Hello,
Well, I'd understand (and be less surprised) if it was something like an
updated paint program or text editor, but this is a component which is supposed
to improve end-user security. One would think that for something like this a
signed package would be required.
Regards
Aryeh Goretsky
At 07:28 PM 10/30/2006, [EMAIL PROTECTED] wrote:
On Mon, 30 Oct 2006 01:08:15 PST, Aryeh Goretsky said:
> Hello,
>
> Microsoft has a new plugin available for reporting spam to
Microsoft directly
> from within Outlook. More information, plus download instructions at:
>
>
<http://www.microsoft.com/downloads/details.aspx?FamilyID=53541292-ce94-4c
5b-9127-b7d56f11b619&DisplayLang=en>
>
> What's strange is that the .MSI file is not signed.
>
> It is mildly ironic that Microsoft didn't place the file in an AuthentiCode
> wrapper. I would think that a tool designed to improve user security would
> have this.
Yeah well, they had to cut a few corners to make the ship date - after all,
they only have 2 months left to solve the spam problem like Bill Gates
promised. :)
More seriously though - does it really *matter*? Consider the class of
users that will report spam directly to MS - they wouldn't understand if
it was signed, or what the benefits are. Conversely, the people who
understand what AuthentiCode is almost certainly already have procedures
in place.
"Wow, I'm so clued I know what Authenticode is. Gee, I'd report all this
spam if somebody gave me a big shiny button I'm too lame to do
myself...." :)
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
