more importantly--
this is just another symptom that 'Microsoft makes Windows run slower over
time' to force us to buy a new version'.
If the software is doing things-- that it wasn't designed (advertised) to do--
that by definition is called BLOATWARE.
It's time for MS to make performance _JUST_ as important as security.
Performance is important-- I'm hoping that Microsoft wakes up one of these days
and starts talking about the 'Software Performance Lifecycle'.
Personally; I'm sick and tired of MS forcing crapware / bloatware down our
throats.
This software that you're talking about-- is just another symptom that MS
doesn't give a crap about it's users.
-Aaron
> Date: Sat, 3 May 2008 22:45:41 -0500> From: [EMAIL PROTECTED]> To: [EMAIL
> PROTECTED]; full-disclosure@lists.grok.org.uk> Subject: Microsot DID DISCLOSE
> potential Backdoor> > While you were sleeping and focusing on COFEE...> >
> Microsoft Discloses Government Backdoor on Windows Operating Systems>
> Wednesday, April 30th, 2008 @ 6:00 am | Privacy, News>
> http://www.infiltrated.net/?p=92> > Microsoft may have inadvertently
> disclosed a potential Microsoft backdoor for law > enforcement earlier this
> week. To explain this all, here is the layman term of a backdoor > from
> Wikipedia:> > A backdoor in a computer system (or cryptosystem or algorithm)
> is a method of > bypassing normal authentication, securing remote access to a
> computer, obtaining access > to plaintext, and so on, while attempting to
> remain undetected. The backdoor may take > the form of an installed program
> (e.g., Back Orifice), or could be a modification to an > existing program or
> hardware device.> > According to an article on PC World: "The software vendor
> is giving law enforcers > access to a special tool that keeps tabs on
> botnets, using data compiled from the 450 > million computer users who have
> installed the Malicious Software Removal tool that > ships with Windows."> >
> Not a big deal until you keep reading: "Although Microsoft is reluctant to
> give out details > on its botnet buster - the company said that even
> revealing its name could give cyber > criminals a clue on how to thwart it">
> > Stop the press for second or two and look at this logically: "users who
> have installed the > Malicious Software Removal tool" followed by " Microsoft
> is reluctant to give out details > on its botnet buster - the company said
> that even revealing its name could give cyber > criminals a clue on how to
> thwart it", what? This is perhaps the biggest gaffe I've read > thus far on
> potential government collusion with Microsoft.> > We then have the following
> wording: "Microsoft had not previously talked about its > botnet tool, but it
> turns out that it was used by police in Canada to make a high-profile > bust
> earlier this year." So again, thinking logically at what has been said so far
> by > Microsoft; "We have a tool called Malicious Software Removal tool...",
> "we can't tell > you the name of this tool since it would undermine our
> snooping...", "it's been used by > law enforcement already to make a
> high-profile bust earlier this year."> > Remember a "Malicious Software
> Reporting Tool" is a lot different from a "Malicious > Software Removal
> Tool". Understanding networking, computing, botnets, let's put this > concept
> into a working model to explain how this is nothing more than a backdoor. You
> > have an end user, we'll create a random Windows XP user: Farmer John in
> North Dakota. > Farmer John in North Dakota uses his machine once a week to
> read news, send family > email, nothing more. He installed Microsoft's
> Malicious Removal Tool. Farmer John's > machine becomes infected at some
> point and sends Microsoft information about the > compromise: "I'm Farmer
> John's machine coming from X_IP_Address".> > A correlation is done with this
> information and then supposedly used to track where the > botnet's
> originating IP address is from. From the article: "Analysis by Microsoft's >
> software allowed investigators to identify which IP address was being used to
> operate the > botnet, Gaudreau said. And that cracked the case." This is not
> difficult, detect a DST > (destination) for malware sent from Farmer John's
> machine. Simple, good guys win, > everyone is happy.> > The concept of
> Microsoft's Malicious Software Removal tool not being a backdoor is > flawed.
