Re: WinPCap
From: George M. Garner Jr. (gmgarner_at_newsgroup.nospam)
Date: 12/16/04
- Next message: it_exprt: "Re: explorer.exe"
- Previous message: George M. Garner Jr.: "Re: WinPCap"
- In reply to: gmrad: "Re: WinPCap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 Dec 2004 01:04:33 -0500
gmgrad,
If I suddenly found msword.exe on my computer and didn't install it I would
be just as worried. The software is riskware and you need to find out how
it got there.
WinPCap is legitimate software that adds "the ability to capture and send
raw data from a network card, with the possibility to filter and store in a
buffer the captured packets." http://winpcap.polito.it/. It is widely used
in the information security community. The same features may make it
attractive for many other purposes, some of which are legitimate and some of
which are not. Not knowing what software you have installed lately I cannot
say for what purpose it is being used on your machine. WinPcap comes with
an uninstall applet. Trying uninstalling it from the Control Panel->Add and
Remove Programs and see what breaks. If there is no option to remove it in
Add and Remove Programs (not a good sign) you can change the file access
permissions on it to NoAccess-Everyone. This will effectively prevent
anyone from accessing it. (I often find that adware programs are
self-healing and will simply reinstall a component if you delete it.)
With the introduction of SP2, Microsoft effectively disabled raw ip in
Windows XP. The change affects many legitimate software vendors as well as
certain malware. WinPcap represents one possible workaround, albeit not a
particularly stealthy one.
Regards,
George.
- Next message: it_exprt: "Re: explorer.exe"
- Previous message: George M. Garner Jr.: "Re: WinPCap"
- In reply to: gmrad: "Re: WinPCap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
