Microsoft Remotely Deleted Tor From Windows Machines To Stop Botnet 214
An anonymous reader writes "Microsoft remotely deleted old versions of Tor anonymizing software from Windows machines to prevent them from being exploited by Sefnit, a botnet that spread through the Tor network. It's unclear how many machines were affected, but the total number of computers on the Tor network ballooned from 1 million to 5.5 million as Sefnit spread. 'By October, the Tor network had dropped two million users thanks to Sefnit clients that had been axed. No one, not even the Tor developers themselves, knew how Microsoft had gone on a silent offensive against such a big opponent and won a decisive battle,' the Daily Dot reported. In a blog post, Microsoft claimed it views Tor as a 'good application,' but leaving it installed presented a severe threat to the infected machines."
A Microsoft Killswitch (Score:2, Interesting)
Who knew?
Re:A Microsoft Killswitch (Score:5, Informative)
So called Anti-virus software is a kill switch. So everyone who knew their Windows PC was running Windows Security Essentials or any of the other Microsoft AV products knew.
Re: (Score:2)
It wasn't necessarily done through Security Essentials. It might have been done through Windows Update.
Re: (Score:3, Funny)
Hardly! They never could have uninstalled so many that way. Don't you know Windows Update doesn't run on pirated copies of Windows anymore?
Re: (Score:2)
A part of every monthly Windows Update is a program called Malicious Software Removal Tool.
Re:A Microsoft Killswitch (Score:5, Informative)
It might have been done through Windows Update.
Not at first [technet.com], although the signature for Tor v0.2.3.25 used in Sefnit was added later to the Malicious Software Removal Tool that Windows Update regularly pushes out.
Re: (Score:3)
Re: (Score:2, Informative)
"Despite the warnings about the privacy of Windows users from Jacob Appelbaum while on stage in Germany, Lewman seems less concerned. He surmises that Microsoft used its Microsoft Security Essentials software to eliminate the programs, a program users must install themselves."
Re:A Microsoft Killswitch (Score:5, Informative)
He surmises that Microsoft used its Microsoft Security Essentials software to eliminate the programs, a program users must install themselves.
Or he could read Microsoft's own statement [technet.com], where they say exactly how they eliminated Tor:
October 27, 2013: We modified our signatures to remove the Sefnit-added Tor client service. Signature and remediation are included in all Microsoft security software, including Microsoft Security Essentials, Windows Defender on Windows 8, Microsoft Safety Scanner, Microsoft System Center Endpoint Protection, and Windows Defender Offline.
November 12, 2013: Signature and remediation is included in Malicious Software Removal Tool and delivered through Windows Update/Microsoft Update.
Re: (Score:2, Insightful)
*whew*
"Microsoft Remotely Deleted Tor From Windows Machines To Stop Botnet" with no context screams "we can just remote into your system whenever we like". Having an infected client added to the malware list seems like a really responsible way to react to the threat.
That being said, I'm still pretty sure they can just remote in whenever they like...
Re: (Score:3)
They can certainly target any software they like by the same methods. I can't see them going after legitl software that you installed yourself on purpose. That would open them up to the mother of all anti-trust lawsuits. Going after what everybody agrees are bad guys is safe.
Re: (Score:2)
"They can certainly target any software they like by the same methods."
Not really, all the malicious software has to do going forward is block any incoming updates from Microsoft for their security products.
Re: (Score:2)
Yes. For example, if they removed TOR that would be outrageous, but this is different. Oh, wait ...
Re:A Microsoft Killswitch (Score:5, Informative)
Who knew?
"Malicious Software Removal Tool" has been a Windows update for years. (Since 2005 http://en.wikipedia.org/wiki/Windows_Malicious_Software_Removal_Tool [wikipedia.org]) What did you think it did? You have the option of not running it. If the update is selected / run it is a local program run one time after updates are installed that "checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month."
http://www.microsoft.com/en-ca/download/malicious-software-removal-tool-details.aspx [microsoft.com]
Re: (Score:2)
prevalent malicious software (including Blaster, Sasser, and Mydoom)
Yup, that's 2005 alright. Or even 2004 and 2003.
Hardly inspires confidence that they haven't updated the description in nearly a decade.
