cDc Charges MS w/ Distributing Cracker Software 356
davidr writes "Microsoft's response to Back Orifice 2000 has been to characterize it as a hacker tool instead of a network administration tool, because it can be installed stealthily and used to monitor users without their knowledge. cDc has reponded by pointing out that Microsoft's own tool, SMS,
does the same exact thing! They've called for antivirus software for SMS and challenged Microsoft to recall it. "
Read this one. Its interesting. Having never used SMS (hell,
I haven't really used windows in a year or so) I'll leave
it up to you guys to figure out if this is true.
Re:HAHAHAHA (Score:1)
Drum Roll Please.......
Communicator!
(waiting patiently for Mozilla)
hrmmm.. (Score:1)
Not quite the same (Score:1)
*EXACTLY* (Score:1)
what Microsoft should have mentioned instead were the features of BO2K that *really* made it intended to be malicious. The lockup command, password getting commands, microphone monitoring, etc.
But the worst thing about BO was actually mentioned in the cDc article when quoting Microsoft: "And, once it's installed, it makes the system available to other people on the Internet."
This is one key difference between SMS and BO2K. BO2K has a scanner feature (I believe another poster mentioned it), and if you scan a few subnets, you're going to see a bunch of open BO2K servers just waiting there for the hacking. SMS does not have such a scanning feature, and doesn't leave itself open over the internet.
Also, BO2K is small, and can be easily insterted into a trojan mail macro or an activex control or a buffer overflow or whatnot. Try doing that with SMS!
There's more that makes BO2K made for malicious activity than simply the stealth feature, folks. cDc is just FUDding microsoft here.
Even the most harmful things can do you good (Score:1)
If someone hacks you, that should be a wakeup call that you need to improve your security. And I'm not just talking about software; policies should always be more paranoid than necessary.
If the OS was designed better, and the user was more wary, this wouldn't be a problem at all, now would it? So don't go blaming the messenger; please kindly thank him for informing you of a problem you might not have previously been aware of. I mean, why do you think they release the source code?
ps - I'm not even going into the topic of why a computer user should have to be an expert - s/he shouldn't, but they should know the dangers of being online and downloading and installing software.
SMS is a tool of control (Score:1)
I believe SMS also does good stuff like updating software and stuff like that, but like I said, I don't know.
Re:As well they should (Score:2)
It all comes down to who cDc is. They probably will never be taken as a legitimate organization, so their products will be labelled as virii/trojans...
Re:Funny that.... (Score:1)
What's in a name? (Score:1)
This is an unmistakable case of hypocrisy. Microsoft does sell this product with the knowledge that it could be used in a malicious way. What stops one from using it? Bloat, obviously. Microsoft has most likely bloated SMS to the point that it can only be used efficiently on an Enterprise size network - which is what most of these tools is meant for.
Now, on the topic of my subject: What's in a name? SMS sounds official - and therefore (to the unknowing public) - it is. Now, think about the name "Back Orifice 2000". What does that say?
To anyone who has heard of Back Office, it immediately strikes a fear in an IS person: Back Orifice!? Sounds like a virus already, doesn't it? The 2000 immediately says that this software is geared toward Windows 2000 and the like.
Microsoft is using BO2K's name against it simply by including it in a sentence: "Back Orifice 2000 is a trojan horse."
Regular people out there won't like to hear something called "Back Orifice" and most likely wouldn't use it just for the sake of the name. It's a shame that software's merits must be based upon names.
Heck, next thing you know is that the Vatican will be denouncing the use of the GIMP because it has homosexual connotations.
Re:Hey! What about porting BO2K to Linux? (Score:1)
---
Spammed? Click here [sputum.com] for free slack on how to fight it!
Re:*EXACTLY* (Score:2)
In my experience, a LOT of the BO infected machines (I haven't done any work with BO2K) are machines which have a c:\bo or c:\cdc directory, leading me to the conclusion that these are script kiddies who downloaded Back Orifice and then proceeded to run the executables that come with it before reading the textfile, installing the server on their own system in the process. They get what they deserve.
Re:I wonder how many law enforcement agencies use (Score:2)
Also, regardless of how you get it, if you have a warrant you're ok -- so I wouldn't be surprised to see BO[2k] being used by law enforcement agencies all over the place.
Re:I wonder how many law enforcement agencies use (Score:2)
Re:Well, they're sorta the same (Score:1)
Tried uninstalling SMS lately without your admin's OK? If you're on a well-secured NT box (ha!) it's not that trivial.
bugtraq %PWD% 'exploit' in NT (Score:1)
There was a BugTraq issue a few weeks ago about the lame search path that is used by Windows NT. It searches $HOME before *anything* else and so all you really need to do is put explorer.exe on the home drive and put a bo2k thread in it (well, you get the point). This can all be done easily within Word macros.