> For starters, no information is ever disclosed to someone installing the
> Windows > Malicious Software removal tool: "Windows will now install a
> program which will report > suspicious activity to Microsoft". As far as I
> can recall on any Windows update, there has > never been any mention of it.>
> > "But this is a wonderful tool, why are you being such a troll and knocking
> Microsoft for > doing the right thing!". The question slash qualm I have
> about this tool is I'd like to know > what, why, when and how things are
> being done on my machine. It's not a matter of > condemning Microsoft, but
> what happens if at some point in time Microsoft along with > government get
> an insane idea to branch away from obtaining other data for whatever >
> intents and purposes?> > We've seen how the NSA is allowed to gather any kind
> of information they'd like (http://www.eff.org/issues/nsa-spying), > we now
> have to contend with Microsoft attempting to do the same. Any way you'd like
> to > market this, it reeks of a backdoor: (again pointing to the definition)
> A backdoor in a > computer system ... is a method of bypassing normal
> authentication, ... obtaining access > to ... , and so on, while attempting
> to remain undetected. There's no beating around the > bush here on what this
> tool is and does.> > This is reminiscent of the 90's with the NSA's ECHELON
> program. In 1994, the NSA > intercepted the faxes and telephone calls of
> Airbus. What resulted was the information > was then forwarded to Boeing and
> McDonnell-Douglas in which they snagged the > contract from under Airbus'
> feet. In 1996, the CIA hacked into the computers of the > Japanese Trade
> Ministry seeking "negotiations on import quotas for US cars on the > Japanese
> market". Resulting with the information being passed off to "US negotiator >
> Mickey Kantor" who accepted a lower offer.> > As an American you might say
> "so what, more power to us" but to think that any > government wouldn't do it
> to its own citizens for whatever reason would be absurd. > There are a lot of
> horrible routes this could take.> > What happens if slash when for some
> reason or another the government decides that you > should not read a news
> site, will Microsoft willingly oblige and rewrite the news in > accordance to
> what the government deems readable?> > How about the potential to give
> Microsoft a warrantless order to discover who doesn't > like a President's
> "health care plan", or who is irrate and whatever policy; Will Microsoft >
> sift through a machine to retrieve relevant data to disclose to authorities?>
> > That doesn't include the potential for say technological espionage and
> gouging of sorts. > What's to stop Microsoft from say, mapping a network and
> reporting all "non-Microsoft" > based products back to Microsoft. The
> information could then be used to say raise > support costs, allow Microsoft
> to offer juicier incentives to rid the network of non MS > based products,
> the scenarios are endless.> > Sadly, most people will shrug and pass it off
> as nothing. Most security buffs, experts, etc., > haven't mentioned a word of
> it outside of "the wonderful method to remove, detect, > botnets!" and I
> don't necessarily disagree it's a unique way to detect what is happening, >
> but this could have been done at the ISP and NSP level without installing a
> backdoor. > Why didn't law enforcement approach botnets from that avenue?
> Perhaps they have, this > I'm actually certain of which leads me to believe
> this is a prelude of something more > secretive that has yet to be disclosed
> or discovered.> >
> http://www.pcworld.com/businesscenter/article/145257/microsoft_botnethunting_tool_helps_bust_hackers.html>
> http://cryptome.org/echelon-ep-fin.htm (ECHELON MISHAPS)> > More on
> Microsoft's *Potential* Government Backdoor> Thursday, May 1st, 2008 @ 7:21
> am | Privacy, News> http://www.infiltrated.net/?p=92> > After reading through
> Microsoft's comments repeatedly yesterday, I cannot come to the > conclusion
> that Microsoft's "Malware Removal Tool" is not some form of backdoor. > Their
> comments in the initial article are extremely disturbing and anyone using a >
> Microsoft product should now be extremely weary about downloading new updates
> if > even deciding to continue using Microsoft at all.> > So let's take a
> look at the top botnets. Srizbi, Bobax, Rustock, Cutwail, Ozdok, Nucrypt, >
> Wopla, Spamthru, Storm, Grum, Onewordsub; These are the top as reported by
> Secure > Works.
> (http://www.secureworks.com/research/threats/topbotnets/?threat=topbotnets) >
> Guess what, eight out of eleven are all encrypted. Not that big of a deal
> until you decipher > what Microsoft stated in their original quotes in
> correlation to some facts.> > From the article: Microsoft security experts
> analyze samples of malicious code to capture > a snapshot of what is
> happening on the botnet network, which can then be used by law > enforcers,
> Cranton said. "They can actually get into the software code and say, .Here's
> > information on how it's being controlled.'"> > Perhaps Microsoft could
> clarify how exactly are they doing what they do, more > importantly, what
> information is being sent over the wire and to whom. Are they now > breaking
> code as well. Did the botnet authors go through the steps of encrypting code.
