North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Spyware becomes increasingly malicious

  • From: Alexei Roudnev
  • Date: Tue Jul 13 13:55:40 2004

>
> The authors of these coolwebsearch variants are extremely
> intelligent programmers with far more understanding of
> the bowels of the windows platform than your average
> script kiddies.  If you get hit with the version I saw,
> it's no 10 minute piece of cake.

It makes spywire more dangerous than viruses, which are written (in 99.99%
cases) by more younger and less experienced persons (and without good QA,
good project management etc).

>
> What I don't understand is how exploiting bugs in a
> program (internet explorer) to install software without
> the consent or even acknowledgement from the owner/user
> is legal behavior.  To me, it's just like someone abusing


It is not a bug; it is specially designed IE feature. MS always was proud of
their full automation - install on demand,
update automatically, add new software to start at a startup without need to
be system admin, etc etc... As a result, we have a field full of bugs,
pests, pets, spiders, spies and so on... They have _exactly_ what they
designed. No one even bored to ask me 'do you want to allow this registry
change' , because 'MS believe that their users are lamers so everything must
be automated from the beginning to the end'...

It is another weak side of MS design (first one is complexity....) and other
side of MS agriculture (first one is monoculture
easily infected by mortal infection). I do not blame MS, but what about
spyware on MAC-s - is it so easy to write and install spyware there?


> a bug in bind, and installing a rootkit, which last time

It is a difference. This was a bug. Bind have not undocumented features.

MS have millions of undocumented features, and (because they never opened
their OS and never published full specs) every developer play a game 'find a
feature before competitors and use it'. As a result, someone finds features
which was not designed but just 'happened' -:). Anyway, this are a features,
not a bugs. This is 100% legal at this point (and even if it is not legal,
who bored about it outside of USA? No anyone!).

> I checked, could end up getting someone in legal troubles.
>
> For another hastily-thought-out analogy, it's like someone
> breaking into your house and reprogramming your cable box
> to keep changing the channel to the home shopping club
> every 30 seconds.
>
> -Brian
>