> > they actively bypass the security control on the host-system where it is installed - this is literally what malware does
> it is not equal to malware. It is what malware does, which is an important distinction.
That's not an important distinction at all. It's like saying "Ooh George talked to Mary when they were alone in the elevator. That's what rapists do", and then later defending it by saying "well, I did not say that George is a rapist".
I agree with the remainder of your comment, fair point. I think your initial comment would've been stronger if you had used the "no place in an enterprise network" argument instead of the malware comparison.
> That's not an important distinction at all. It's like saying "Ooh George talked to Mary when they were alone in the elevator. That's what rapists do", and then later defending it by saying "well, I did not say that George is a rapist".
Installing an HTTP server on your client to bypass security control is not talking to Mary in an elevator. It's following Mary home, and making a copy of her house key.
> it is not equal to malware. It is what malware does, which is an important distinction.
That's not an important distinction at all. It's like saying "Ooh George talked to Mary when they were alone in the elevator. That's what rapists do", and then later defending it by saying "well, I did not say that George is a rapist".
I agree with the remainder of your comment, fair point. I think your initial comment would've been stronger if you had used the "no place in an enterprise network" argument instead of the malware comparison.