Re: (Score:2)
Re: (Score:3)
Well, you grant it that authority, so unless you're suggesting you shouldn't have that authority, I don't know what your point is.
Re:A Microsoft Killswitch (Score:5, Insightful)
I would go one step further - and say that if you are REALLY on top of your game, then you would have noticed this malware running on your system, removed it yourself and the "eViL WiNdOwS" Malicious Software Removal Tool would have done nothing to your PC anyhow.
If you aren't on the ball enough to notice that your system has become infected, don't be so quick to anger when someone else removes the problem on your behalf.
Re: (Score:3)
Bingo. In those years that I ran Windows, I always had a good idea of how my machine was running, how it was using resources, and what was calling for those resources. In the earlier days of virus infections, I seldom recognized a virus, and virus detectors failed to identify viruses. But, the fact that 60%+ of system resources were devoted to something that I couldn't identify was a sure tipoff.
Re: (Score:2)
Bloatware leads to one of two conclusions. Either:
1. The user doesn't understand what his OS and applications do, and so he needs someone to secure his computer for him.
OR
2. The user understands the software on his machine, and he can remove what he deems unnecessary.
The presence of bloatware strongly indicates the person falls into category #1, at least for Windows machines. I also have no problem with the idea that a person could be a guru on one system and a total noob on another.
The decision to"secure i
Re:A Microsoft Killswitch (Score:5, Insightful)
Some people find TOR using a Chrome browser. Should they have the authority to remove that too only to tell you about it later in a blog?
No, of course not. Old, known-bad versions of TOR that have numerous exploits active in the wild are removed. Not Chrome browser as it's not malicious software.
To quote another poster [slashdot.org] a few threads down
If a PC was infected with Sefnit and had the signature old version of Tor in the hidden location, Tor was removed because it's logically the case that Tor was just part of the virus payload. Because of the unique install directory, there wasn't even a remote chance for false positives. Publicly available tools that can be used for good or bad are hijacked by viruses all the time, and it's never a surprise if an anti-virus removes that tool when the virus specific files are removed.
Re: (Score:3)
Not Chrome browser as it's not malicious software.
Hypothetically, one could write a botnet client that ran under Chrome's native code (making it platform-specific to Chrome). The results would be interesting on several axes - I'm sure Microsoft is praying nobody does that. The Shadows(b5) would write one to see what happens.
Re:A Microsoft Killswitch (Score:5, Informative)
Some people find TOR using a Chrome browser. Should they have the authority to remove that too only to tell you about it later in a blog?
RTFA:
"To fight back, Microsoft remotely removed the program from as many computers as it could, along with the Tor clients it used."
Sounds like they removed the malware and the files it downloaded.
Re: (Score:2)
MOD THIS UP. We may have been suckered by the news media (once again) trying to make much ado about nothing. Show us a story about MS deleting software people actually installed. THAT would be a story.
Re:A Microsoft Killswitch (Score:5, Informative)
Microsoft Security Essentials is antivirus software. By definition it must have the authority to remove, isolate, disable, and delete software from your computer. The computer owners installed MS Security Essentials precisely to perform this specific service.
Have any Tor installations been removed that were not associated with Sefnit? It appears to me that the only software that was removed was the specific version of Tor that Sefnit used and, in most cases, when the Tor client has been installed a system service (which is very, very non-standard). MS did not remove the most recent version of the client.
You're just spreading FUD about a non-story. This is less interesting than all those stories about antivirus false positives rendering Windows unable to boot [cnet.com].
Re: (Score:2)
It must by definition remove, isolate, and disable malware. Claiming that whatever it removes is fair game is absurd. Maybe I run an old buggy version of something on purpose. I mean, I know that nobody would ever do that [microsoft.com], but just imagine if it actually happened. By your logic, M$ can and should remove XP from all systems immediately, as i
Comment removed (Score:5, Informative)
Re: (Score:2)
Some people find TOR using a Chrome browser. Should they have the authority to remove that too only to tell you about it later in a blog?
The user granted Microsoft permission to do so with the installation of a security program, and there is an indication that only the Sefnit installed Tor was affected. How is it bad for a security program to remove botnet C&C? Oh, because Microsoft did it.
Re:A Microsoft Killswitch (Score:5, Interesting)
This doesn't sound much different to any other anti-virus removal. Microsoft almost certainly used the Microsoft Security Essential update to kill Sefnit, as they do with so many other viruses.
