Re: Gadi Busted In Massive Conspiracy

[Valdis.Kletnieks () vt edu]

On Thu, 02 Feb 2006 22:10:02 PST, Randy Abrams said:

> They don't even know they are running the tool. This is a silent download
> (after the first time) that runs in the background. It is delivered with
> Windows Update automatically and there is no UI until it finds something.
> All it takes is a default XPSP2.

Does this happen even if autoupdate isn't enabled? Or on pre-XPSP2 systems, of
which there are a lot?  Or if it decides to update at 3:17AM, and the box is
turned off then? Or if the person is on dialup? Or if a proxy/NAT needs to be
configured? (I don't know, as I don't do Windows that extensively...)

As an aside, consider that there's a clear existence proof that anything
delivered along with the auto-update doesn't get to as many places as we'd wish -
after Patch Tuesday, there's still a significant number of unpatched machines
out there...

I'll skip the paranoid concept that the XPSP2 EULA gives the tool the right to
declare critical files from a Firefox or OpenOffice install 'malicious' and
nuke them without notifying the user...  Even MS wouldn't stoop *that* low.
(Although the legalistics that would happen with a sufficiently big false
positive *would* be amusing to watch from the sidelines. ;)

(Of course, if it's rammed down user's throats with XPSP2, then there's probably
a few percent at least, and making the extrapolation becomes statistically
viable.  At least *if* you can get your hands on Microsoft's stats from the
service....)

Attachment: _bin
Description:

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.