Online
Giving aid and comfort to the enemy Weaknesses in Microsoft application provide plenty of back doors for vandals
Michael Newman
When my friend Ray first moved to Wichita to shoot television news in the early 80s, the station would dispatch a crew on every drive-by shooting. They were new and shocking. By the time he left for a network job in New York, he didn't even look up when word of one came over the scanner. They were no longer newsworthy, and where there was once shock and wonderment, there now was just a callous indifference. So it has become with computer viruses.
mnewman@themagonline.com
The trouble with viruses, worms. Trojan horses and other malicious computer code, is that as the novelty has worn off and our guard has been lowered, the virulence of these programs has continued to escalate.
Only in comic books do master criminals conceive of crime sprees to outdo all previous crime sprees. One more drive-by is just one more. But each new virus attempts to outdo all that have come before. In this, the Nimda (admin spelled backwards) has succeeded.
Nobody really took the FBI seriously back in August when the agency warned that the "Code Red" virus might seriously degrade the performance of the Internet. Then on Tuesday, Sept. 18, while the world was still following just one news story, it looked like maybe it had happened, and perhaps a Code Red variant had actually slowed the Net and disabled some sites completely.
What was really going on was much worse. Previous attacks that have exploited end-user's blithe disregard for security, ignorance, blind faith and stupidity to replicate itself, often but not always exploited weaknesses in software design. This critter was capable of preying on not only the innocent, but also the diligent.
Seeing Red
It's axiomatic that even those that regularly upgrade our virus scanning software are potentially vulnerable to viruses newer than the most recently available updates. The key to protecting ourselves is to engage in practices that minimize the opportunity for a new variant to become active on our machines. Typically this has meant being extremely cautious with files we download from the Web, and even more so with attached files we receive with e-mail.
While the sloppy and stupid behavior of computer users might seem to be a reliable vector for virus writers to exploit, this crafty lot remained vigilant for even better mechanisms for spreading infection. They began finding them in the convenience features that Microsoft was engineering into consumer software.
Ever since it was discovered that Microsoft Outlook Express e-mail program's automation features could be exploited to distribute copies of infected files so they seemed to be sent from a trusted source, this has been a core component of most subsequent viruses. The solution, for many of us anyway, was simple: We just stayed the heck away from Outlook Express and continued to be cautious about any attachments we received.
Like Code Red, Nimda seeks out and infects Web servers running Microsoft's IIS server software. Then it does two new and very insidious things. Where Code Red was satisfied to replace the
front page of a Web site with a brag page telling visitors that Code Red had succeeded there, Nimda uses the flaws in IIS to further propagate itself. First, it replicates itself onto the attacked Web server. Second, it appends Javascript code onto pages delivered by that server which will attempt to send the user the infected file.
This is where things get really ugly. PC users that employ versions of Microsoft's Internet Explorer browser earlier than version 5.5 have browsers that may automatically execute the download of the file without first asking the user's approval. Once on the user's machine, the program will exploit the flaws in Outlook Express.
You might well wonder what the purpose of an attack like this is. 'Because they can' seems to be the best explanation. This is what's known as a "proof of concept" attack. It's a demonstration that the design and theory behind the program is sound and workable.It's also, I suppose,the
satisfaction of tweaking Microsoft; brilliant, outsider programmers showing their ability to outthink the insiders and playing to their fellow evil geniuses.
Gates crasher
Have you spotted the trend here? Nimda's success turns on successfully abusing flawed Microsoft IIS servers, flawed Microsoft Outlook Express email programs and flawed Microsoft Internet Explorer browsers. Yes, it also relies on or exploits people not using or updating anti-virus software, opening infected attachments and of course failing to install patches for flawed Microsoft applications. But the picture is ever clearer that the malicious hacker's three greatest assets are his or her own skill, the ignorance of average computer users and the hubris of Bill Gates.
I no longer believe that using Eudora and Netscape strikes a blow against the empire, but so far they've provided a better firebreak against viral conflagrations
than Microsoft's alternatives. Using them also reinforces my conviction that competition and diversity leads to better software than does market dominance by a single vendor.
It's clear that the federal courts and the Justice Department don't have the will under a conservative administration to engage in any serious antitrust efforts in the Microsoft case. And whether or not the law is on Bill Gates side, it might have turned out better for the regulators to have not fought him at all than to have fought him and lost. His demonstrated arrogance will only grow with victory, and we're already reaping what that attitude has sown in the form of some pretty lousy software with fewer and fewer alternatives.
Perhaps in the war against malicious hackers, as in the war on terrorism, it's time to stop drawing a distinction between the perpetrators and those that harbor them.
- Online entertainment manager Michael Newman can be reached at 832-6317.
20
O THURSDAY, OCTOBER 4, 2001
THE MAG/LAWRENCE JOURNAL-WORLD