Home page logo

interesting-people logo Interesting People mailing list archives

IP: Another take on Microsoft-specific worms
From: Dave Farber <farber () cis upenn edu>
Date: Sat, 27 May 2000 17:58:32 -0400

From: "Kevin G. Barkes" <kgb () kgb com>
To: <farber () cis upenn edu>

Hi Dave,

With the release of yet another Microsoft worm, I thought you might find the
following from my May 22 newsletter of interest:
Ok, say we get lucky. No hurricanes, tsunamis or heat waves, and the power
grid holds together. The world's economy can still be brought to its knees
in a few hours by disturbingly simple code delivered via email to computers
running Microsoft applications and operating systems.

The prospect is especially frightening because last year's Melissa virus and
the recent "Love Bug" worm and its variants were, frankly, badly-written
programs created by rank amateurs.

Imagine the chaos that would result if a truly skilled programmer with
particularly malicious intent actually crafted a well-written,
self-propagating email worm targeted at Microsoft Outlook and Outlook
Express users.

What would happen to the international business community if some dot snot
wunderkind gets peeved because he misses out on an IPO and unleashes a bug
that wipes out hard drives and bios settings on PCs around the world? The
wonder is not that such an event is possible, but rather that it hasn't
happened already.

Another wonder is why the world allows itself to be victimized by
Microsoft's cavalier attitude about the gaping security holes in its systems
and applications.

Technically speaking, the recent "Love Bug" wasn't a software bug at all. It
was a feature. Boot up a new, out-of-the-box Windows98 machine and the odds
are pretty good there's a chunk of code called Windows Scripting Host that
activates automatically and eagerly awaits the chance to transparently
execute surreptitiously invoked virus code.

Anti-virus software? Fahgeddaboutit. Consider a real-world implementation of
the virus checking concept. There's a knock at the door. The virus checker
looks through the peephole and sees someone standing there. He scans a book
that contains the pictures and descriptions of a couple thousand known
miscreants. If none match, the unknown person is allowed in.

Try implementing that security model in a Manhattan office building and see
how far you get.

Or consider Microsoft's typical defensive argument, that the problem is
actually stupid users and system administrators.

Another real-world analogy: you're tooling down the Interstate in your Chevy
and hit a bump in the road. The doors fall off and the engine explodes. You
have the ambulance driver stop at the dealership on the way to the trauma
center so you can chew out the service manager. He sneers at you
condescendingly and points to a paragraph of six-point type buried in a
totally unrelated portion of the owners' manual:

"The doors of your car will fall off and the engine will explode when you
hit a bump while traveling on an Interstate highway. One of our engineers
thought this feature would be neat and we have added it at no extra charge
to you. If you disagree (you weenie), you can disable this feature by
performing the following procedure. First, obtain three chickens, two brown
recluse spiders, a length of nylon rope and a virgin..."



Kevin G. Barkes
Email: kgb () kgb com | Web: www.kgb.com
1512 Annette Avenue | Library, Pennsylvania | 15129-9735
Voice: 412-854-2550 | Fax: 412-854-4707
DCL Dialogue on line: http://www.kgb.com/dcl.html
KGB Report http://www.kgb.com/kgbrep.shtml
Random Quotations Generator: http://www.kgb.com/cgi/kgbquote.cgi

  By Date           By Thread  

Current thread:
  • IP: Another take on Microsoft-specific worms Dave Farber (May 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]