When a virus strikes, the first line of defense is antivirus software. But when a botnet is running wild, things aren’t quite as simple. In the middle of last year, millions of computers around the world were infected with Sefnit malware. Communicating over the anonymizing Tor software automatically downloaded and installed by the malware, Microsoft had a battle against a huge botnet on its hands.
The company took an interesting, and ultimately very effective, line of attack against the botnet. In addition to remotely removing the malware itself from as many computers as possible, Microsoft also wiped out copies of Tor in a bid to stop the malware from communicating and spreading.
It was possible to identify which machines had Tor installed by the malware -- rather than those whose owners had purposely installed it -- by detecting which folder it had been installed to. Tor can be installed anywhere, of course, but most people stick to the default folder, or use one of a few common variants. When installed by malware, Tor was installed in a strange location.
In this instance it was very helpful that Microsoft could detect the presence of a particular piece of software and remove it from computers without the owners being aware of anything that was taking place.
How do you feel about this capable of Microsoft? It is worrying or reassuring that the company is able to remove software from your computer? Looked at in terms of malware, few people would have a problem with having their system protected for them, but Tor also has plenty of legitimate uses -- it is fair to have software uninstalled without consent?
source:The Daily Dot ◄■
there is a very good video presentation here that is very interesting, and Yes I did watch it...sys-admin
