From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Sat Aug 11 2001 - 09:32:27 MDT
Terry W. Colvin wrote,
> There' a good opinion-piece on the future of the internet, by Bob
> Cringely.
> < http://www.pbs.org/cringely/pulpit/pulpit20010802.html >
The real problem with Microsoft is that their e-mailer automatically runs
software some anonymous person sent you in e-mail without asking. All these
viruses could easily stopped if Microsoft would just pop up a window and
say, "Unknown person just sent you an unsolicited program that wants to make
unknown modifications to your PC. Do you want to run this program? [Yes]
[No]" But Microsoft doesn't want to do this because many of their programs,
such as Microsoft Project, use these remote-control programs to make updates
on different PCs from a central location without bothering to include any
security to make sure the instructions come from a trusted source.
I agree with Cringely that virtually all viruses and worms on the Internet
are specifically Microsoft backdoor viruses. Holes in Linux and other
operating systems are closed when they are discovered. Only Microsoft
insists on keeping these holes open. I use their products, but I don't know
why they don't apply a little security to them. It is not that difficult to
do.
I disagree with Cringely that allowing access to raw sockets is dangerous.
All this means is that networking software is easier to write under Windows.
Instead of limiting network access to secret system calls that only
Microsoft engineers know, they are now allowing other software vendors to
write networking code for Windows. This will allow new network software to
be written. Some of this software may be in the form of viruses or worms.
Saying that this is dangerous is like saying making PCs easier and faster is
dangerous, because hackers would then have easier and faster tools. This
enhancement to the Windows Operating system is a generic improvement to make
networking programming easier. This is almost a Luddite position. He
seems to say that improving network access will help hackers more than
nonhackers. Windows become the "perfect little virus machines" merely
because they are becoming easier to program. We already have this ease of
network programming on Macintosh, OS/2, Linux and other Operating Systems.
Only Microsoft had previously tried to block programmers from accessing
their own PCs. We haven't seen those other platforms becoming hacker
favorites.
I predict that Microsoft e-mail backdoors will remain the most commonly used
attack vector. There is nothing really new in Microsoft XP that hackers
don't already have if they wanted.
As for the universal ID idea, we already have this. Virtually every user of
the Internet connects to their ISP with a username and password. ISPs keep
records of all user activity for planning and billing purposes. This system
is already in place. Hackers may be able to work around this system or any
new system of identification. Cringely's scheme for the future doesn't
really change anything. The same is true for his plans to restrict access
to the network. We already have Zone Alarm and other personal firewalls.
Besides any hacker that we are trying to restrict could hack their own
machine's security to get access to their own hardware.
Cringely's call for new protocols, APIs, interfaces and the like are silly.
We already have all these things available now. He is not proposing
anything new.
-- Harvey Newstrom <http://HarveyNewstrom.com> <http://Newstaff.com>
This archive was generated by hypermail 2.1.5 : Sat Nov 02 2002 - 08:09:44 MST