As spooky as "deep packet inspection" might sound, there's not much that can be done if all of the traffic is encrypted since there would be no way to differentiate between email, P2P, and normal web surfing. Yet another reason to start using Tor... aside from the whole wiretapping mess.
As I'm sure you're well aware, 99% of today's malware (viruses, worms, spyware, etc.) is targeted at Windows. These threats are able to spread almost exclusively due to underlying security vulnerabilities in the OS. Now that Microsoft is moving into the anti-malware market with such products as the free Microsoft AntiSpyware and subscription-based Windows OneCare, Microsoft is moving into a market dominated by companies who specialize in these security solutions. Isn't it a conflict of interest for Microsoft to charge money to fix problems created by its own security vulnerabilities, and why should users trust these solutions over others to protect them?
I find this part of the security bulletin especially interesting:
"Windows 2000 is not affected by this vulnerability. However the additional security-related change does affect Windows 2000 and we recommend customers install this update."
The old adage usually goes "if it ain't broke, don't fix it". Why would they ask people to patch something that isn't broken? Does this indicate that they expect to find a similar flaw in the indexing service on Win2K?
If I used your logic, any driver that might be used by spyware should be flagged. I guess it's time to write 3Com, Broadcom, and everyone else to tell them that their NIC drivers are spyware.
If your definition of spyware is "the subsystems used by spyware and the malicious code itself" then Internet Explorer and Windows Installer (the two main entry points for spyware) should be flagged as well.
You gotta love it - I just ran a scan to test this puppy out and found that Microsoft has decided to flag WinPCap as spyware. Anyone who runs tools like nmap, Ethereal, and other open-source network utilities that have been ported to Windows must be evil!
They give it a "low" threat rating, and automagically tell the software to "ignore" it (that is, don't remove it), but I'm still offended.
Then again, if WinPCap is on your system and you don't know what it is, I guess it's not a horrible idea to let the clueless know about it...
Slashdot Mirror
As spooky as "deep packet inspection" might sound, there's not much that can be done if all of the traffic is encrypted since there would be no way to differentiate between email, P2P, and normal web surfing. Yet another reason to start using Tor... aside from the whole wiretapping mess.
Mr. Nash,
As I'm sure you're well aware, 99% of today's malware (viruses, worms, spyware, etc.) is targeted at Windows. These threats are able to spread almost exclusively due to underlying security vulnerabilities in the OS. Now that Microsoft is moving into the anti-malware market with such products as the free Microsoft AntiSpyware and subscription-based Windows OneCare, Microsoft is moving into a market dominated by companies who specialize in these security solutions. Isn't it a conflict of interest for Microsoft to charge money to fix problems created by its own security vulnerabilities, and why should users trust these solutions over others to protect them?
It's even funnier/more disturbing that the resolution to this is a patch for the kernel. From MS05-002 bulletin:
File Information:
Cmd.exe
Kernel32.dll
Win32k.sys
I find this part of the security bulletin especially interesting:
"Windows 2000 is not affected by this vulnerability. However the additional security-related change does affect Windows 2000 and we recommend customers install this update."
The old adage usually goes "if it ain't broke, don't fix it". Why would they ask people to patch something that isn't broken? Does this indicate that they expect to find a similar flaw in the indexing service on Win2K?
WinPCap is not spyware, not by anyone's definition except your own. WinPCap is a driver and some libraries. In case you aren't sure what spyware is, look here: http://www.google.com/search?hl=en&q=define%3Aspyw are
If I used your logic, any driver that might be used by spyware should be flagged. I guess it's time to write 3Com, Broadcom, and everyone else to tell them that their NIC drivers are spyware.
If your definition of spyware is "the subsystems used by spyware and the malicious code itself" then Internet Explorer and Windows Installer (the two main entry points for spyware) should be flagged as well.
You gotta love it - I just ran a scan to test this puppy out and found that Microsoft has decided to flag WinPCap as spyware. Anyone who runs tools like nmap, Ethereal, and other open-source network utilities that have been ported to Windows must be evil!
They give it a "low" threat rating, and automagically tell the software to "ignore" it (that is, don't remove it), but I'm still offended.
Then again, if WinPCap is on your system and you don't know what it is, I guess it's not a horrible idea to let the clueless know about it...