Re: Why Microsoft is a Threat to Freedom

Harvey Newstrom (
Thu, 13 Nov 1997 11:46:16 -0500

Michael Lorrey wrote:
> Haven't been shopping for PCs lately huh?

Of course I have. I wouldn't have made a statement about price
comparisons if I hadn't actually compared prices. I have recently
purchased six PC's, 3 Macs, and 2 Unix Workstations for my home lab.

> What do you mean "another products data files"? DO you mean that it made
> IE the default browser for .html files for that computer? Duh, thats
> merely a matter of file format association.

No, I mean the installer opened up private preferences files for other
non-Microsoft products that were previously installed on the computer
and changed the data in those files such that the original applications
couldn't use their own files any more. Internet Config is a seperate
product for configuring IP on the Mac. No other product is supposed to
write to those files, although the product will feed information from
those files to other applications. By changing the data formats in this
file, Microsoft caused competing products to start failing with
corrupted data while Microsoft products continue to work with the new
format. Restoring the Internet Config file from backup reenables the
other products to their original functionality.

> Here's an idea. Netscape could, GASP, do the same thing, impersonate an
> Explorer browser to gain access to a MS webserver.... Gee why didn't I
> think of that... I dunno, it must be because I don't work for
> microsoft.....

Sure they could do the same thing. But as a Network Security
consultant, I take a dim view of software deliberately providing false
information to queries in an attempt to access server areas that the
server administrator is clearly trying to withhold from that software.
Just as any hacker caught trying to get in under false pretenses could
be banned from the site, any software that lies to try to bypass
security under false pretenses could also be banned.

Of course my preferred solution is that my clients beef up their own
security the way they want, and then they don't have to worry about what
client do to try to break in.

>> There also are many examples of Microsoft products opening back doors on
>> machines to allow their servers to gain access, or for their anti-piracy
>> software to check for stolen products on your machine.

> I'd like to see more about this. Any system administrator would find
> this a useful tool, and this data must be how many of the network
> oversight applications operate. A good way to make sure your coders and
> data entry weenies are working and not playing solitaire or sending each
> other joke email....I'm sure my boss would like to have that capability
> over me... he he...

Yes, it would be a wonderful tool if it were documented and if the
Network Administrators had access to this data. Instead, it is
undocumented, and only Microsoft software uses this information to
gather data about someone else's network without their knowledge.

Any knowledgeable network engineer can analyze these interactions with a
sniffer and write their own code to access the same listening ports
(backdoors) to gather information about PCs. For each PC, you could
tell what time an application started and what time it ended. You could
even choose to deny any specific (Microsoft) application by telling it
that its copy is illegal. The Microsoft product will override the local
user's desire with the directives received over the network.

> As a network consultant, I recommend that others in the field find out
> more about how PCs work in background operations to expand their
> horizons past their Mac blindered knowledge...

I have discovered this stuff using packet sniffer tools to detect
anomolous behaviors occurring in the background of most software vendors
products. Much of my research has been part of top secret DoD projects,
for which I was specifically brought in because of my investigations
into backdoors deliberately created by software vendors. None of my
research is second-hand or unsubstantiated. (Long-time readers of this
list will remember when I left the Government arena to found my own
company in 1994.) Besides consulting for DoD security projects, I also
pull six figures per year from IBM for researching their PC networking
difficulties. I assure you that my knowledge of PC networking is not
slight or biased.

But why argue with me? Anybody can buy the products, and then reverse
engineer them to see what they are really doing in the background. If
you are a network consultant, you should probably have the tools to do
this already. Did you actually investigate any of these items before
you decided to disagreed with them, or do you merely have the "faith"
that Microsoft would never do anything underhanded with their software?

Harvey Newstrom  (