"the total number of computers on the Tor network ballooned from 1 million to 5.5 million as Sefnit spread"
These weren't dedicated Tor nodes that were taken offline because they were being used for malicious purposes, these were infected PCs with a virus that used Tor as the communication protocol. An outdated and vulnerable version of Tor was hidden in a "location that almost no human user would"
If a PC was infected with Sefnit and had the signature old version of Tor in the hidden location, Tor was removed because it's logically the case that Tor was just part of the virus payload. Because of the unique install directory, there wasn't even a remote chance for false positives. Publicly available tools that can be used for good or bad are hijacked by viruses all the time, and it's never a surprise if an anti-virus removes that tool when the virus specific files are removed.
Re:A Microsoft Killswitch (Score:5, Funny)
Please move along.
(You're welcome to join me as I sit quietly in the corner, waiting to get modded down to troll.)
Re: A Microsoft Killswitch (Score:2)
So true. I just got modded down from +3 interesting to troll for posing the legal QUESTION of patents and indemnity for Linux in a the previous JP Morgan ATM thread. The stupidest comments got modded up.
Re: (Score:3)
Re:A Microsoft Killswitch (Score:5, Informative)
Did some more digging. Here are the details (from http://blogs.technet.com/b/mmpc/archive/2014/01/09/tackling-the-sefnit-botnet-tor-hazard.aspx [technet.com]) :
Cleanup efforts
Since the Sefnit-caused Tor eruption in August, we have worked to curb this risk. In this process, we consulted with Tor project developers to help plan the cleanup. We retroactively remediated machines that had previously been cleaned of Sefnit but still had a Sefnit-added Tor service:
October 27, 2013: We modified our signatures to remove the Sefnit-added Tor client service. Signature and remediation are included in all Microsoft security software, including Microsoft Security Essentials, Windows Defender on Windows 8, Microsoft Safety Scanner, Microsoft System Center Endpoint Protection, and Windows Defender Offline.
November 12, 2013: Signature and remediation is included in Malicious Software Removal Tool and delivered through Windows Update/Microsoft Update.
Re:A Microsoft Killswitch (Score:5, Interesting)
I am actually appreciating more and more, in retrospect, how non-intrusive Microsoft was for all those years and still is. Compared to today's Internet, and the PowerBook that wants a credit card number before I can even do a software update or download XCode (since it's all linked to the App Store now), Microsoft was/is a model of responsibility.
Re: (Score:2)
Yes, I finally broke down and created a new phony ID and got my XCode and my updates without entering any CC info. But it shouldn't be like this in the first place. I resent it.
And coming back to Microsoft, actually the XBox is adopting all these same spam-ridden tactic
Battle (Score:5, Insightful)
No one, not even the Tor developers themselves, knew how Microsoft had gone on a silent offensive against such a big opponent and won a decisive battle
It seems pretty obvious - the people who's machine had Tor removed didn't know it was installed and weren't using it to begin with. When MS removed it, they didn't notice or complain.
Re:Battle (Score:5, Insightful)
Exactly this version of Tor was installed in a non-obvious and non-trivial location to get to and as a service. Microsoft asked the Tor developers "Anybody actually do this?", Answer: "Nope.". Microsoft then nuked the rogue Tor apps either through Microsoft Security Essentials or through Malicious Software Tool removal app.
Re: (Score:2, Interesting)
Exactly this version of Tor was installed in a non-obvious and non-trivial location to get to and as a service. Microsoft asked the Tor developers "Anybody actually do this?", Answer: "Nope.". Microsoft then nuked the rogue Tor apps either through Microsoft Security Essentials or through Malicious Software Tool removal app.
Was the botnet doing anything bad? Or was it just making Tor faster for everyone?
Re:Battle (Score:4, Funny)
Re:Battle (Score:5, Informative)
Was the botnet doing anything bad? Or was it just making Tor faster for everyone?
Even if it was doing nothing but running tor in the background, then for people that don't have unlimited bandwidth use yes it was doing something bad.
Re: (Score:3)
Anything bad? As in taking up computer and network resources without authorization? Yes.
Re:Battle (Score:5, Informative)
Was the botnet doing anything bad? Or was it just making Tor faster for everyone?
