Tech Biz  :  Media   RSS

Locking Windows' Backdoors

Declan McCullagh Email 08.26.99 | 3:00 AM
WASHINGTON, DC -- If you use Microsoft Outlook, be warned. Over a dozen bugs in Windows 98 let malicious virus writers and meddlesome peeping Toms view or erase any file on your hard drive.

At a computer security conference Wednesday afternoon, an expert demonstrated how malcontents can send apparently innocuous email with hidden commands that -- if opened using certain email programs -- will give an intruder complete access to a Windows computer.

See also: Same Hole, Different Exploit

"We've got some serious problems here, folks. We've got some really bad backdoors on the computers we have on our desktops," said Richard Smith, president of Cambridge, Massachusetts-based Phar Lap Software, who identified the person accused of writing the Melissa virus.

During his presentation at the 8th Usenix Security Symposium, Smith demonstrated some new security flaws he and his collaborators have identified in their spare time. One recently unearthed and not-yet-fixed Win98 glitch lets an email opened in Outlook execute any DOS command -- including reformatting your hard drive or uploading its contents to a remote Web site.

The solution? Consumers could switch to a non-Microsoft operating system. Another option, Smith suggested, is for customers to begin asking computer companies to turn off features that let email messages execute other programs.

"It's prudent to avoid systems in which we can have executable content," said Peter Neumann, the conference's keynote speaker and a researcher at SRI International. "There is no way you can have any assurance whatsoever that it will work."

Many of the problems security experts have identified stem from the design choices Microsoft made when developing Windows 95 and 98, which are much more vulnerable to intrusions than Linux, Unix, or even Macintosh systems.

One gaping security hole is Microsoft's complicated ActiveX technology, which lets remote Web pages or email messages execute programs that manufacturers claim are trustworthy. But sometimes they're not. With a little programming, a nefarious person can send email or create a Web page that activates Active X functions that delete files, modify them, or even send their contents to any address on the Internet.

As security experts have identified these flaws, Microsoft has tried to fix them, and Smith said some have been eliminated from early versions of Windows 2000. But the millions of people using current versions of Windows 98 and Outlook are still at risk, he said, unless they switch off ActiveX.

Not only Microsoft is to blame. Netscape has acknowledged security glitches in its browser. Unrepaired versions of Qualcomm's Eudora 4 let executable programs masquerade as links.

Computer makers, too, have been shipping buggy software. Hewlett Packard has included two ActiveX controls on about 5 million Pavilion computers, Smith said, that let HTML email messages opened in Outlook or Eudora take control of the computer. An intruder can silently insert a virus, disable security features, view documents, or crash the system.

Some Compaq Presario computers suffer from a similar security risk. As configured from the factory, the computers trust all applications provided by Compaq -- one of which can execute whatever program an email message orders it to run.

"Compaq gave every hacker in the world a way to run programs," Smith said.

To improve the security of Outlook, go to the Security tab in the program's Options dialog box and select "restricted sites zone." Then, in the Internet Options Windows control panel, go to "Restricted sites/Custom level" and scroll down and disable "Active Scripting."

Related Wired Links:

Another Privacy Hole in IE 5.0?

E-Commerce Sites: Open Sesame?

New NT Security Risk Uncovered

Microsoft Patches NT Hole

Msoft Bug Opens Site Secrets

MS Office Leaks Sensitive Data

Related Topics:


[ Aug. 2007  pcd ]