[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20050111190917.GB2295@specialk>
From: fd.lists.dmargoli at af0.net (Dan Margolis)
Subject: Microsoft AntiSpyware: Will it be free and
Vulnerable
On Tue, Jan 11, 2005 at 06:51:16PM +0100, devis wrote:
> Buahwuahwuahwuawa ... you have to be gullible to think that M$ will not
> NOT cash on their own slack coding.
I'm confused. Are are you saying that "slack coding" by Microsoft is
responsible for spyware/adware? Seems a bit of an odd interpretation.
Here's mine:
- It's very, very difficult to prevent people from voluntarily
installing spyware on their own systems. There's no way to write a
heuristic that can distinguish between an application that accesses
the 'net on a regular basis for spying and one that does so for, say,
monitoring a buddy list or checking for mail.
- You can certainly whitelist applications, but this would prevent
useres from being able to install obscure shareware apps, custom apps,
etc.
- Were MS to restrict access to their API in order to prevent spyware
makers from doing obscure tricks with the registry and whatnot, they'd
be accused, quite rightly, of anti-competitive tactics.
Certainly some spyware results from poor restriction of web controls or
something--I don't know the details, as I don't even use Windows--but
I'd bet you the vast majority comes from users installing stuff they
shouldn't--Kazaa, Snood, whatever--or from users clicking "OK" on banner
ads that promise to speed your Internet connection.
Much of the same goes for e-mail worms: so long as a user has permission
to execute untrusted code and so long as that user has permission to
send code to other people, he is easy prey for e-mail born worms.
So, here's the question: does most spyware exploit some actual bug or
design flaw? Or does it just use the user's gullibility? I suspect the
latter.
Flame on.
--
Dan
Powered by blists - more mailing lists