspam if somebody gave me a big shiny button I'm too lame to do myself...." :)
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- mildly ironic issue with Microsoft anti-spam download Aryeh Goretsky (Oct 30)
- Re: mildly ironic issue with Microsoft anti-spam download Valdis . Kletnieks (Oct 30)
- Re: mildly ironic issue with Microsoft anti-spam download Aryeh Goretsky (Oct 30)
- <Possible follow-ups>
- Re: mildly ironic issue with Microsoft anti-spam download Fergie (Oct 30)
- Re: mildly ironic issue with Microsoft anti-spam download Valdis . Kletnieks (Oct 30)