Re: OT: Another Microsoft Back Door Is Discovered
- From: Bob G <Osiyo53@xxxxxxxxx>
- Date: Thu, 18 Aug 2005 06:54:56 -0500
On Wed, 17 Aug 2005 17:48:45 GMT, Strabo <strabo@xxxxxxxxxxxxxx>
wrote:
>
>This worm is insignificant as it merely pinpoints yet
>another access point built into Microsoft systems for
>it's friends.
>
>Surely no one believes that these are design or coding errors.
>
Strabo, who ever said they were errors at all?
You design a piece of programming code to accomplish some specific
task. Windows (and every other computer operating system out there) is
made up of thousands and thousands of pieces of such code.
Each piece of code to accomplish some specific task, is itself usually
pretty simple. ie A call to the system to find and return the
"handle" of the currently selected form or subwindow. While that chunk
of code is fairly sizeable and to the untrainned eye looks complex and
mysterious, it really isn't. The complexity comes from the shear
number of such chunks of code ... which one needs to have in order to
have a complete operating system ... and the need to keep them
organized and design them in such a way as to have minimal or no
conflicts between them where one is doing something which will
interfere with or screw up another. Especially in a multitasking
enviornment where one might well have several different apps, or
multiple instances of the same app, all trying to use the same code
chunks at the same time.
In any event, you design a chunk of code. And if that code does what
it is supposed to do, acceptably well, without screwing up other
chunks of code in the process, then it is code which does NOT have
errors.
The main problem with Windows and these hack attacks is NOT that it is
full of errors. It isn't, relatively speaking. Ohhh, it has some
routines which are less than optimized, in some cases downright
clunky, and so forth. But the reality is that for it's size,
capabilities, and complexity ... it actually contains amazingly few
errors. Which is not the same as saying it's each and every part and
subroutine is optimal and best of kind. That's a different subject.
The main problem that leads to these "vulnerabilities" ....
opportunity for pieces of code to be used or abused in such a way as
to force the computer and operating system to do something the
user/owner does not want it to do ... is fairly simple to understand.
First off, Microsoft's leadership and it's many thousands of
programmers have apparently lost their crystal ball. And thus their
ability to see into the future.
Since when they design a particular piece of code, it's apparent that
sometimes they fail to consult said crystal ball and see into the
future and thus forecast just how many ways that particular piece of
programming code might be used or abused, for it's intended purpose,
or for some other purpose the originators never even imagined.
<Shrug> Just how many ways are there to skin a cat, Strabo? How many
uses are there for duct tape? How many uses might one find for a
knife? A stick? A rock? Are you sure you know the absolute answers
to those questions?
Are you sure that if 10,000 ... or 100,000 human minds turn themselves
to the task, each spending countless hours in the effort and research
and experimentation .... that somebody out there isn't gonna turn up a
new way to do any of those things or to use any of those things which
you haven't thought of beforehand?
Now, compound this problem of forecasting and seeing into the future
in an effort to foresee and guard against every possibility of the
many uses and abuses of something .... by imagining that instead of
talking about simply one tool or object ... ie duct tape .... we
needed to forecast and guard against every possible use (other than
the oringinal intended use) and abuse of every tool, material, and
product in a major chain hardware store. Again, there will be
thousands, or tens of thousands ... perhaps hundreds of thousands of
minds working on the effort, day and night because some of em are
really, really dedicated to their efforts to find some way to use each
and every one of those thousands of things in that store in some way
you did not foresee or even imagine they might.
Your task, Strabo, is to design every product and item in that store
.... so that no one can use it for anything other than it's intended
use ... as you see it, and use it only in the way you specify in the
directions on the package. You must also design each and every item
in such a way that if someone gets hold of that item, legally or
otherwise, and takes it home where he or she has all the time in the
world to study and examine it in total privacy and at will. That they
will not find it possible to (1) give said item to someone else
without your immediate knowledge of the transfer, (2) that any
modification whatsoever no matter how slight or minor will be
immediately noticeable and obvious to anyone, and (3) that said
object, regardless of what it is will self detect it's modification
and or usage for other than intended use as per directions on the
package and will either immediately self destruct or go inert and
refuse to perform any function whatsoever.
Oh, and by the way. Your customers are at the same time absolutely
demanding that yah give em all the specs and design data on each and
every object and item in your store and that you make each "easy
access". That is to say, if yah sell a man a lawn mower, yah gotta
give him all the blueprints, tech manuals, and so forth ... make the
tools available to him to so that he CAN tweak and modify the thing at
will if he wishes. And make the outer housings an cases easily opened
and the innards easy to get to. Yah gotta do all this, but at the
same time design that lawn mower with the above criteria in mind.
That it be friggin impossible that he use it for other than the
specific intended purpose, or that he be able to modify it in any way
without Joe Smuck, his neighbor who knows nothing whatsoever about
lawn mowers being able to tell instantly when first fellow gives him
the lawn mower. Or that Joe Smuck be able to detect instantly that
his neighbor, who purposely bought an identical lawn mower to his,
snuck into his garage in the middle of the night and swapped a
modified mower for Joe Smuck's original.
This ought to be simple enough, right?
