[Dshield] More on Windows Messenger from Yesterday's Dartmouth Daily Feed

Ed Truitt ed.truitt at etee2k.net
Fri Oct 24 15:09:13 GMT 2003


John Holmblad wrote:

> All,
>
> as a followup to prior discussion on the Messenger service in 
> Microsoft Windows here is a clip from yesterday's feed from  
> dailyreport at ists.dartmouth.edu. The most recent release of the AOL 
> "Fat Client" as well as the most recent release (7.1) of the AOL 
> Netscape browser have build in spam filtering support. I am just 
> getting familiar with it but  for the average end user it looks like a 
> very useful feature.

[snip]

> Cybersecurity experts have mixed reactions to AOL's
>    tactic. Bruce Schneier, chief technology officer for Counterpane
>    Internet Security says, "It's a very dangerous precedent in having
>    companies go into your computer and turn things on and off. From
>    there, it's easy to turn off competitors' services." AOL spokesman
>    Andrew Weinstein says customers have been giving positive feedback
>    to the move, and adds that AOL is closing a critical security hole
>    Microsoft disclosed a week prior.

[snip]

I think I am in agreement with Bruce on this one.  While this certainly 
could be a "useful feature", what if the next time that AOL had a 
vulnerability discovered in their software, MS released a patch to 
disable the service that software depended on - or just set something in 
the registry to prevent that software from running?  I certainly don't 
like the thought of vendors disabling features in software they didn't 
write - at least, not without obtaining the consent of the user/owner of 
the machine.  BTW, I would feel the same way if my ISP pulled this stunt 
- they can disconnect me from the network if I have a problem (it is 
*their* network, after all), but don't alter machine settings without my 
say-so. 

Also, FWIW (and to stir up the pot a bit), if AOL is actually altering 
the machine settings (other than those pertaining to their software) 
without the users' consent, could that not be considered "hacking the 
system"?  Maybe the FBI should get involved?  [sarcasm]Could this be 
*gasp* cyber-terrorism? [/sarcasm]

I don't use AOL, haven't for years... and this is one more reason I 
don't intend to.

-- 
Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."





More information about the list mailing list