Actually, it shit up the network so badly that Tor developers considered it effectively a DDoS attack. During the peak of the infection, the network was effectively unusable, with latencies exceeding that of the typical TCP connection timeout of 120 seconds. As it turns out, using an anonymizing network doesn't translate into knowing how to build a network-aware application that doesn't stomp on its own dick so hard that the only thing the bot-net ever appears to have done was shit up the Tor network -- it does not appear it was ever activated in any meaningful capacity because the botnet owner, having shit the network it connected to, wasn't able to actually send commands to the majority of clients.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I'm just tinfoil-hatting here, but do we know that wasn't its intended purpose?
Because of the pathetically few hits on honeypots indicated it managed to attempt two things: Bitcoin mining (lol; a couple million infections over a two month period earned him maybe $100), and click fraud... so basically he defrauded two institutions widely regarded as fraudulent in their own right. Woooo.... big achiever.
Re: (Score:3)
My tinfoil hat says it worked as intended. Making TOR unusable in this period of time would discourage its use by non-technical computer users who were probably flocking to it for privacy's sake.
I mean, nobody'd do straight DDOS over TOR because exit nodes are limited and a DDOS just wouldn't happen by definition. And if somebody wanted to do C&C over TOR, wouldn't you think they'd set the zombies up to act as bridges and relays rather than straight clients? The tinfoil hat says this was deliberately do
Re: (Score:2)
My tinfoil hat says it worked as intended. Making TOR unusable in this period of time would discourage its use by non-technical computer users who were probably flocking to it for privacy's sake.
Except for the part where MS security researchers asked the Tor devs if this type of installation was normal, and they said "No."
That's why the tinfoil hat moniker came about in the first place: to identify FUD and other nonsense.
At the end of the day, the malware got removed, and there was no public outrage from people losing their legitimate Tor installations---because only the bad ones got wiped.
If you don't run a Microsoft security product and don't choose the Malicious Software Removal Tool from Window
Re: (Score:3)
Was the botnet doing anything bad?
Mining bitcoins.
Re: (Score:3)
Your question is answered in TFA. They were mining BitCoins.
At the risk of feeding the troll.... (Score:3)
Well, I don't really detect sarcasm, and same for troll detection, yet I have a hard time accepting these as real questions, but what the hell....
According to TFA, the botnet was mining bitcoins for the two botnet 'herders'.
'Doing anything bad?'
1.) Taking control away from the PC's owner and covertly installing malware
2.) Using significant amounts of energy at the owners expense without agreement
3.) Tor network users jumped from approx. 1 million users, to over 5 million users when this botnet went online.
Re: (Score:2)
It was mining bitcoins on the slave machines.
At a minimum, there is an increase in electrical consumption. Also, potentially: slowdowns, overheating, bandwidth overages (some countries have metered internet), misc compatibility issues.
Security Patch (Score:3)
Re:Security Patch (Score:5, Funny)
Yeah ... when every few weeks or so Windows Update tells me it's going to download something called the Malicious Software Removal Tool, I've always wondered what it did. We might have a few new clues here.
Re: (Score:2)
Hmm, I always read it as: "Malicious, Software Removal Tool" and opted out to avoid having it maliciously remove my software. I would even be shocked that MS would even propose such a thing, but I read slashdot, so I did expect such and worse...
But in retrospect, perhaps you are right, and it is just a Tool that removes Malicious Software?
Honest mistake, I mean that's how Pythia had all the success...
Re: (Score:2)
MSRT could also be MicroSoft Removal Tool... but that would just be a Linux install disk of whatever flavor you choose.
No killswitch (Score:2, Insightful)
there's no "killswitch" it just got added to the definitions for removal. nothing to see here.
Microsoft malicious software removal tool.. (Score:4, Informative)
Removes malicious software, that just happens to use Tor.
Come on /., you can do better than this.
Re: (Score:3)
It's not even good trolling on the author's part.
It'd be like a piece of malware that installs an old copy of VNC for spying purposes, in a hidden folder, with a obscure named .EXE, starting in an arcane point in the registry, and then leading with a headline of: Microsoft Removes VNC From Computers!.
just wow (Score:2)
Alternate headline (Score:2)
Microsoft remotely deleted a characteristic version of Tor and other maliciously installed software which a botnet had installed from Windows machines to stop said botnet, just as it does for all kinds of malicious software via its (get this) Malicious Software Removal tool (which regularly appears in Windows Update) and/or Microsoft Security Essentials, which you, the user, gave it permission to do.
