Do you have a source for that. It doesn’t peek around my computer a little and/or send back any telemetry? I’m being serious, I’d like to know.
I had to install Zoom in school in 2014, I ended up uninstalling it the next week and reformatted after the quarter. I’m with Apple here. It’s shit insecure non-consenting software that wastes battery 99.99% of the time.
This is a good point; we shouldn't act as though users are necessarily making an informed choice or meaningfully consenting to all the software that's on their computers. Lots of people are forced to install software at economic gunpoint (and probably can ill afford a separate computer to isolate it on).
You can't depend on users and the marketplace to select against insecure software. The market is too distorted to function that way; the people forcing others to use shitty software are often isolated from the consequences themselves, so there's no effective feedback loop to stop it. Having the OS vendor step in is really the only good solution in the short term.
The part that freaks me out is you can’t uninstall it.
“The undocumented web server remained installed even if a user uninstalled Zoom.”
I’m not sure if this is common. Sony got caught with their XCP rootkit (I’m not sure if they called it this at the time) you had to fill out a “uninstall request” form on their site with your email and location. I’m not sure if the uninstaller fixed the vulnerability.
So maybe a rootkit might describe this if the vulnerable webserver is privileged. In Sony’s case, the side effects were unintentional (though their history with DRM is egregious). I think Zoom is just polluted MVP in production.
Most of the insecure software that I run has enough grace to not silently leave behind a web server to automatically re-install itself after I dumped it in the trash can.
This is a horrifying bug. Is Facetime malware? Or do developers with earnest intentions sometimes write buggy code?