[funsec] mildly ironic issue with Microsoft anti-spam
download
Aryeh Goretsky
goretsky at gmail.com
Mon Oct 30 21:49:06 CST 2006
Hello,
Well, I'd understand (and be less surprised) if it was something like an
updated paint program or text editor, but this is a component which is supposed
to improve end-user security. One would think that for something like this a
signed package would be required.
Regards
Aryeh Goretsky
At 07:28 PM 10/30/2006, Valdis.Kletnieks at vt.edu wrote:
>On Mon, 30 Oct 2006 01:08:15 PST, Aryeh Goretsky said:
> > Hello,
> >
> > Microsoft has a new plugin available for reporting spam to
> Microsoft directly
> > from within Outlook. More information, plus download instructions at:
> >
> >
> <http://www.microsoft.com/downloads/details.aspx?FamilyID=53541292-ce94-4c
>5b-9127-b7d56f11b619&DisplayLang=en>
> >
> > What's strange is that the .MSI file is not signed.
> >
> > It is mildly ironic that Microsoft didn't place the file in an AuthentiCode
> > wrapper. I would think that a tool designed to improve user security would
> > have this.
>
>Yeah well, they had to cut a few corners to make the ship date - after all,
>they only have 2 months left to solve the spam problem like Bill Gates
>promised. :)
>
>More seriously though - does it really *matter*? Consider the class of
>users that will report spam directly to MS - they wouldn't understand if
>it was signed, or what the benefits are. Conversely, the people who
>understand what AuthentiCode is almost certainly already have procedures
>in place.
>
>"Wow, I'm so clued I know what Authenticode is. Gee, I'd report all this
>spam if somebody gave me a big shiny button I'm too lame to do
>myself...." :)
>
More information about the funsec
mailing list