Actually, it searches . first. It's just that . is the same as %HOME% when you first log in. Let's please be acacurate when pointing out how insecure NT is... :)
Re:CORP hidden surveillance - Is LEGAL (Score:1)
Democracy, voting for government action, doesn't come into this. I would call such a country a "free state for employees but not property owners."
SYSTEM 32 was . . . . (Score:1)
True Dat on the "Ohhs and Ahhs" . . . Some hack for fortune, some hack for fame . . . some just want to rip off other ideas and claim them as their own by using the media . . .
my 2 centavos
Re:Hyppocritical War (Score:1)
They aren't doing it to "beat" Microsoft. They are exploiting the security problems in the OS in an effort to get Microsoft to fix them. In this case the whole analogy goes out the window since they aren't out to kick the goats off the mountain. I dunno. This analogy didn't really work well for me. Basically I agree that Microsoft has long ignored their security problems and will not even admit to having them in most cases. Given that degree of denial, I don't see any other way this group of people could influence Microsoft to fix the problems.
Re:another unlogical MS Troll (Score:1)
and it's not hidden away surreptitiously like BO2k.
Umm.. SMS can be hidden too. It's not hard.
It consists of a lot more than just remote control
Just because BO2K doesn't do everything that SMS does, it's not legit?
You could, with effort, seperate the remote control component out and use it alone, I guess, but it would be difficult to use without the entire SMS infrastructure.
What difference does it make. Microsoft could sell all the components together or separate. It wouldn't matter. The remote component obviously doesn't NEED an infrastructure to work properly, or BO2K wouldn't exist. It's just a matter of how they coded it. MS doesn't know how to make anything that works independently anymore. All products must be tied together.
Again - the difference is obvious to any but the most hardened anti-MS nerd.
Oooh... nice one. Back up flimsy argument with an ad-hominem for good measure. Maybe this'll scare you off:
If you don't agree with me then you are obviously an MS apologist with less mental capacity than my cat.
Re:Probably used frequently (Score:1)
Since the government/police/other agencies are going to use these methods to watch us anyway, maybe we should just make it all legal. They can try to watch us... we can try to watch them... and we can both use whatever technical means we have available to avoid being watched. What other solution is there that's even marginally fair given the information we have that says that the police aren't obeying the current laws anyway? Why have the laws restricting us then?
Re:CORP hidden surveillance - Is LEGAL (Score:1)
Re:CORP hidden surveillance - Is LEGAL (Score:1)
Re:Discovering hidden surveillance (Score:1)
Re:Down with spelling flamers!! (Score:1)
Ethics is a major class in most colleges that I know of. I just find it quite amazing that someone who is (obviously) going to college wouldn't know that.
I'm not a "newbee" (newbie), but thanks for playing anyway.
I'm not that anally retentive. Or maybe I am. I've never bothered to check.
And I'm glad you love me so much as to reply to me. If I'm just a "newbee flamer" who isn't worth your time... I'm just so glad you care so much!
Re:Down with spelling flamers!! (Score:1)
Also, some misspellings are simple finger missteps. I've had a few of those. But actually not knowing the spelling of that particular word strikes me as rather odd.
I'm sorry for any hurt feelings, but that's just the way I see it.
Try Anonymizer (Score:1)
Re:Hmm. (Score:1)
I find being able to kill the password protected screen saver with ctrl-alt-del very funny. It is very irresponsable of MS to lull the user into a sense of security like that. It's be like a Linux distro coming with a version of login that asks for a password but doesn't check it. That and the fact that Win'9x doesn't support meaningful file permissions makes it an insecure system.
Granted, any system can be compromised with physical access, but most make it much harder to be discreet about it.
Re:Hmm. (Score:2)
To be fair, nearly any system can be compromised by booting from a floppy. The solution s are the same in all cases, a boot password (make sure the BIOS doesn't have a backdoor (most did at one time, I don't know if they still do)), or remove the floppy drive.
For higher security needs, encrypt the filesystem (on systems that support it).
Re:Hmm. (Score:2)
I use XDM all the time. Add the following to passwd:
xdm::0:0:XDM:/root:/usr/X11R6/bin/xdm
Just type xdm at login: and it comes up.
If you'd rather just start X, run it nohup, and log off of the console session.
That way, if someone kills X, they get a login: only. If they just kill the session, they get xdm login. If you want a text vc, just switch and login. The minor inconvenience is just the cost of security.
Don't forget to set a password on LILO so people can't just boot single. Set a configuration password in BIOS and disable booting from floppy and cdrom as well.
If you do all of the above, you guarentee that the box will have to be opened to get in. If you set up an encrypted loop device as well, even ripping the drives out and putting them on another system won't expose your data.
