

Microsoft Remotely Removed Tor Browser Bundle from more than 2 Million Systems - i-hacker
http://blog.insecure.in/?p=1373

======
DangerousPie
Extremely misleading headline.

According to the article all they did was remove some malware that happened to
contain Tor. And from the sound of it there was no 'remote kill switch' or
anything involved, they just added the malware to their MSE antivirus
definitions which subsequently removed it.

Update: Yup, that's what they did. Here is the blog post:
[http://blogs.technet.com/b/mmpc/archive/2014/01/09/tackling-...](http://blogs.technet.com/b/mmpc/archive/2014/01/09/tackling-
the-sefnit-botnet-tor-hazard.aspx)

~~~
tmikaeld
I was just about to comment on the same.

Sensationalist headlines doesn't really work that well on HN.

------
kennu
According to Microsoft's own blog post
([http://blogs.technet.com/b/mmpc/archive/2014/01/09/tackling-...](http://blogs.technet.com/b/mmpc/archive/2014/01/09/tackling-
the-sefnit-botnet-tor-hazard.aspx)), they specifically removed a non-self-
updating version of Tor, which was installed by the Sefnit malware. This
version of Tor contained a number of security vulnerabilities which would
otherwise be left on the victim's computer. They also consulted Tor developers
to plan the cleanup.

(Copied my comment over from
[https://news.ycombinator.com/item?id=7095429](https://news.ycombinator.com/item?id=7095429))

------
gmuslera
What happen when they "have" to do it because policies like this one?

[http://www.zdnet.com/irish-td-attacks-open-source-
browsers-a...](http://www.zdnet.com/irish-td-attacks-open-source-browsers-
anonymous-networks-7000025224/)

