Well... but let's look at the logic of Microsoft's statement:

Some spyware developers utilize features provided by WinPcap in their exploits
  Therefore: we should recommend removing WinPcap

By the same logic:
Most spyware developers utilize features in Microsoft operating systems in the 
exploits
  Therefore: we should recommend removing all Microsoft operating systems.

Well, at least it makes sense to me. ;-)

---
Steighton Haley                          [EMAIL PROTECTED]
Software Engineer

"There are 10 types of people in this world,
those who understand binary, and those who don't."
 

> -----Original Message-----
> From: Fulvio Risso [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, January 06, 2005 11:07 PM
> To: winpcap-users@winpcap.polito.it
> Subject: RE: [WinPcap-users] WinPcap identified as spyware by 
> Microsoft AntiSpyware Beta 1
> 
> Hi.
> Unfortunately, there are some spyware (cain, if I remember 
> well) which are using WinPcap for  performing their job.
> Hence, the alarm that comes from Microsoft is not so wrong.
> 
> However, I feel there's nothing to do against this problem. 
> Unless convincing who is developing spyware not to use 
> WinPcap, but I fee this a bit tricky...
> 
>       fulvio
> 
> > -----Original Message-----
> > From: Philip Stoev [mailto:[EMAIL PROTECTED]
> > Sent: giovedý 6 gennaio 2005 19.30
> > To: winpcap-users@winpcap.polito.it
> > Subject: [WinPcap-users] WinPcap identified as spyware by Microsoft 
> > AntiSpyware Beta 1
> >
> >
> > Hello,
> >
> > WinPcap is identified as follows:
> >
> > WinPCap
> > Type: Enabler
> > Threat Level: Low
> > Author: WinPCap Team including = Loris Degioanni
> > Description: WinPCap is an Open Source Windows Packet Filtering 
> > Library. It provides low level internet & system traffic 
> data to other 
> > applications that leverage its utilities.
> >
> > Advice: This software is not necessarily hazardous unless 
> it is used 
> > by a particular spyware threat. If you quarantine or remove 
> all of the 
> > spyware threats from your computer you do not necessarily need to 
> > remove this program. Please note: if a legitimate 
> application is using 
> > functionality contained in an enabler application, removing the 
> > enabler may cause that application to cease functioning properly.
> > This application is okay to have running on your computer, 
> as they are 
> > only dangerous if a Spyware application is also installed on your 
> > machine and exploiting it. However if you did not install this, or 
> > know of a legitimate application that did, you may consider 
> > quarantining or removing it. Please
> > note: if a legitimate application is using functionality 
> contained in 
> > an enabler application, it may cause that application to cease 
> > functioning properly.
> >
> > About Enabler: While not spyware, it provides functionality that 
> > spyware products have been known to exploit. Normally, these 
> > applications are okay to have running on your machine, as they are 
> > only dangerous if a Spyware application is also installed 
> on your machine and exploiting it.
> > However if
> > you did not install this, or know of a legitimate application that 
> > did, you may consider quarantining or removing it. Please 
> note: if a 
> > legitimate application is using functionality contained in 
> an enabler 
> > application, removing the enabler may cause that 
> application to cease 
> > functioning properly.
> >
> > =====
> >
> > Is it true that WinPcap is being exploted by spyware? If 
> so, can that 
> > be prevented?
> >
> > Philip
> >
> >
> >
> >
> > ==================================================================
> >  This is the WinPcap users list. It is archived at  
> > http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
> >
> >  To unsubscribe use
> >  mailto: [EMAIL PROTECTED]
> > ==================================================================
> 
> 
> 
> ======================
>  This is the WinPcap users list. It is archived at  
> http://www.mail-archive.com/winpcap-users@winpcap.polito.it/
> 
>  To unsubscribe use
>  mailto: [EMAIL PROTECTED]
> ======================
> 


================================================================= This is the 
WinPcap users list. It is archived at
 http://www.mail-archive.com/winpcap-users@winpcap.polito.it/

 To unsubscribe use
 mailto: [EMAIL PROTECTED]
=================================================================

Reply via email to