~BD~ <BoaterDave@hot.mail.co.uk> wrote in news:
_oWdnRiF_bM2hEPWnZ2dnUVZ8madnZ2d@bt.com:

> FromTheRafters wrote:
>> "~BD~"<BoaterDave@hot.mail.co.uk> wrote in message
>> news:8aydnQR6ar0tr0DWnZ2dnUVZ8oKdnZ2d@bt.com...
>>> FromTheRafters wrote:
>>>> "~BD~"<BoaterDave@hot.mail.co.uk> wrote in message
>>>> news:156dnS2rcsGUg0HWnZ2dnUVZ8o6dnZ2d@bt.com...
>>> [...]
>>>>> *What if* ....... ?
>>>>>
>>>>> One or more of those 'trusted' malware cleaning forums (or even a
>>>>> trusted software programme) could, surely, download such a
programme
>>>>> onto a user's machine so that, forever afterwards, whatever is done
>>>>> on
>>>>> that machine may be monitored by an outside agency.
>>>
>>> Thank you for responding FTR!
>>>
>>>> That's not very likely,
>>>
>>> But .... *I* believe that it is *possible*!
>>> ********
>>>
>>> As I've said elsewhere ..........
>>>
>>> "What a super ruse it would be, eh? - to clear a machine of everyone
>>> else's 'nasties' but then, perhaps, leave their own package installed
>>> on the user's machine. No one would ever suspect, would they?"
>>>
>>>> such a trojan would soon be discovered and dealt
>>>> with - very bad for the 'trusted' source's reputation.[...]
>>>
>>> Now this is where we seem to have a *real* difference of opinion,
FTR!
>>>
>>> Just *who* would discover such covert malware. With today's high-
speed
>>> and powerful machines a *user* is highly *unlikely* to discover that
>>> they have become part of a botnet! If their /cleaned/ machine is
>>> performing *better* that it had in a long while, why would the *user*
>>> suspect anything untoward?
>>
>> Bigger picture:
>>
>> Remember the quote about how you can fool some of the people some of
the
>> time, but you can't fool all of the people all of the time?
>
> “You may fool all the people some of the time, you can even fool some
of
> the people all of the time, but you cannot fool all of the people all
> the time.” Abraham Lincoln
>
>> Malware like
>> that relies on the first part of that quote. It doesn't care about the
>> second part because there is no shortage of fools. Such software does
>> eventually get discovered, but usually cannot be traced back to a
single
>> source - there are many sources and they change location often. If
>> someone has a *real firewall* then this type of commercial malware's
>> activities can soon be discovered.
>>
>> So asking "who would" is the wrong question - the individual is
>> insignificant in comparison to the whole. Instead you must ask
yourself
>> if *anybody* would discover the hidden function, and what that would
>> mean to an otherwise legitimate (contactable) business.
>
> OK. Let' use an example.
>
> I do not consider Aumha.net to be a business (do you?)
>
> Let's say someone goes there for the cleaning of their machine and all
> seems to go to plan. Is there *any* company/organisation which makes
> random checks on such 'help' sites to ensure that nothing untoward,
> along the lines which I've described, is happening - to ensure that
they
> are *not* compromising the machines of naive 'customers'?

Not that I know of; re: company organization which does random audits
(checks if you prefer). However, if aumha.net or another company were to
do such things, news would spread.

Ya see BD, at some point, a professional will checkout the site; and upon
the company doing something nasty, eventually they'd be caught and surely
publically humiliated.

You just can't get away with dropping nasty code on peoples machine;
eventually the cat will be out of the bag. You never know what person may
visit the site and you can't always determine the persons skilllevel.

So your theories really have no basis in the real world. It's just not
possible for someone to dupe everyone, BD.

> Perhaps you are. I meant that an outside agency may do whatever they
> wish - whenever they wish - with the owner of the machine being
> completely unaware of the 'intruder'. This may only be achieved if the
> user can still carry out whatever he/she wishes to do and does not
> become suspicious in any way.

And again, such tactics would eventually land on the wrong machine. Say,
mine for example. My curosity would force me to go digging and
eventually, I *would* find the modifications. Many other experts would as
well. A blog site would appear, further experts would examine the site
mentioned and it would just go south for the site/software owner/creator
from that point on.

In a way, checks and balances which is what you seem concerned with do
take place on a daily basis.


--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior