Re: mildly ironic issue with Microsoft anti-spam download

[Aryeh Goretsky <goretsky () gmail com>]

Hello,

Well, I'd understand (and be less surprised) if it was something like an
updated paint program or text editor, but this is a component which is supposed
to improve end-user security.  One would think that for something like this a
signed package would be required.

Regards

Aryeh Goretsky


At 07:28 PM 10/30/2006, Valdis.Kletnieks () vt edu wrote:
> On Mon, 30 Oct 2006 01:08:15 PST, Aryeh Goretsky said:
> > Hello,
> >
> > Microsoft has a new plugin available for reporting spam to 
> Microsoft directly
> > from within Outlook.  More information, plus download instructions at:
> >
> > 
> <http://www.microsoft.com/downloads/details.aspx?FamilyID=53541292-ce94-4c
> 5b-9127-b7d56f11b619&DisplayLang=en>
> >
> > What's strange is that the .MSI file is not signed.
> >
> > It is mildly ironic that Microsoft didn't place the file in an AuthentiCode
> > wrapper.  I would think that a tool designed to improve user security would
> > have this.
>
> Yeah well, they had to cut a few corners to make the ship date - after all,
> they only have 2 months left to solve the spam problem like Bill Gates
> promised. :)
>
> More seriously though - does it really *matter*?  Consider the class of
> users that will report spam directly to MS - they wouldn't understand if
> it was signed, or what the benefits are.  Conversely, the people who
> understand what AuthentiCode is almost certainly already have procedures
> in place.
>
> "Wow, I'm so clued I know what Authenticode is. Gee, I'd report all this
> spam if somebody gave me a big shiny button  I'm too lame to do 
> myself...."  :)

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.