Does the Government have a backdoor into your computer?
Recently, an article on PC World about thwarting botnets,made a curious statement: "The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows."

The article went on to state:
"Microsoft security experts analyze samples of malicious code to capture a snapshot of what is happening on the botnet network, which can then be used by law enforcers, Cranton said. "They can actually get into the software code and say, 'Here's information on how it's being controlled.'"

While doing some research on this, I ran across this Article that raises some interesting questions:

 First in my mind is the question of whether the DETAILS of the reporting mechanism built into Microsoft's Malicious Software Removal Tool are reported accurately on Microsoft's Download Site The site states:

"Reporting component:
The Malicious Software Removal Tool sends information to Microsoft if it detects malicious software or finds an error. The specific information that is sent to Microsoft consists of the following items:
• The name of the malicious software that is detected
• The result of malicious software removal
• The operating system version
• The operating system locale
• The processor architecture
• The version number of the tool •
 An indicator that notes whether the tool is being run by Microsoft Update, Windows Update, Automatic Updates, the Download Center, or from the Web site
• An anonymous GUID
• A cryptographic one-way hash (MD5) of the path and file name of each malicious software file that is removed from the computer
If apparently malicious software is found on the computer, the tool prompts you to send information to Microsoft beyond what is listed here. You are prompted in each of these instances, and this information is sent only with your consent.
The additional information includes the following:
• The files that are suspected to be malicious software. The tool will identify the files for you.
• A cryptographic one-way hash (MD5) of any suspicious files that are detected. You can disable the reporting feature. For information about how to disable the reporting component and how to prevent this tool from sending information to Microsoft, click the following article umber to view the article in the Microsoft Knowledge Base"

If it is TRUE that the tool PROMPTS you for info, and you say no ( although I do admit that most John Q. Public coputer users will probably say "Yea, ok..sure Microsoft, help me out here" and click yes to the prompt), does it still do what the article in PC World states:
"Analysis by Microsoft's software allowed investigators to identify which IP address was being used to operate the botnet,..."?

There is an easy way to find out, which I will do in some tests I plan on running later, namely, downloading the tool and running it on a system that is infected with the known malware the tool reportedly scans for, run a port monitoring tool that will allow you to see what traffic is going into and out of your computer, clicking "No" on the prompt, and monitoring the port monitor to see if traffic is generated to an outside ip address after clicking no.

Personally, I don't use the tool, and remove its automatic inclusion from Windows Update on all computers I manage simply because the tool itself a non-essential update, third party tools like Spybot Search and Destroy are more comprehensive and effective that the Malicious Software Removal Tool is.

Nevertheless, questions remain:
Did Microsoft purposely hide the fact that it discloses the information reported by the tool to law enforcement?
Should law enforcement have access to your computer information?
And one of the best questions I've seen so far, from the article on Iniltrated.Net: :

"How about the potential to give Microsoft a warrantless order to discover who doesn’t like a President’s “health care plan”, or who is irrate and whatever policy; Will Microsoft sift through a machine to retrieve relevant data to disclose to authorities?"

You decide, John Q. Public: Do you want this tool on your computer????

Check out this cool new App from Microsoft!

 

IF you are planning on installing Windows Service Pack 3 for Windows XP, DON'T!  Once again, Microsoft has released an upgrade/service pack without testing appropriately and causing end users all kinds of frustration and issues, making some PC's unusable and unable to boot.
Here is some reading for those interested:
Continuous Reboots Plague Windows XP SP3 Users
Windows XP SP3 Creating Havoc
Problems with XP SP3 and your AMD-based computer?
Don't say I didn't warn you!