by ZKboi
Thinking twice before using MS products …
December 22, 2001 in Featured by ZKboi
Trust or distrust
These days there is a huge gap between trust and distrust. You cannot trust your house to be 100% safe anymore, you are not safe of getting robbed or hit on the back so somebody can have your money. Not only your house or you can be
insecure but your computer can be insecure too.
Unwanted people (hackers) could be watching every move you do on your PC, right now. They could read, alter or destroy your files, your personal data. Your passwords and your VISA card number is not that safe anymore on a insecure computer!
Currently there are dozen of utilities that can be used to log keystrokes, so every password or VISA card number or even any private information can be logged and sent to somebody who is your neightbour or somebody who lives 5000 miles from you away. People can virtually stalk you, you can have a hacker watching all your (private) mails and documents and gathering all kinds of information about you.
A lot of these insecurities can be found in Microsoft products. I am using Windows 98, without outlook, without Exchange, without Internet Explorer …
Currently I am sending x-mas cards to friends. All of these friends using Outlook are sending me the Badtrans virus back. If I would be using Outlook I would be infected as well and spread the same infection over and over until the worm has infested a dozens of addressbooks!
Why am I not running Windows 2000, ME or XP you might ask? Because I do not want to have my system infested with worms, virusses and trojans. I do not wish people to see what I am currently doing and I do not wish my personal data to be transmitted to somebody who I (might) not know.
Windows eXPloited
For example, Windows XP, the product that extends your view to a green landscape with fluffy clouds is not so safe afterall. By installing it on your PC without patching the software will give ANY hacker out there access to your PC without any limits! There are 7 million copies sold in 14 days, how many people are vurnerable and having a backdoor to their PC? This hole affects versions of 98 with XP file sharing and all versions of ME as well! (msnbc | nipc.gov)
Next to that, XP is slower on my 1500mhz PC than Windows 98 is on my 400Mhz!
Fixes
Microsoft does make fixes for such bugs, though the last half year there are so many bugs on their products that a normal household having a PC running Microsoft’s products will not patch their PC every 7 days! Hence, most of these people do not even know what a patch is.
The vault with the backdoor
You can best compare this with a heavy-guarded vault. The doors are locked with magnetic cards, 2 guards standing next to the doors, cameras watching all over the place. You walk from the entrance to a portal, from the portal you get authenticated to enter a hallway and you go with two guards to the vault which gets opened with a magnetic card and a code.
Now… there is a small backdoor TO the vault, without cameras, without code, without guards watching this backdoor – where you can enter at will. Is the content safe without prying eyes in this vault? NO!
Surfing could be bad for PC health
Not only XP is buggy though. If you are browsing the web you could be attacked too. By entering a malicious website a trojan or worm can be downloaded and executed automatically. You will not know your PC is infested with a trojan or worm and you will be spreading it to your friends in your addressbook without you knowing it.
Even worse, a hacker could be gaining access to your system doing whatever he wants, with your PC and your files!
If you are using Internet Explorer you could be attacked without you knowing it.
This browser contains code that can automatically execute malicious programs.
Who says paper mail can be dangerous?
If you are using Outlook or Exchange you could be in the same boat … These days you cannot trust attachments from your own friends anymore. Whenever I get a e-mail with executable attachments I do not run them… why? because I cannot trust these attachments. My PC could be trashed completely, all my files could get deleted or I am getting watched by somebody I might (not) know!
Outlook has code that also executes attachments automatically, so you do not even have to click these malicious programs, Microsoft will do it for you! You can be misguided because of double extensions. A lot of worms out-there distribute with double extensions, like trojan.gif.exe. On Outlook you might only see “trojan.gif…” which looks like a image but is in reality a executable file trashing your PC.
Office work could be spreading bugs
If you think we are finished … there are still the famous Office virusses. Whenever receiving a document from a co-worker it could be having a virus. The same for Excel and the other programs that use macro’s.
Service …
There are Windows NT servers running on the Internet that are still not patched. The most system administrators need to be looking at mailinglists alike Bugtraq and Microsoft bulletins to stay informed. To be having a secure system you should check atleast once a day or the server could be exploited. Many of these administrators have registered their products with name, address and even e-mail address but do not receive any information about a new exploit or a CD with security fixes on it. Not all people do check Microsoft’s security bulletins ya know!
These days Microsoft has a new rule that vurnerabilities may NOT be posted on such lists anymore. This creates problems because hackers might be already exploiting your system or any NT server on the net without their administrator knowing about it or even having a fix for this!
alternatives ..
There are alternatives though, if you are using Windows you should stick to the older versions. It seems to be policy at Microsoft: the higher the version, the higher amount of bugs!
- That’s why I use Windows 98. For my servers I use BSD and Linux, because they are a lot more reliable than Microsoft products.
- for E-mail I use The BatIt does not automatically start malicious programs and it is pretty secure with trojans and double extentions.
- for surfing the web I use Netscape as browser. There are also alternatives like Opera, Mozilla and others.
- I use AVP as virus scanner.
Why to use Microsoft products?
I use Microsoft products like Windows because they have (good) working programs, Office and other programs are the most used programs. I could use alternatives like StarOffice etc… though they are not completely compatible with the so-large population using Windows. For a business you also need to be in line.
Most people are used to Microsoft products, but the suggestion here is – do not be TOO used. If Microsoft is implementing their code in other products (like a EMC diskarray) with such security risks, reliability could get chaos. A hacker can take the exploit-du-jour and hack into such products without any hesitation bringing a entire company or even government network down. Could you imagine the chaos this could create?
The financial world survived the WTC crash through reliability. They had realtime copies (mirrors) of data kept
on other locations. What would have happened if a hacker with the exploit-du-jour would hack such data-recovery centers? chaos!
Do you believe every commercial?
Microsoft made their press-articles that their new product(s) did not suffer from buffer-overflows while the last year there have been dozens of buffer overflows reported on the net!
Such marketing is very great but where is the reality? How long does it take before people really start seeing that there are problems with such products?
Windows XP was billed as most secure ever, while it is having open gaping holes waiting to be infested with hackers!
Bottom line … People trust their products too much. Some people are spreading trojans like hell, some of them do not know what is going on and just leave their PC turned on connected to the cablemodem; while hackers can fest on the PC by using it to hack other people.
Usefull links
Windows XP not so secure! (washingtonpost)
Microsoft issues Windows XP fix (wired)
FBI urges extra caution with XP bug (msnbc)
XP uPnP bug advisory (nipc)
Microsoft To Plug Devastating Browser Download Hole (newsbytes)
Description of Welyah WORM (datafellows)
Description of Sadmind WORM (datafellows)
‘Goner’ Virus Infects Businesses (iwon)
The Bat e-mail client (ritlabs)
Netscape browser
Opera browser
The blue nowhere (book about a hacker-murder colleting info …)
F-secure (AVP)
Slashdot a good news portal!
