--On Wednesday, May 07, 2008 17:27:18 -0400 Darth Jedi <[EMAIL PROTECTED]> wrote:
> Undisclosed breach of personal privacy, or great tool to thwart criminals? > > I'm a bit torn - I think it's great that this tool can be used to help > identify and stop botnets (who really likes 'em anyway); but at the same > time, I am not very impressed that Microsoft hid(?) this disclosure from the > users - packaging the product as a tool to help users with malicious > software - does it even remove the malicious software or just monitor it? I > always was a bit confused when I couldn't find an interface for configuring > my Microsoft supplied Spyware protection! =P > Note: "this tool" != MSRT. "This tool" == botnet hunter. You're comparing apples with oranges. The is precisely the muddying of the waters that J. Oquendo is seeking to stir up emotions. > Did anyone really have an idea that the Malicious Software Removal Tool was > scanning and sending information about their computers & their network usage > to Microsoft [and honestly - so what if the EULA said something to the likes > that "we might use some information gathered" - that's so vague, who really > reads that and thinks "Ok, they are going to be watching all the traffic > across my network if I install this tool"] - perhaps the fault is to be laid > at the users feet - who inherently trust Microsoft - I mean, is that really > a good idea in the first place? > It clearly says that on the download page. It's not Microsoft's fault if you don't bother to read it. > I also wonder, these EULA's usually say something to the effect of "this > information won't be used to personally identify you" - does the EULA of > MSRT state this, and if so, do botnet owners not count, and if not, we're > all pretty foolish to be installing it then aren't we? > Yes, their web page (I don't see any EULA) states that they don't collect personally identifiable information. Furthermore, the botnet tool is a separate tool. The page also states that after the tool is run, it deletes itself. So, when you are infected with something, the tool will detect and clean it *and* send some information about the infection back to M$. I'm willing to bet they still won't know your pants size or where you bank. -- Paul Schmehl ([EMAIL PROTECTED]) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
