[fyodor at insecure.org: C|Net Download.Com is now bundling Nmap with malware!]
owen at delong.com
Tue Dec 6 12:50:40 CST 2011
On Dec 6, 2011, at 10:30 AM, andrew.wallace wrote:
> On Tue, Dec 6, 2011 at 4:48 PM, <Valdis.Kletnieks at vt.edu> wrote:
>> On the other hand, just being Fyodor is sufficient to get him taken seriously.
> It could be argued that Nmap is malware, and such software has already been called to be made illegal.
> If I was Cnet, I would stop distributing his software altogether.
> Link: http://nmap.org/book/legal-issues.html
That's a stretch. Malware generally, IMHO, means software which does something other than what it claims to do.
I don't believe that nmap does anything other than what it claims. I understand you may not like the idea of having such a tool available to users of your network. Personally, I'd rather that the users had access to such a tool than live without it myself. Kind of a double-edged sword, I know, but, nmap is a tool. In and of itself, neither bad nor good. Malice is in the intent of the user.
This distinguishes it from malware in that with malware, malice is in the intent of the author and not the user. Malware, once installed, does what its author wants it to do regardless of the intent of the user.
Sure, you can do things with nmap that are at best antisocial and at worst potentially illegal.
I can do things with a Bowie Knife that are as well.
However, used properly in the right context, both can be very useful tools.
I don't think we should outlaw either one. Then again, I'm rather liberal in that regard. I believe that we should not ban something if it has both legitimate and nefarious uses, but, rather, should only ban those things which pose a public hazard and have no legitimate use.
I suspect that he would rather Cnet stop distributing his software altogether than do what they are doing.
I appreciate the warning and have stopped using CNET as a result.
More information about the NANOG