...but it didn't fit*.
*in length or in terms of agenda.
Comments from Jacob Appelbaum and Roger Dingledine (Score:3, Informative)
Re:Nothing to see here... (Score:5, Informative)
Well we do know if we bother to RTFA.
Re:Nothing to see here... (Score:5, Informative)
Well we do know if we bother to RTFA.
Indeed
Since the Sefnit-caused Tor eruption in August, we have worked to curb this risk. In this process, we consulted with Tor project developers to help plan the cleanup. We retroactively remediated machines that had previously been cleaned of Sefnit but still had a Sefnit-added Tor service:
October 27, 2013: We modified our signatures to remove the Sefnit-added Tor client service. Signature and remediation are included in all Microsoft security software, including Microsoft Security Essentials, Windows Defender on Windows 8, Microsoft Safety Scanner, Microsoft System Center Endpoint Protection, and Windows Defender Offline.
November 12, 2013: Signature and remediation is included in Malicious Software Removal Tool and delivered through Windows Update/Microsoft Update.
Re: (Score:2)
Re:Not sure how I feel about this... (Score:5, Informative)
This is no different from anti-virus, because it WAS the Microsoft anti-virus tool that did it. A specific version of TOR in a specific hidden directory being part of the virus payload.
Talk of not owning your own computer is nonsense. You are free to not run AV software if you prefer. It would be a dumb move, but you are free to do it.
Re: (Score:2)
This is no different from anti-virus, because it WAS the Microsoft anti-virus tool that did it. A specific version of TOR in a specific hidden directory being part of the virus payload.
Talk of not owning your own computer is nonsense. You are free to not run AV software if you prefer. It would be a dumb move, but you are free to do it.
You know, I haven't seen a virus scanner log on any of my computers come up with any positive results since early 2000s, so maybe things have changed. However, the way it was done back then, and the way I assumed it was still done today, is that the anti-virus would flag the potentially malicious files, and then tell you in big red letters, "We detected virus blah. What would you like to do? Ignore / Delete / Quarantine"
In this mode of operation, nothing is being done without explicit user authorization.
Re: (Score:2)
Re: (Score:2)
You know, I haven't seen a virus scanner log on any of my computers come up with any positive results since early 2000s, so maybe things have changed. However, the way it was done back then, and the way I assumed it was still done today, is that the anti-virus would flag the potentially malicious files, and then tell you in big red letters, "We detected virus blah. What would you like to do? Ignore / Delete / Quarantine"
I don't know the way Microsoft Security Essentials does it, as I moved to the Mac a long time ago. But having the dialog you mention as a default would be a big mistake. 99.9% of users wouldn't know what to do, and it would be a pure fluke if they selected the most appropriate action.
Developers shouldn't delegate the hard decisions to users. They should work out the right thing to do, and do it. In cases where there is no doubt that this is a malware that might be to delete immediately. In cases where false
Re:Not sure how I feel about this... (Score:4, Insightful)
While the intention was definitely good, I personally would not want to use a machine that the could be remotely accessed in such a mannter.
Well you're in luck!
Using the Malicious Software Removal Tool is entirely voluntary.
Re: (Score:2)
While the intention was definitely good, I personally would not want to use a machine that the could be remotely accessed in such a mannter.
True, something like anti-virus software self-updating and removing a threat would be acceptable to most users. But this is more akin buying a car and discovering the manufacturer has a master key and a representative can come over and drive it around whenever he/she wants, and it's fully legal and you can't do anything about it.
In the end, for better or for worse, I think it's important that we actually own the devices we buy and pay for. Cases like this, and similar ones with Kindles and mobile devices remotely being accessed and modified or used to spy on us, are strong evidence that we do not. (I know that this particular case is not a big deal in of itself, but the fact that Microsoft can do what it did is not good news.)
How do you think Anti-virus software works if it doesn't have a "master key" to your computer that lets it uninstall any application it thinks is malicious?
