RE: [WinPcap-users] WinPcap identified as spyware by Microsoft AntiSpyware Beta 1
It makes sense to me as well ;-) fulvio -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: venerdì 7 gennaio 2005 20.48 To: winpcap-users@winpcap.polito.it Subject: RE: [WinPcap-users] WinPcap identified as spyware by Microsoft AntiSpyware Beta 1 Well... but let's look at the logic of Microsoft's statement: Some spyware developers utilize features provided by WinPcap in their exploits Therefore: we should recommend removing WinPcap By the same logic: Most spyware developers utilize features in Microsoft operating systems in the exploits Therefore: we should recommend removing all Microsoft operating systems. Well, at least it makes sense to me. ;-) --- Steighton Haley [EMAIL PROTECTED] Software Engineer There are 10 types of people in this world, those who understand binary, and those who don't. -Original Message- From: Fulvio Risso [mailto:[EMAIL PROTECTED] Sent: Thursday, January 06, 2005 11:07 PM To: winpcap-users@winpcap.polito.it Subject: RE: [WinPcap-users] WinPcap identified as spyware by Microsoft AntiSpyware Beta 1 Hi. Unfortunately, there are some spyware (cain, if I remember well) which are using WinPcap for performing their job. Hence, the alarm that comes from Microsoft is not so wrong. However, I feel there's nothing to do against this problem. Unless convincing who is developing spyware not to use WinPcap, but I fee this a bit tricky... fulvio -Original Message- From: Philip Stoev [mailto:[EMAIL PROTECTED] Sent: giovedì 6 gennaio 2005 19.30 To: winpcap-users@winpcap.polito.it Subject: [WinPcap-users] WinPcap identified as spyware by Microsoft AntiSpyware Beta 1 Hello, WinPcap is identified as follows: WinPCap Type: Enabler Threat Level: Low Author: WinPCap Team including = Loris Degioanni Description: WinPCap is an Open Source Windows Packet Filtering Library. It provides low level internet system traffic data to other applications that leverage its utilities. Advice: This software is not necessarily hazardous unless it is used by a particular spyware threat. If you quarantine or remove all of the spyware threats from your computer you do not necessarily need to remove this program. Please note: if a legitimate application is using functionality contained in an enabler application, removing the enabler may cause that application to cease functioning properly. This application is okay to have running on your computer, as they are only dangerous if a Spyware application is also installed on your machine and exploiting it. However if you did not install this, or know of a legitimate application that did, you may consider quarantining or removing it. Please note: if a legitimate application is using functionality contained in an enabler application, it may cause that application to cease functioning properly. About Enabler: While not spyware, it provides functionality that spyware products have been known to exploit. Normally, these applications are okay to have running on your machine, as they are only dangerous if a Spyware application is also installed on your machine and exploiting it. However if you did not install this, or know of a legitimate application that did, you may consider quarantining or removing it. Please note: if a legitimate application is using functionality contained in an enabler application, removing the enabler may cause that application to cease functioning properly. = Is it true that WinPcap is being exploted by spyware? If so, can that be prevented? Philip == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] == == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] == == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] == = This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] =
Re: [WinPcap-users] WinPcap identified as spyware by Microsoft AntiSpyware Beta 1
Read again the part of your email, below: could the evil open source term have anything to do with it ?!? I have a couple of other things running on a W2K box, and all happened to be open source or freeware, coincidentally, and some were immediately identifed as potentially malicious by the M$ stuff ... ;) Now - if Microsoft was to develop winpcap, and sell it ... hmm ... that would probably make it safer, by definition (Microsoft = security, as we all know). ; On Thu, 6 Jan 2005 19:29:41 +0100, Philip Stoev [EMAIL PROTECTED] wrote: Hello, WinPcap is identified as follows: WinPCap Type: Enabler Threat Level: Low Author: WinPCap Team including = Loris Degioanni Description: WinPCap is an Open Source Windows Packet Filtering Library. snip == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] ==
Re: [WinPcap-users] WinPcap identified as spyware by Microsoft AntiSpyware Beta 1
Now - if Microsoft was to develop winpcap, and sell it ... hmm ... that would probably make it safer, by definition (Microsoft = security, as we all know). ; That said, the security warning is not 100% fake ; if a malicious program gets running on your machine, the fact that it can snoop each and every traffic packet that is sent or received using Winpcap (and can send packets also w/ PktSendPkt) makes such a malware to be a nasty one. so, if I never installed winpcap and it somehow gets installed, I'd get slightly worried that some shitware is snooping my passwords... == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] ==
RE: [WinPcap-users] WinPcap identified as spyware by Microsoft AntiSpyware Beta 1
I am pretty sure that Microsoft's app specifically looks for WinPCap (along
with lots of other things) as part of its scan. It doesn't say it is dangerous.