Re:Hmm. (Score:2)
This is an interesting idea, but does it not open a whole other box of security problems adding a second root user with no passwd? (especially with networked machine)
It does require that XDM be looked at carefully. As long as XDM is secure, the extra entry is also secure since it will just run XDM and then log back out. PAM can be configured to only allow that login from the console. If the would be cracker tries to use a well timed ^c to interrupt XDM, they might possably succeed in running X without XDM, but that doesn't buy them anything.
I consider that line a security enhancement because it reduces the chances of forgetfully leaving a VC logged in.
I'm not sure what to do about the powermac situation. I suppose to be safe, you'd have to remove any drive that allows removable media to boot :-(. Poaasbly someone with more powermac experiance knows a better way.
IMPORTANT note about PC BIOS passwords: At one time, a surprising number of them had hard coded back door passwords. Tech support would give those out to users who forgot their passwords rather than telling them they must clear their CMOS. Very dumb. I don't know if that is still done or not, only that MINE doesn't have one. Only a disassembler will tell you for sure.
The jumper these pins to clear the BIOS isn't too bad, but drian the battery with a pair of jumpers and a resister to clear the BIOS is better.
Wait a Minute! (Score:1)
Then BO2K just collects several cracker tools. (Score:1)
SMS can scan (actually, just running the client gives the server lots of information). I'm not sure its logging functions but it also ties into network monitor (if it's installed). However, the keystroke logging is actually the most administratively beneficial component of BO2K. Being able to see just what the inputs were that caused the system to crash.... Think about it. It's also a feature enabled in some other remote admin tools. Furthermore, the microphone piping does require a mic attached to the system, yes? Also, BO hides itself by making it's executables and registry entries look like system files/keys, which makes it a pain should you decide it's time to uninstall.
Look at Office 2000. The links it creates in your start menu aren't real shortcuts, they're like the control panel. I didn't discover this until I tried running EVWM which pulled the real name from the link rather than the short name.
Most legit remote managment tools can be removed with a minimal effort. :)
Um... Sure. Right.
I'm not trying to defend MS here, but if cDc claims that BO2K is anything but a hacker tool, they're only kidding themselves.
Just like Microsoft is kidding themselves saying SMS isn't a cracking tool.
I want to see Gates eat a big steaming turd as much as the next guy, but I think cDc is going about it entirely the wrong way, and I think they're doomed to failure.
Right. Sure you want Gates to "eat a big steaming turd." We believe you.
SMS 1.2 and hiding. -- last links were bad. (Score:4)
GIF of how to turn off visibility. [webwizards.net] Notice how both permission required and visible signal are unchecked.
All the warning you get. [webwizards.net] WUSER32 is the process (it's not visible under the Applications pane) that runs SMS.
I don't know what SMS 2.0 behaves like as we aren't using it here yet.
Re:As well they should (Score:1)
- SMS displays an indication to the user that they are under remote control
- SMS cannot be installed without access to SQL Server and the Domain Controller anyway. An administrator with these privileges would not need SMS!
- SMS is a legitimate, supported product for remote installation and helpdesk functions. If you think remote access to a user workstation is a bad thing, best disable telnetd/sshd/rsh on your LAN now. Many Unix users like to criticise MS for lack of remote administration, SMS is Microsoft's answer. It can install a software package unattended and remotely - you can, for example, upgrade a thousand installations of Office to the latest version overnight, easy. You can audit machines and check whether your office in Malaysia needs more memory in their machines before deploying your latest application, all sorts of cool stuff like that. Warez k1dz hate SMS cos it finds their pirate software and the LAN admin busts them for it.
- cDc are a self-proclaimed malicious hacker group, and released their product to other self-proclaimed hackers at a hacking event. SMS is sold to enterprise customers who legally own their own machines.
(Yes, I'm an MCSE with SMS elective.)Re:As well they should (Score:1)
Six of one, a half-dozen of the other. BO2K can be installed and authorized by the system administrators. And SMS can be installed by unauthorized users if they have the appropriate permissions (I don't know NT very well, but surely the same permissions -- write access to the C: drive, for one -- would be required to install BO2K as to install SMS).
Also SMS's remote control facility can be turned off by the user to prevent the admin from connecting.
Not if the user doesn't know SMS is there. Here's the "evil use of SMS" scenario: I'm a cracker wanting to take remote control of Joe User's computer. So I sneak into Joe's office when Joe isn't there and has forgotten to password-protect his screensaver, and I install SMS from the CD-ROM I always carry with me. Or I find some excuse to be in Joe's office and I watch him type his password (you'd be surprised how slowly some people type their passwords in). Anyway, I get SMS installed and (posing as Joe, the user) check the "allow remote control" box and the "hide" box. Now Joe's computer has SMS installed on it and he doesn't know.
