Re: Software Makers Fight Spyware Blacklist, Murky Definition

From: Martin (martin_nospam_at_btinternet.com)
Date: 03/13/05

  • Next message: donnie: "Re: unable to access internet after upgrading IE"
    Date: Sun, 13 Mar 2005 20:01:18 +0000 (UTC)
    
    

    Joe Moore wrote:
    > Martin <martin_nospam@btinternet.com> wrote:
    >
    >
    >>MrPepper11 wrote:
    >>
    >>
    >>>In at least two cases AOL removed programs from its spyware list:
    >>>SideStep Inc., a closely held online travel service that downloads a
    >>>program onto users' computers, and market researcher comScore Networks
    >>>Inc., which pays Internet users to place its software on their
    >>>computers to track their online behavior.
    >>
    >>On a similar note, the Microsoft Beta tool highlights Real VNC as medium
    >>risk because it can be used to take remote control of a PC. As far as I
    >>know there isn't any malware in Real VNC and it's unjustified to
    >>highlight it by an anti-spyware product.
    >
    >
    > When you say that there isn't any malware in Real VNC, I think you're
    > missing the point. Spyware detection should be based on the capability
    > and behavior of the program, not the suspected motivation of the
    > installer.

    I'd normally agree with you, but it's kind of hard when it comes to VNC.

    I've never heard of VNC trying to install itself from an ActiveX
    commponant, or just from clicking on a web page or through P2P

    It's huntable if you know what you're looking for, otherwise you'd never
    come across it accidentally.

    On their home page it states "The system allows several connections to
    the same desktop, providing an invaluable tool for collaborative or
    shared working in the workplace or classroom. Computer support within
    the geographically spread family is an ever popular use."

    It does what it says on the tin! So what else do people expect when they
    install it?

    > If someone didn't know a program capable of allowing remote control of
    > their PC was there, why not tell them?

    It says on the home page of their web site, so they know what it does
    when they grab it.

    >It's their computer. If they
    > know the programs capabilities, and still want it there, fine.

    Absolutly, but it's not spyware

    >>I'd also suggest that it's up to the user to know what is on his/her PC
    >>and remove that shouldn't be there, not to just blindly go and execute
    >>every recomended action willy-nilly.
    >
    >
    > Using anti-spyware computers is an automated attempt for the user to
    > know what's on his computer and remove what shouldn't be there.

    Do you have the same kind of users I have to deal with? I know you do :)

    Ok, we all have them, "Martin, I deleted the program with the little
    Teddy Bear because it's an unknown virus and ... " Microsoft
    highlighting none spyware programs as possible spyware is making our job
    harder not easier.

    I'd have a lot more sympathy if VNC actually spread through
    spam/ActiveX/malicious web sites etc. but they don't. I can see it now
    that system admins are going to be tearing their hair out because MS
    classify things like VNC as "possible danger" and they get deleted.

    > And when the number of actions recommended exceeds a certain
    > threshold, they will be executed willy-nilly.

    I know, and I've done it myself at times :~ you DO tend to get a bit
    "click happy"

    > That is just human
    > nature. People whose computers have become infested with junk due
    > to their trusting of untrustworthy folks will decide to trust
    > their antispyware program in the hope that they made the right
    > decision this time.

    That means the anti- has to be accurate with the classification. Yes,
    things like VNC are a potential security rick, but they are also a
    godsend for admin types. They should not be highlighted by malware
    scanners when they are not malware. I know the definition is hard
    because a lot of what things like VNC do is what malware do, but there
    is a vast difference in the use and implementation. I've met loads of
    PCs with malware, I've never met one with an accidental install of VNC.

    > The problem is not one of definition. The problem is one of behavior.
    > When good programs start acting like bad ones (auto-updates over the
    > net without asking for instance), even with the purest of motivation,
    > they have to expect to be classified as bad until proven otherwise.
    > And by "proven" I mean a credible explanation of why the behavior is
    > _necessary_ not just convenient for the programmers.

    Hee, not just the programmers :) I do agree with a lot of what you have
    said. There is some responsability in the malware scanners to do a bit
    of homework and not highlight none malware though.

    I haven't tried yet, but presumably the MS tool will also throw up
    things like Access-Remote, GoToMyPC, RemotePc....the real question is do
    they also throw up Terminal Server? My guess is yes to the former and no
    to the latter - but then I am cynical.

    >
    > joemooreaterolsdotcom


  • Next message: donnie: "Re: unable to access internet after upgrading IE"

    Relevant Pages

    • Re: Poker accounts hacked
      ... I do use Real VNC to access my home computer from work. ... computer runs Windows ME, so the remote access in Windows XP, which I ... But it requires password access to get control of my home computer. ...
      (rec.gambling.poker)
    • VNC install with accept from user
      ... (Any version ultra or real VNC) ... The version of VNC to be installed must have security whereby the user ... must accept or decline incoming calls from VNC. ... How can this be established as the VNC installs as standard with no ...
      (microsoft.public.windowsxp.work_remotely)
    • VNC on Mac 10.4. Can view it for a few seconds only
      ... Trying to get this VNC working on a Mac running 10.4. ... connecting using Real VNC or Ultra VNC it does prompt for the password and ... Real VNC is running on my PC. ...
      (comp.sys.mac.system)