It says that it is a DLL that could allow another malicious program to do bad
things to your box. I have other packet sniffers installed on my box and it
didn't complain about those. Probably because WinPCap is well known and used a
lot.
Thank you,
-Original Message-
From: {Pedro Lucas-Suporte Netcount} [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 06, 2005 4:03 PM
To: winpcap-users@winpcap.polito.it
Subject: Re: [WinPcap-users] WinPcap identified as spyware by Microsoft
AntiSpyware Beta 1
Now - if Microsoft was to develop winpcap, and sell it ... hmm ...
that would probably make it safer, by definition (Microsoft =
security, as we all know). ;
That said, the security warning is not 100% fake ; if a malicious program
gets running on your machine, the fact that it can snoop each and every
traffic packet that is sent or received using Winpcap (and can send packets
also w/ PktSendPkt) makes such a malware to be a nasty one.
so, if I never installed winpcap and it somehow gets installed, I'd get
slightly worried that some shitware is snooping my passwords...
==
This is the WinPcap users list. It is archived at
http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
To unsubscribe use
mailto: [EMAIL PROTECTED]
==
= This is the
WinPcap users list. It is archived at
http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
To unsubscribe use
mailto: [EMAIL PROTECTED]
=
RE: [WinPcap-users] WinPcap identified as spyware by Microsoft AntiSpyware Beta 1
Hi. Unfortunately, there are some spyware (cain, if I remember well) which are using WinPcap for performing their job. Hence, the alarm that comes from Microsoft is not so wrong. However, I feel there's nothing to do against this problem. Unless convincing who is developing spyware not to use WinPcap, but I fee this a bit tricky... fulvio -Original Message- From: Philip Stoev [mailto:[EMAIL PROTECTED] Sent: gioved 6 gennaio 2005 19.30 To: winpcap-users@winpcap.polito.it Subject: [WinPcap-users] WinPcap identified as spyware by Microsoft AntiSpyware Beta 1 Hello, WinPcap is identified as follows: WinPCap Type: Enabler Threat Level: Low Author: WinPCap Team including = Loris Degioanni Description: WinPCap is an Open Source Windows Packet Filtering Library. It provides low level internet system traffic data to other applications that leverage its utilities. Advice: This software is not necessarily hazardous unless it is used by a particular spyware threat. If you quarantine or remove all of the spyware threats from your computer you do not necessarily need to remove this program. Please note: if a legitimate application is using functionality contained in an enabler application, removing the enabler may cause that application to cease functioning properly. This application is okay to have running on your computer, as they are only dangerous if a Spyware application is also installed on your machine and exploiting it. However if you did not install this, or know of a legitimate application that did, you may consider quarantining or removing it. Please note: if a legitimate application is using functionality contained in an enabler application, it may cause that application to cease functioning properly. About Enabler: While not spyware, it provides functionality that spyware products have been known to exploit. Normally, these applications are okay to have running on your machine, as they are only dangerous if a Spyware application is also installed on your machine and exploiting it. However if you did not install this, or know of a legitimate application that did, you may consider quarantining or removing it. Please note: if a legitimate application is using functionality contained in an enabler application, removing the enabler may cause that application to cease functioning properly. = Is it true that WinPcap is being exploted by spyware? If so, can that be prevented? Philip == This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] == = This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] =