BTW, what's your plan for preventing Al the Pervert from buying a
drill or hole saw and using the same to make a peek hole so he can
watch neighbor Jane undress in her bedroom? And how do yah plan to
prevent Bill the Thief from buying a hammer and a big nail, which you
intend for him to use only for joinning two pieces of wood, from using
same to knock a hinge pin from a hinge to he can get into some place
where he can steal stuff.
If yah don't foresee and forecast and prevent such things, it's only
reasonable that people call your products faulty, or made with built
in errors on purpose, right?
On the one hand many folks demand Microsoft not encrypt certain
routines within Windows. Thousands and thousands of them. And that
they make technical data and information available about those
routines available. And that they either sell or give away the very
tools that could be used to modify those routines, or put them to some
new and different use MS never even thought of. And, further, that
Windows itself be open and easily patched or added to by third party
software vendors. And MS does this. Don't believe me, go to their
web sites and you can find everything ... EVERYTHING ... one needs to
know about how the various parts of Windows work, help files which
will take yah into the very innards of the system. AND you'll even
find, if you know where to look freebie giveaways of programming tools
to make it easier for yah to hack, modify, redirect, and so forth
those operating systems components. Heck, look up Windows, enumerate,
issues, problems on their web site. Look around long enough and
you'll find the discussion where they'll tell yah what WinEnumerate
is, and explain in detail a "don't do this" routine because if yah
write code to cause Windows to do that, in that way, it'll surely lock
up and freeze on you. What could be easier for a person who wants to
hack out some code to make other folks miserable and pissed off? Yah
can get the "how to" and all the tools needed to write such code right
from their site.
Of course, that's not the reason it's there. It's there as a warning
to honest programmers to avoid using that specific looping routine.
Microsoft and Windows don't have an exclusive on so-called back doors.
They're everywhere. You can find back doors, vulnerabilities, and so
forth in any operating system I've ever seen.
Once, just as a lark and because some fellows pissed me off, while I
was working for a major telecom, I put on a little demonstration.
Involving a Unix based system and network. The system administrators
were a snobbish, fat headed, full of themselves lot and when I
requested a particular level of access into a certain portion of the
network they refused. In fact, I needed such for the work I was
doing. But they insisted I run everything thru them first. Sounds
good, for security reasons, but was impratical. In effect it turned a
10 minute task into one taking from hours at least, and sometimes into
something it'd take days for me to get accomplished. They had their
jobs, I had mine. They wouldn't budge. And one fellow in particular,
the top dog in that network security office rather upleasantly, in
snobbish fashion, informed me he wasn't changing his mind and there
was nothing I, or anyone else could do about it. And I shouldn't try
because I would fail since he knew FAR more than I ever would. And
would block any move my poor, uneducated self could make.
LOL ... sounded like a challenge to me. Took me almost a week of
spare time work, but in the end I accomplished what he said was
impossible for me to do ... without his cooperation and permission and
help. And I did it in a way he never friggin even thought of or
imagined. Found an "in" that he never saw despite the fact it was
right in front of his eyes. Since he never connected the dots and
figured someone might use a certain set of commands and routines which
I used, in the way I used them.
Not only that, he and his office never detected what I was doing.
Til, after a while, I told em. Just a little "in your face, kiss my
ass" thing I decided to do. Chuckle, he tried to take it up the line
to upper management, complaining I'd violated security. Which is what
I wanted. I explained my case and reasons to them. And the result
was that he was ordered to give me the legitimate access I had needed
and wanted.
I suppose, Strabo, that you're gonna blame MS for the "faults and
errors" in certain cell telephone operating systems (which they didn't
design) that's allowing the current increase in spam and viruses to
show up on people's cell phones?
You can not make something "open and easy access", and at the same
time design it in such a way as to prevent any and all abuse.
Likewise, yah can't have freedom for people, without some of them
abusing said freedoms.
I am, BTW, not defending MS. I can find many things I dislike about
em and about Windows. The very reason the versions I use have had
modifications made and add-ons designed by 3rd parties implemented.
Since in a number of cases, the normal Windows routines don't work as
well as they might, or as well as some alternative designed by some
other person to set out to design code that performs some specific
function better than the default Windows routine.
<Shrug> As to things like finding new ways to do something better, or
to make an existing routine in an OS do something the orginal
designers didn't foresee, or finding "workarounds" to avoid faults,
less than optimal performance and so forth .. happens all the time. I
work with propriety OS's designed for control of various types of
machines. Quite routinely we users of such figure out these sorts of
things for some particular OS and controller (computer in a box) made
by this or that manufacturer. And make em do new tricks which
original designers never thought they could do. Or make em do
something better than the original method. Or put em to some new use
never imagined by the originators. And so forth.
It's routine for a manufacturers of the specialized computer systems
and apps we use to ask, "Hey, anybody out there run into this problem?
How did you get around it?", or "Anybody ever used our product A to do
this? How'd you do it?"
I think your, and many people's, expectations of what MS can or can
not do is unrealistic. As is many folk's expectations as to what MS's
responsibilities and duties are.
Bob
.
- Prev by Date: Re: Since it's almost winter ;>}
- Next by Date: Re: Virus vs. virus. Oh good, another war
- Previous by thread: Re: OT: Another Microsoft Back Door Is Discovered
- Next by thread: Re: OT: Another Microsoft Back Door Is Discovered
- Index(es):
Relevant Pages
|
