Vulnerability Development mailing list archives
Auto-update software...
From: "Scott D. Yelich" <scott () SPY ORG>
Date: Tue, 12 Sep 2000 10:45:00 -0600
On Tue, 12 Sep 2000, Lincoln Yeoh wrote:
But forget all that, the more relevant issue here is - does the software actually do all that the original poster claims? Does it snarf passwords? Has anyone else verified that?
To me, the relevant issue is all these stupid programs that contantly remind you to either register or "upgrade" to the latest version. For instance, one of the real-player upgrades -- you could select the "free" version on each page up until the one just before where you got the software, and the server would *always* select the commercial version for you... so, after selecting free and filling out all the garbage forms, one *might* not notice that the selection had "changed" to the commercial version. I'm really annoyed at software that seems to have to be "updated" frequently... I'm sure there would be a major outcry if something really annoying were to happen, but it seems like this is only a matter of "when" .. not "if". Another thing is shareware -- that's almost becoming a dirty word in my vocabulary. It's necessary to replace many components or add to the lacking components of winblows just to be able to work -- yet, one needs a matrix or dates just to be able to start up a computer. I live by suspend -- even though windows 98 just can't seem to run for more than a day or two without losing its mind... and then the inevitable reboot takes 30 minutes to get back to where you were. Again, just an example... I'm sure everyone has thought about it: XYZ popular app company gets cracked and some wily cracker puts some nasty code in some "auto-update" section... even when the first unsuspecting user auto-dls this, the code will be running... no need to click on an attachment. How long will it take for this to be noticed? To me, the PC, with winblows, is becoming a "black box" ... it just "magically" does stuff. It just magically does a lot of truly EVIL stuff and the general public isn't aware of what's actually going on. How soon after gore becomes president will tipper try to get some secret software onto everyone's pcs to monitor their morality? How do people adress this? I'm about to go dual -- not dual boot, but dual PC. One PC is for real use/work/etc... and another is for net use. The "real work" PC will never get connected to the net. Ever. The net PC should never have real information about "me" on it... then I won't really care too much if some place is tracking that I prefer abcnews.com over cnn.com or hate cnn.com because of akamai.net's so broken it's silly. Scott
Current thread:
- Re: All Advantage Spyware, (continued)
- Re: All Advantage Spyware Brad Griffin (Sep 12)
- Re: All Advantage Spyware Doug Kahler (Sep 12)
- Re: All Advantage Spyware MJK (Sep 12)
- [no subject] Scott D. Yelich (Sep 12)
- Re: your mail John R. Dennison (Sep 13)
- Re: your mail Scott D. Yelich (Sep 13)
- Re: za and spyware (was: no subject) Jonathan Rickman (Sep 13)
- [no subject] H D Moore (Sep 14)
- [no subject] Blue Boar (Sep 14)
- Re: All Advantage Spyware Lincoln Yeoh (Sep 12)
- Auto-update software... Scott D. Yelich (Sep 12)
- Re: All Advantage Spyware Daehlie Owns (Sep 12)
- Re: All Advantage Spyware Brad Griffin (Sep 12)
- RES: All Advantage Spyware Guilherme Mesquita (Sep 12)
- Re: RES: All Advantage Spyware Russel Smith (Sep 13)
- Re: RES: All Advantage Spyware Hue-Bond (Sep 13)
- Re: All Advantage Spyware Scott D. Yelich (Sep 12)