Who's discussing the topic? Before you started talking about it, everyone was complaining about how dice is using /. to funnel clicks their way without adding any meaningful content.

If you don't mind, could we get back to dice bashing? It's more informative, insightful and entertaining than reheating the topic for the 5th time in the past 14 days.

Of course. Sure. Absolutely.

When you sell weapons, you accept that there is a pretty good chance that they will be used for something a normal person would consider "evil". Claiming it ain't so either means you're lying or that you should not do business. Like, ever. And hand your effects over to a custodian. Because you're very blatantly unfit to understand how the world works.

What did you expect your customers to do with the knowledge about unpatched, unknown 0day exploits? Make a funny little collection to show around to their friends?

"Hey, Fred, look what I got! It's a genuine 0day that MS doesn't know about yet. Ain't it cool? Huh? No, why would I use it?"

Seriously, what did you expect?

There already is one. Tax rebates.

Us unmarried folks get to fuck anyone we want, you marrieds get to keep your money and the married ones that want both have to accept the risk.

Sounds pretty fair already to me.

And as soon as my local chain cures cancer, you actually have a point.

I usually buy the store brand, simply 'cause it's cheaper and works as well as any more expensive stuff. Whether ads work on me or not I can't really say, but then again, I'm not the kind of person who buys a lot.

No, he isn't.

At least I've never seen him at any meeting.

The difference is how easily it can be avoided and spotted.

A remote desktop connection is easily to spot and avoid. Even despite the horrible mess the MS RDP is from a security point of view. For a RD connection, I first of all have to reach your computer from the outside world. Meaning, I have to initiate the connection. Something that already fails to work on most private setups, let alone corporate networks. I would usually die no later than the router (in a private setup) or a relevant firewall (in a corporate one).

Assuming that I somehow manage to actually get a connection going, this connection is interactive. I would have to stay connected for as long as I wish to view the attacked computer. Something that could probably be tricky when sensitive data is being manipulated, a time when probably additional care is taken to ensure only valid and known connections are allowed.

All in all a scenario that needs very sloppy security on the attacked end.

Compare that to an attack where I record what I wish to see (with a planted trojan, something that probably would have to exist for the former attack to work as well since RDP, despite its insecurities, is usually not configured to be free for all). It would start recording when a certain tool is being run or a certain webpage is being viewed in a browser. This recording is then stored in a "secret" location, most likely somewhere in the user's documents or his %appdata% folder where he has read/write access without elevated privileges, which is also something you cannot easily deactivate due to programs needing to write data in those areas constantly.

The transfer happens when the user next time connects to some server I either control or when I can estimate that opening a connection to my C&C server would go unnoticed (like when he is doing an update for his system or programs, any time large amounts of data are being transferred qualifies). Preferably of course when he is sending bulk data but in general as long as I can somehow assume that security is not as tight as during the critical use (i.e. what I wanted to record) would do.

That's what makes the mess more dangerous.

Trust is something that is gained hard and easily lost.

Give me one good reason why I should assume that MS has the security of my data in mind and would not instantly and without thinking twice hand it over to anyone willing to throw money or the book at them.

Because a constant interactive connection is a tad bit obvious?

But sending some recordings while you're, let's say, downloading updates...

Wanting total access to our data IS a terror plot. By the very definition of terrorism. Using fear, violence or threat thereof, blackmail or other threats to change a political system or use the aforementioned methods to keep the current one in effect is basically what terrorism is about.

We all can! All it takes is the invisible hand taking bribes to hand out the keys.

If it's your right to shove advertising in my face, it's my right to punch your nose for being an obnoxious asshole. Deal?

That may all be true, but it doesn't change the fact that I will not buy tampons any time soon (and if, the female wanting them will probably already tell me what brand to get her). I will not buy a new car any time soon. And for most of my actual shopping needs, it's the store brand that will win the battle for "which detergent is it gonna be?"

So while that $brand potato chips ad will probably succeed in me wanting chips, it has a rather low chance of me buying $brand chips.

Free spirits are dangerous! They are unbound and unfettered and should not be dealt with by the uninitiated!

You may already have heard (and if not, allow me to clue you in) that it usually takes a little more training to deal with open source spirits (OSS). They can be a bit more fickle and there are not as many people about who have had professional training with them (simply because the commercial world is still a bit wary about them, at least in an environment where they would have to be dealt with by uninitiated personnel, they are much more common in back office areas where only trained handlers are employed).

But they have that unparalleled advantage that you can shape them to your needs. That of course takes a lot of training since clueless manipulation may lead to daemons that act as if they did what they should but instead you may end up with dangerously unstable zombies.

And of course I offer consultation in this areas as well. Rates are available at request.

We won't reach an agreement here and I am tired discussing with you. Live your life and be happy. In the end, we'll probably find out who's right. And if not, so be it.