Re: (Score:2)
Well, it's just that MSRT runs a
Re: (Score:2)
Well, it's just that MSRT runs and executes a find and destroy script. In this case, it looked for a special version of Tor that the malware installed in a special location and configured in a special way. That way it would not destroy legitimate Tor installations.
And you have the option of not running it, if you really wanted to - you still own the machine.
It's the same as if you set your Linux box to self-update - are the updates it downloads able to remove other software? Yes. In fact, it's expected during updates that new versions remove old versions. And sometimes they also remove other software that are no longer prerequisites.
Sure you have the option to not do it, just like you have the option to not run the update.
It's really no different on any OS - updates automatically apply and they can remove stuff at will too.
Probably the most interesting thing is that Apple, of all companies, has not actually shown the need to remove apps remotely. We know they have the capability to disable apps (only the ones using CoreLocation, though), and they have removed apps from the store. But they have not removed apps from people's iTunes libraries, nor removed the ability of deleted apps to run, period. As long as you have a copy somewhere, it can be installed on other devices using iTunes long after it's been removed.
Heck, even when Disney forced the removal of its movies from Amazon and iTunes, they still play if you have a copy on your hard drive! Which can be copied to other devices or streamed to your AppleTV just fine. It only screwed you if you didn't already have a downloaded copy.
Funny how the most "walled" of walled gardens hasn't yet needed to flex its abilities. Even Steam has removed games from people's libraries (granted, the game didn't work anymore, but still - people paid for the game, and Valve deleted it!)
Apple has stopped apps from working, which is the same from removing apps. Look at Siri on iphones from the 4 on down. It is apples to apples, and there are many others they have stopped.
Re:Anyone surprised? (Score:5, Informative)
Windows Update has doubled as Windows Remote Administration for years.
Microsoft using their security software (Microsoft Security Essentials and Malicious Software Removal Tool) to tackle a real security hazard, while leaving legitimate Tor users unaffected? The horror!
Re: (Score:2)
Except the fuckers crashed my machine when they pushed out the update.
Citation needed, since I recall no such major outcry. Your machine is probably one of the ones with 25 browser toolbars, or ten download accelerators, or fifty outdated browser plugins, or a couple of undetected rookits etc., which is usually the reason behind a security patch "crashing your machine".
And if Windows closed the app with unsaved work, you'd be here whinging that Microsoft destroyed your work. And if you really gave a crap, you'd go in and change the Windows Update setting from "Automatically i
Re:Exactly how???? (Score:4, Insightful)
Re:Exactly how???? (Score:4, Informative)
If you install their software then you are trusting them to have control over your machine. Your hardware is doing exactly what microsoft has programmed it to do. And every time you install updates, you are allowing them to install a new set of program code on your machine.
If you don't like it, run something else.
Re: (Score:3)
Re: (Score:2)
You don't need to be an auto mechanic to drive, and you shouldn't have to be a codemonkey to operate a computer.
Users should be entitled to take whatever the vendor says at face value without being screwed.
Re:Exactly how???? (Score:4, Interesting)
Exactly how does Microsoft gain access and remove software? Well I guess that means Microsoft has complete control of other people PCs. What kind of F@#$%^ up nightmare is this?
Well if we read the article
Since the Sefnit-caused Tor eruption in August, we have worked to curb this risk. In this process, we consulted with Tor project developers to help plan the cleanup. We retroactively remediated machines that had previously been cleaned of Sefnit but still had a Sefnit-added Tor service:
October 27, 2013: We modified our signatures to remove the Sefnit-added Tor client service. Signature and remediation are included in all Microsoft security software, including Microsoft Security Essentials, Windows Defender on Windows 8, Microsoft Safety Scanner, Microsoft System Center Endpoint Protection, and Windows Defender Offline.
November 12, 2013: Signature and remediation is included in Malicious Software Removal Tool and delivered through Windows Update/Microsoft Update.
Microsoft Security Essentials is a popular antivirus program that people tout as being a good free option to Symantec or McAfee. In this case it seems it did a good job of squashing a botnet. Malicious Software Removal Tool is an update that comes monthly, with Windows updates, that can be disabled or deselected if you wish. The idea is that "This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month. " So even if you don't use MSE or any other AV software, if you do updates, you will get the worst of the worst. Such as this millions infected with Sefnit.
