Discussion in 'malware problems & news' started by ronjor, Dec 8, 2011.
I wonder if someone naming the app SOMETHING DIFFERENT or using a SMART FIREWALL would stop them from doing this?
"All your Windows 8 are belong to us"
It's quite clear that they'll have access to all of your data. If this isn't an admission of a backdoor, nothing is.
Sounds like nothing is.
Technically, it's a legal form of malware. Sorry, I call it as I see it. I'm sure the "company has rights to..." yada yada, arguments will come, but the argument doesn't change the fact. I'm also sure the "security" card will be played too as a rebuttal, but it's very easy to cross the threshold from security measure to "we just don't want you to have it".
Btw, it is not a backdoor. They come out and tell you to your face they're going to waltz right into your system and remove whatever they want to. A backdoor doesn't announce itself. It's also easy enough (from the little info we have so far) to avoid this crap..don't use the store.
It's official now. Windows is spyware by their own admission. This is more than enough to insure that I will never buy or use Win 8 and will never allow one to be hooked up to my home network. After this admission, I don't see how anyone who values their privacy could ever want to buy or use it.
Are we reading the same thing?
Apps bought through the Windows App store can be removed if they are illegal or malicious.
So not only do you have to have been using the app store (you can still install outside of it, obviously) but they also have to have a reason to remove it.
It's a walled garden approach, just like Android does it, just like Apple does it.
The fact that they can also remove data created by these apps shows that it's not limited to just the applications themselves. I'd be very interested to know the actual mechanism involved with this, if the user actually has to be visiting the "store" at the time, using Internet Explorer, etc. If this is done via the browser or an internet app not controlled by the user, it's a big exploit waiting to be used. As for their "reasons", anti-piracy and censorship (especially by authoritarian governments) come to mind right off.
I can't help but think about another thread here regarding the newer versions of Windows and the fact that it's difficult if not impossible to close all of the open ports without adversely affecting the OS.
This is akin to removing the appdata folder that programs create. It's not like if you had Word from there and they removed Word you'd lose all of your docs.
Isn't everything that touches the internet? This is like saying "Don't add Windows Update, it's a huge security hole." There will obviously be verification involved with these types of connections just as there are with Windows Update.
This may include antipiracy but I doubt it. We don't see that with Apple or Google. We do see Apple following what they call "quality assurance" which is iffy but google's stuck to removing only malware.
And again, this applies only to the app store. Users can feel free to not use it and install applications as always.
This was always the expected mechanism. If you're going to have a central repository it's a good idea to have a backup plan if malware gets into it and users start getting infections.
after reading this anyone else doesnt feel bad anymore about using the pirated version of windows?
disabling/removing the app store part of windows and firewall block every inbound connection from microsoft servers
Having the appdata folder removed would be just a neat and clean uninstall imo.
It would be nice to have more details on this though.
Having your music folder removed which contains your CD's ripped/converted to flac, because Microsoft deems the bought CD rip/converter program malicious is probably a worst case user scenario and perhaps very unlikely but the following statement leaves enough room to speculate on such scenarios.
"You are responsible for backing up the data that you store in apps that you acquire via the Windows Store, including content you upload using those apps. If the Windows Store, an app, or any content is changed or discontinued, your data could be deleted or you may not be able to retrieve data you have stored." link
Microsoft can expect numerous folks to view all their terms of service in a 'worst case/end is nigh scenario', whether that's justified or not.
They could have made it a bit easier for themselves by explicitly stating that such data (music, docs etc) will only be removed after having acquired user consent.
They can count on me. I'll buy Windows 8...
I got a few questions, if you don't mind my inquisitive mind.
1. What does Microsoft consider illegal? Or, will Microsoft consider illegal what others deem to be illegal?
2. If it's illegal, then why did (in the future) Microsoft allow such app to be sold on Windows Store?
3. If what I mention in point 2. happens, then it means Microsoft failed the task to ensure the app is legit. Right?
4. What does Microsoft consider malicious? An application infested with malicious code? But wait, isn't this what Windows Defender is suppose to do, protect users against malicious code?
Sorry, but I don't accept the idea that Microsoft ponders to REMOVE applications that I decide to install, and that I got them from Windows Store, just because they deem something to be illegal or malicious, according to their own definitions of what is illegal or malicious.
Again, isn't that what Windows Defender (old MSE) is suppose to do? It will come as part of Windows 8.
I'm still failing to see how this "kill switch" has anything to do with malware protection.
If Microsoft finds that a Windows Store application is malicious, then issue updates for Windows Defender to alert the user and/or remove it.
You're just going to get the "company can do whatever it wants, so don't use it or follow their rules" reply. What this "store" is going to end up being is the same thing the Apple store is now. "Illegal and malicious" will in time end up as "whatever someone else may find offensive/doesn't like". These "walled gardens" are a subtle way of controlling content.
I'd just like to add the following.
I fear this kill switch thing may be nothing but a backdoor for something else... Why do I say this? Quite simple.
There's a been a lot of fuss about Certificate Authorities, because they DON'T DO their work as they should. Or, in other words, they FAIL TO VERIFY to whom they are issuing the certificates. A digital signed application or website doesn't mean, in a very direct way, that these software vendors or website owners are trustworthy people. You're rather TRUSTING that the CAs did a proper background check on who these people are. Who they really are.
But, they fail to do that.
What Microsoft should do with Windows Store is precisely what CAs fail to do. Microsoft SHOULD verify who these software vendors are. We SHOULD be able to TRUST that Microsoft is doing what is suppose to, for this Windows Store.
If Microsoft makes sure this trust chain isn't broken, then there's no need for such backdoor, is there? I don't think there is, provided that Microsoft does a proper background check on who these people are.
But bashing Google is more fun
Yes there is a need. Microsoft attitude is worth of high praise and you guys just aren't getting it.
What if trusted people suddenly start acting maliciously after being corrupted by money - making malicious software very hidden in their available apps on the store? Microsoft should have a way to protect its store's users from potential abuse.
Stop deliberately misinterpreting Microsoft, folks. It's getting really old and isn't fun anymore.
Talk about not getting it. The entire point just flew past your head.
You can philosophize all you want but I think I got the real point unlike others.
Lol, I didn't know that short little post of mine was so philosophical...why thank you Look, the entire complaint is that it's not going to just be used for malware incidents. The system is one thing, how that system is used is quite another. You say it'll protect users from "abusive providers"..well, what about Microsoft themselves, what about any other group that complains they don't like a particular app? What protects the user from that?
I guess Microsoft made it very clear for what purposes it will use its system on its store:
Which quite clearly does spell it out: "We can do whatever we want". The nice thing is, again, we can stay the hell away from the store. Its system and its store can do whatever it wants. But not on my device
Separate names with a comma.