> We > know for a fact that traffic being sent from a compromised host to a
> controller is > encrypted, so what is Microsoft analyzing. What COULDN'T
> Microsoft have gained > from getting code for analysis say by working along
> with Symantec or someone else.> > Now before you shoot off an answer like
> "the code doofus, they're analyzing the code!", > think about it again. If
> they're in it to analyze solely the code, they could have worked > with
> AntiVirus vendors for samples as opposed to putting a tool on your machine
> which > collects YOUR DATA and sends it off to who knows where. A law
> enforcement agency, > or team Microsoft.> > I'll pause on this for now. How
> about the validity in stating: "Botnet Operator tracked via > IP". How
> legitimate is this argument given the fact (not presumption) that IP is a
> horrible > identifier. Let's put this in a practical example. Farmer Joe in
> Nebraska is using a DSL > connection that it always on. He uses Windows XP
> and doesn't know what a Windows > Update is so he's never used it. His
> computer is compromised, a botnet controller is > installed and attacks are
> launched from Nebraska. The attacker sanitized Farmer Joe's > machine to
> erase his tracks using multiple wipes with perhaps PGP. The end.> > For any
> business or law enforcement agency to claim they can track down via an IP >
> address, perhaps they've skimmed on the fact that there are far too many open
> WiFi > hotspots in the world to conclusively narrow a fact. We have an
> assumption that an > attacker is behind 10.10.10.159. Can we see them? No.
> All we know is the address. Being > I've used a private address, I won't
> bother diving into "but he came from ISP X in > Nebraska." Irrelevant. What
> you have is a fishing expedition.> > / SNIP> For more on this false sense of
> ID-via-IP: Well, let me ask you you think 171.70.120.60 > is. I'll give you a
> hint; at this instant, there are 72 of us.> > Here's another question. Whom
> would you suspect 171.71.241.89 is? At this point in > time, I am in
> Barcelona; if I were home, that would be my address as you would see it, >
> but my address as I would see it would be in 10.32.244.216/29. There might be
> several > hundred people you would see using 171.71.241.89;> /END SNIP> > I
> implore you to read a NANOG thread
> http://readlist.com/lists/trapdoor.merit.edu/nanog/6/33246.html>
> Professionals know, IP is an inaccurate identifier so why does it seem that
> Microsoft> along with LEO are relying on this. Makes a great baseline sure,
> but is certainly ripe> for abuse> > Again, please understand what I am
> stating, this is "not to say that its a horrible idea", its > a start, a
> baseline - but not a definitive measure of determining who is controlling a
> bot, > who created the botnet, etc.> > Looking at past history, unfortunately
> you have the tinkerers; so what happens to an up-> and-coming "security" buff
> who is getting into the field and stumbles upon a botnet. Sure > he was
> moronic to join an irc channel filled with bots, sure he was idiotic in
> downloading > the code for the sake of learning. Fact is he might have. Guess
> what will happen to him > when a Law Enforcement Agency raids his house?
> Guess what will happen when that > agency needs funding for a new uber
> Cyber(buzzword)Crime fighting department. You > guessed it. Hey
> "Up-and-coming security buff..." Kiss your terminal goodbye, and from > here
> on out, your dreams of becoming the next Bruce Schneier will be close to
> non-> existent. It happens.> > Anyhow, re-emphasizing... Shame on Microsoft
> for forwarding your data without telling > you. Shame on Microsoft for not
> asking you if you wanted to "PARTICIPATE" in > sending data. Shame on
> Microsoft for not explicitly stating: The data we are sneaking off > your
> computer will be sent to government agencies of our choice. Its a horrible
> practice > and a damaging breach of trust. Their action worries me as a
> security professional, will > they ever scour for data for profit. Why not,
> no one would notice or care anyway.> > J. Oquendo> sil @ infiltrated dot net>
> > -- > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+> J. Oquendo> SGFA
> #579 (FW+VPN v4.1)> SGFE #574 (FW+VPN v4.1)> > wget -qO -
> www.infiltrated.net/sig|perl> >
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB>
_________________________________________________________________
Windows Live SkyDrive lets you share files with faraway friends.
http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh_skydrive_052008
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