No hidden remote kill switch. No evil. The security tools did what they advertized to remove a threat, while leaving legitimate Tor users untouched.
Re: (Score:2)
Re: (Score:2)
Well I guess that means Microsoft has complete control of other people PCs.
You mean, like they write software that oh... operates the system or something?
Re:Next... (Score:4, Insightful)
Upcoming:
MS deletes Firefox, saying it was used to infect millions of computers.
Microsoft only deleted the install used as part of Sefnit. They didn't disable legitimate installs, and they're not out to squash your freedom. From the blog:
http://blogs.technet.com/b/mmpc/archive/2014/01/09/tackling-the-sefnit-botnet-tor-hazard.aspx [technet.com]
The Tor client service left behind on a previously-infected machine may seem harmless at first glance - Tor is a good application used to anonymize traffic and usually poses no threat. Unfortunately, the version installed by Sefnit is v0.2.3.25 – and does not self-update. The latest Tor release build at the time of writing is v0.2.4.20.
Re: (Score:2)
By using an unconventional method to exploit Windows, the hackers unwittingly forced Microsoft to show a hand few knew it had: The ability to remotely remove progams en masse from peopleâ(TM)s computers, without them even knowing it.
Maybe the next virus needs to remove Windows from all of those machines.
hmm how hard would it be to write virus capable using windows update to install linux bsd etc on all of those unpatched xp machines
Re: (Score:2)
I dunno, how hard is it to compromise the official debian repository? And whats the budget disparity between the folks running Windows Update servers and the Debian repos?
Im thinking "hard".
Re: (Score:2)
The ability to remotely remove progams en masse from people's computers, without them even knowing it.
What the smeg do you think anti-malware software DOES day in and day out? Removing a program without impacting the user is exactly what these programs are supposed to do.
Re: (Score:2)
Re: (Score:2)
Had you bothered to read the article (Score:2)
you would realize how silly you look here.
You: "hi. come on in! Welcome to my home. Have a seat, make yourself comfortable...... WHAT THE FUCK? HOW DID YOU GET IN MY HOUSE??"
Re: (Score:2)
I don't want ANYBODY going into my computer. That's no different than breaking into my house, and stealing.
FUCK MICROSOFT
Microsoft Updates and anti-virus protection are completely optional. If you don't want anyone changing files on your computer, you ought to turn off WIndows Updates immediately, and don't run any anti-virus software.
It's a little more like hiring someone to fix your leaky windows, then accusing them of stealing after they replaced the moldy wood framing around the window when they put in the new one because you really loved that wood frame even if it was moldy and you want it returned.
Re: (Score:3)
RTFA? Or any of the dozens of comments above yours?
TFA is fucking garbage.
MSRT removed a specific version of Tor in a specific arcane/obscured directory used only by a botnet.
Re: (Score:3)
Isn't it illegal to secretly infiltrate a computer system and remove legal software from it?
Yes it is.
Fortunately, the software isn't exactly legal (it was illegally installed by a virus that is), and the machine isn't being secretly infiltrated (you get notified about the Malicious Software Removal if you look at the Windows Updates), so that's kind of a moot point.
Re: (Score:2)
Isn't it illegal to secretly infiltrate a computer system and remove legal software from it?
This looks real secret:
http://i39.tinypic.com/21kz7na.jpg [tinypic.com]
Re: (Score:2)
Re:Legal? (Score:4, Informative)
Yes, but that's not what happened here. If you read TFA, it was removed by Microsoft Security Essentials and the Malicious Software Removal Tool (from Windows Update) and it only removed a specific version of Tor installed in a specific folder. No legit install of Tor would have been in that specific folder.
If you don't want MSE, don't use it. If you don't want Windows Updates, disable it. Otherwise accept that you're giving some control over your system to Microsoft.
Re: (Score:2)
Ok Attorneys: Could this qualify for a class action suit to shut them down forever and burn them to the ground?
Short answer: No.
Long answer: No. And you need to actually read how it was done before commenting.
Re: (Score:2)
Uh what for? Removing a botnet,
Re:Cost of ownership (Score:4, Insightful)
Re: (Score:3)
Re: (Score:2)
Maybe it's punctuation:
White hats go to jail unless....your worth: billions of dollars.
Re: (Score:2)