Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Saturday, January 14, 2006

Windows Back Door

Yes Steve, there are back doors in Windows. I’m just not sure the SetAbortProc call in WMF files is one of them.

If we had a PC Hall of Fame, Steve Gibson would certainly be a candidate. Steve’s been digging into and writing about the core functionality of Windows since before Windows 3.0 went public. He gained fame and ushered in a new age of internet security with the creation of his ShieldsUp! web site.  ShieldsUp! provides internet security tests so folks can check how well their firewall is working or if they have any nasty programs using open ports.  Steve invites users to his ad-free ShieldUp! site free of charge.  We now have many web sites duplicating and expanding his ideas like http://www.dslreports.com/tools and http://www.dnsstuff.com/.

Steve has also been responsible for finding a number of security flaws in Windows such as a vulnerability in how Microsoft implemented DCOM (Distributed Component Object Model). In 2003, Steve created a program called DCombobulator as a fix.

Steve has also been criticized at times for crying wolf when his alerts weren’t viewed by others as surprises or critical flaws. This week is another one of those times.

After some of his own testing and research, Steve has come to the conclusion that Microsoft intentionally put a “backdoor” into Windows via WMF’s. He’s published an audio and textual discussion with Leo Laporte on his website, http://www.grc.com/SecurityNow.htm#22.

Steve is so well known and respected that Microsoft responded the next day on its Microsoft Security Response Center Blog. The explanation is technical but knowing how things have changed over the years at Microsoft the explanation posted by Stephen Toulouse matches up with my own knowledge and research.

The story makes for good reading but I’m not surprised. Of course, there are back doors in Windows. Most back doors weren’t created for Microsoft use. They’re created to comply with federal laws.

Did you know what most printers include code to embed your printers serial number as a type of watermark in anything you print?  Ever wonder why the government discourages open-source programming? The Homeland Security Department is now providing funds to Coverity, a company which tests open-source programs and servers. Alas, this is probably the topic of an entirely new article.

 

Share on Facebook


4 Comments:

Blogger TeMerc said...

Hey Bill the info you wrote about the printers was just shown on a TV show the other nite, pretty interesting you mention it now, did you see that show too? LOL

12:26 PM  
Blogger BillP said...

No, I missed it. If you remember the name I'd love to watch for it again in case its repeated.

I can't really say how I know, but if you look at the companies I've worked at in one of my interviews like www.temerc.com/phpBB2/viewtopic.php?p=3724#3724
you'll figure it out. :)

10:15 AM  
Anonymous Anonymous said...

"Ever wonder why the government discourages open-source programming? The Homeland Security Department is now providing funds to Coverity, a company which tests open-source programs and servers. Alas, this is probably the topic of an entirely new article."

It just goes to show. You have no clue about open-source. Do you know that apache is used more than any other web serving solution? And despite its popularity, is more secure than Microsoft's IIS?

How about the fact that open-source projects react to security issues much faster than any company could? eg: OpenBSD can react to issues and release a patch in just over 5 hours of being informed.

Security specialists have to nag the hell out of Microsoft to get the message through. (Its like talking to a brick wall). Even then, it takes over a week to respond to a security threat with a patch.

It doesn't take a genius to figure out that MS doesn't take security as it should. Because security doesn't sell, whiz-bang features do.

What about using Linux/BSD/Solaris instead of Windows? Security companies that depend on the Windows money making machine will be out of a job! Heck, apps like WinPatrol, Prevx1 and such wouldn't be needed anymore.

7:03 PM  
Blogger BillP said...

Well, if you read more than the last sentence, you'll notice its not about which OS is the must secure.
It's about which one is most controlled by the man.
Fwiw, our WinPatrol knowledge base is hosted on Apache.

8:30 PM  

Post a Comment

Create a Link

<< Home