Re: Blame Bill Gates for ILOVEYOU

From: Harvey Newstrom (mail@HarveyNewstrom.com)
Date: Sat May 06 2000 - 00:14:46 MDT


"E. Shaun Russell" <e_shaun@uniserve.com> wrote on Friday, May 05, 2000
10:32 PM,
> Harvey Newstrom wrote:
>
> >Blame Bill Gates
> >
> >Linux and Mac users are happily immune to the ill effects of ILOVEYOU,
which
> >depends upon the Windows Scripting Host to get launched once it's
triggered
> >on the user's computer.
>
> Blame a company for not being infallible? If those are the standards,
then
> I'm afraid that *no* O/S can live up to them. The crime isn't on MS'
> hands, it is on the proliferation of the virus.

No one expects a company to be infallible. The point of the article is that
Microsoft has been warned for years by security professionals that their
software has the backdoors. Security professionals originally thought they
were bugs, except that Microsoft says that they are "features". They were
deliberately designed into the software and Microsoft refuses to take them
out. Even after a couple of years of people exploiting these backdoors,
Microsoft still refuses to fix them.

These are deliberate back-doors put in the e-mail software to allow outside
people to execute commands on your PC. Microsoft insists on keeping these
backdoors, because they use them for their own purposes. They also refuse
to add security so that they can only be used by Microsoft. As a result,
these backdoors are not only known to exist, but they are documented and
advertised in Microsoft manuals on how to send executable scripts that run
on other people's computer.

This is not a simple lack of infallibility. This is sheer stupidity.
Microsoft is deliberately and knowingly keeping these backdoors open because
the Microsoft thinks that its desire to send commands to your computer
easily outweighs your desire to not allow hackers to send commands to your
computer easily. Security professionals have asked Microsoft to fix these
backdoors, and Microsoft claims that it would not be in their best interest
to do so.

--
Harvey Newstrom <http://HarveyNewstrom.com>
IBM Certified Senior Security Consultant,  Legal Hacker, Engineer, Research
Scientist, Author.



This archive was generated by hypermail 2b29 : Thu Jul 27 2000 - 14:10:35 MDT