Microsoft wages war on Sefnit

* UPDATED 29 January 2013:  A Microsoft spinner said: “Microsoft Malware Protection Center has protections to remove the services started by the Sefnit malware, but it does not uninstall Tor, remove any Tor binaries, or prevent users from using Tor.”

Software giant Microsoft has the power to remove Tor from users’ machines and the signs are that it has already done so.

According to Daily Dot, in August 2013, the Sefnit malware protected itself using Tor and Vole remotely removed programs en masse from people’s computers, without them even knowing it.

As it turned out, using Tor in this way was a mistake because it inflated the number of Tor users so much there was a fear that the network would crash. However, the fact that Vole had the ability to kick Tor off machines is a little worrying.

Developer Jacob Appelbaum said in a speech at the Chaos Communication Congress in December that it means that if you are using Windows and trying to be anonymous it is a bad idea.

Writing in his bog  Microsoft’s Geoff McDonald said that leaving the Tor clients installed posed a severe threat to infected machines. He said that the problems were the older versions of the software and not the up-to-date versions.

To be fair to Vole, it had stumbled on a unique characteristic of the Sefnit malware that it had a tendency to install Tor into a location that almost no human user would. Microsoft zeroed in on that location, and killed off millions of Tor clients.

Andrew Lewman, Tor’s executive director, told the Daily Dot he was not losing much sleep over it.

While it is no small thing that Microsoft has the ability to reach into certain Windows installations and tear out the parts they deem dangerous, Lewman says there’s little to worry about in this case.

It sounds scary until you realise users opt-in for the most part and agree to have their OS kept ‘secure’ by Microsoft, Lewman said.

Besides,  a big chunk of Tor users would not touch Windows with a barge pole.