Bubbleboy worm: BEWARE

Jose G. Perez jgperez at SPAMfreepcmail.com
Sun Nov 14 11:21:03 MST 1999



I think there are two main reasons Microsoft tends to make their
applications so vulnerable.

The first is windows. Contrary to popular belief, Windows 95/98 is a further
development of windows 386, 3.0 and 3.1, a 32-bit shell built on top of and
partly replacing the almost 20-year-old DOS operating system, which in turn
was copied from earlier Digital Research os's from the late 1970s. In other
words, Windows is built on the foundation of the very best technology that
was developed during the first generation of hobbyist personal computers,
and one of the things it means is that, fundamentally, there is no way to
provide security. Becuase of the DOS legacy ANY program can act as if it
owns the machine and do anything it wants with it.

Microsoft recognized that this was an outdated approach by about 1984 or
1985 and developed jointly with IBM a new operating system called OS/2,
designed to be secure from the ground up. By around 1990 or so, Microsoft
kept insisting that this was the OS of the future and developers should
write their apps to its interface, called Presentation Manager. But quietly
it was developing windows 386, which became windows 3.0, and Micoirosoft's
own applications group was writing to THAT interface, not the Presentation
Manager was.

The result was that when windows 3 was launched, only Microsoft had a full
suite of applications ready for it. Through their strong position in the OS
market, they made sure all new machines had the new windows, and basically
consolidated their OS stranglehold and established themselves as the top
application company at the same time. The price paid was carrying over that
first-generation hobbyist operating system design down to our day.

Now the ideal for Microsoft is for it to sell all of the software for a
given machine. It has been trying to do this by increasing the
inter-operability of its programs, as well as by integrating various parts
of them into the Operating System.

Now, ideally, an operating system should be as lean and stripped down as
possible. Moroever, ONLY the OS should be allowed to perform or authorize
certain functions, which makes it easier to implement security features like
only certain users being allowed access to them, requiring passwords or a
"dongle" (a hardware key) etc. That's just not possible with DOS.

More recently, web browsing software has been "integrated" into the OS along
with a lot of scripting and programming capabilities and hooks. Supposedly
that is to give all apps that wish to take advantage of it (i.e, all
Microsoft apps) HTML and JAVA capabilities. It also gives Microsoft a
fighting change to "pollute" those standards -- i.e., add on new,
non-standard "features" owned and controlled by Microsoft, so that code
written for the windows versions of these clients won't work with anything
else.

This was one of the thing that seemed to have caught the judges attention in
the antitrust suit, because, of course, by making this sort of thing an
integral part of the OS, you make the system more easy to hijack. And there
have been more than a few corporations that have wanted an Os with none of
these "features" for obvious security reasons.

The latest "worm," which enters into action as soon as you look at it in the
preview page of Outlook express, is new because it doesn't require the user
to even open the email file. This capability was absent in older versions of
the outlook and express program. Moreover, Microsoft's suggested "fix" --
setting security to high on Internet explorer -- shows how impenetrably
complicated Microsoft has made things. Its email programs, unknown to the
user, are really shells for other programs, like Word and IE, which in turn
are program development platforms in their own right and can be made to do
just about anything you want.

Behind it all in Microsoft's drive to screw its competitors and partners
even if it means opting for clearly older, inferior and riskier
technologies. As it makes the OS  more complex by annexing this and
incorporating that, and it is the interactions between all these pieces that
make Windows an ideal client for pranksters and malicious people.

Jose



-----Original Message-----
From: Paul Flewers <paul.flewers at virgin.net>
To: marxism at lists.panix.com <marxism at lists.panix.com>
Date: Friday, November 12, 1999 1:58 PM
Subject: Re: Bubbleboy worm: BEWARE


>Jose G Perez wrote: < A second interesting thing to note: Isn't it
>curious that this new worm has not been spotted "in the wild?" The ONLY
>place it is known to exist is in the labs of people who make money
>selling software to protect you against these dangers. Of course,
>there's nothing like a great new type of worm or virus to generate a few
>million dollars worth of free publicity for these companies, and to make
>many people feel like they have no choice but to either buy software or
>subscribe to the updates, thus generating millions of dollars in
>additional revenues for these outfits. >
>
>A bit conspiratorial, perhaps. A friend of mine whose computers at work
>became infected by a virus that set up bogus macro activities on
>Microsoft Word programmes got on to Dr Solomons to get a virus cleanser.
>The person at Dr Solomons said that Microsoft's programmes were too
>vulnerable to virus attacks, and that they had complained to Microsoft
>to this effect, saying that their programmes should be made more
>resistable to viruses.
>
>This begs the question why are Microsoft programmes so vulnerable?
>
>Paul F
>



---

Free computers.  Free Internet access.  I don't pay -- why should you?
Click on www.free-pc.com to get started today!









More information about the Marxism mailing list