Re: Microsoft Security

From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Fri May 05 2000 - 19:40:16 MDT


"Eugene Leitl" <eugene.leitl@lrz.uni-muenchen.de> wrote on Friday, May 05,
2000 8:48 PM,
> I wouldn't be surprised if their
> OSses and apps would have back doors, fed-mandated, and others.

As an expert in the security industry, I can assure you that Microsoft
backdoors are a well-known fact. Their registration programs have been
caught gathering data and uploading it to Microsoft. The settings to make
Internet Explorer ask before installing software doesn't apply to Microsoft
products that use a secret code. Their website and installation CDs have
installed Y2K fixes and Windows-2000 compatibility fixes to Windows-95
customers without asking. Some of their product installations make changes
to other products, including their competitors, without asking. Their
servers update clients secretly through backdoors. Their web clients upload
server webpages automatically through backdoors. Their e-mail and other
products execute commands and even override security features automatically,
using secret codes. Even if you have disconnected your network through
security settings, Microsoft products have been caught turning on the
network and communicating between PCs to catch copies of software running on
multiple PCs. Their latest lawsuit with Sun over Java incompatibilities
involved Microsoft putting undocumented backdoors in Java to let their
servers access the user's PCs.

Many security experts do not feel that it is possible to use Microsoft
products securely. Not just for the bugs, but for the deliberate backdoors.
The Department of Defense almost banned Microsoft products as being a
security risk. This is a well-known problem with Microsoft products.

These are my own opinions and not endorsed by any of my employers or
clients.

--
Harvey Newstrom <http://HarveyNewstrom.com>
IBM Certified Senior Security Consultant,  Legal Hacker, Engineer, Research
Scientist, Author.



This archive was generated by hypermail 2b29 : Thu Jul 27 2000 - 14:10:33 MDT