Run through the scenario above, substituting BO2K for SMS. See? Not so different, are they? Both are remote-control-of-a-computer tools that don't always announce their presence. The only difference is that SMS costs quite a bit of money, while BO2K can be downloaded free of charge. Thus a lot more people will have access to a copy of BO2K than a copy of SMS.
The point is that both SMS and BO2K can be installed by admins for legitimate purposes, or they can be installed secretly by crackers for security-breaking purposes. A rifle can be used for hunting, or it can be used to murder someone. Rifles aren't inherently evil (let's not start a gun-control flamewar here), but they can be used for evil purposes. Same principle with BO2K.
-----
Re:Cause you can't... (Score:1)
While it's true that most of the security "features" that Windoze has are not present in Linux, does not mean that a BO server couldn't be ported to Linux.
BTW, older versions of BO command-line clients were available for Linux--is the same true now? I don't use BO because I don't care that much (don't use Windows; don't like harassing people.)
Re:Security Geniuses at Microsoft (Score:1)
Yes, I was surprised too...
Re:Something to bear in mind (Score:1)
What makes you think this is the first program to do this. What CDC did *for* innocent Windows admins is shine a bright light on the problem.
Do you really think CDC are the first to use a tool like this? Its's not. It is well known. The other tools that do this will not be found by a virus checker.
Re:But what, exactly, makes BO2K a cracker tool... (Score:2)
Actually, for all practical purposes, what makes SMS not a cracking tool is its cost and its bloat. The average script kiddie (obviously) could not afford a legit copy of SMS, and probably wouldn't be able to figure it out if he/she did have it. Ironically, what makes BO2k a "cracking tool" is its price and ease-of-use. I'm sure that if MS made SMS small, easy, and free, crackers would have a field-day with it, too.
Re:Hmm. (Score:1)
The hell they do.
CORP hidden surveillance - Is LEGAL (Score:1)
I am not sure if this applies outside of the US or not. No, it is not. The system is not yours it is the companies and they are free to do anything with it the like. They can monitor/log keystrokes, watch what you are doing, ANYTHING!
Re:SMS for Linux (Score:1)
SMS for Linux (Score:2)
My only experience of SMS was when we were evaluating Amdahl's awful A+EDM. SMS was slightly better, but both were hampered by NT's design flaws. In the end, we went for SMS for NT, and stuck with rdist for Unix. I haven't been able to check out their web site, to find exactly what features the Linux client has, but I'm betting it's run either as root, or with setuid root privileges, and I'll pretty much guarantee it'll be closed source, and users won't be able to fix the security holes that I'm sure it'll introduce...
boclient (Score:1)
I use it to check my fakebo server.
And why the port? Isn't ssh enough?
Discovering hidden surveillance (Score:1)
Without my knowledge this would be a grave intrusion, certainly worth suing.
Re:You didn't already know? (Score:1)
I suspected that such stuff exists but was not aware of it being sold by Microsoft. So I am thankful to cDc, as they rose my awareness
- Thanks, cow woreshippers!
With the current video surveilance craze (nah, not only in Great Britain, here in Germany it started too) it is not a big surprise that they start to monitor your PC.
Things to be watchful:
SMS 2.0 Beta 3 (sucks) (Score:1)
I was SMS administrator at an insurance company and tried testing it out (one server, 2 clients). It was physically connected to the rest of the network, but I denied it access to the production network by setting up a completely different subnet and not adding a route. Since SMS 1.2 couldn't find machines sometimes in its OWN subnet, I assumed I was safe. I turned on discovery (and *only* discovery) and let it run overnight. When I returned the next morning, users were complaining of crashes and odd messages. Not only had SMS 2 managed to find the production network (by trying every combination of IP addresses and thus circumventing the router) and install itself onto 700-odd machines, the client was unstable and was causing many of them to crash.
Frantically I tried to undo what I had done. Chapter 13 or so of the Big Green SMS Beta Book titled "uninstalling clients" read simply: "this feature not yet implemented".
So it was back to SMS 1.2. I wrote a very ugly script designed to clean out the registry (5000+ entries) and remove all the files, but like usual most clients had problems (like 2.0-induced crashes) that prevented the script from running. I ended up having to repair 300+ workstations by hand.
Some of them are still broken actually...
Another point: (Score:1)
There is also the issue that SMS has a tendency to install itself to the PC's of employees who dial in from home and run all administrative jobs on it as if it were corporate property. The SMS client(s) run as a domain administrator, so by logging in to the corporate domain you automatically give up all ability to stop SMS from doing its thing, short of powering off or disconnecting.
This happens, BTW. Not hypothetical.
Desktop Nazis (Score:2)
I wouldn't be too concerned though. SMS collects a lot of information, but unless the admin knows *exactly* what he's looking for he won't find it. SMS is very difficult to administer well, it breaks frequently, it is easy to confuse, and it is VERY slow.
If you want to hide something from SMS, get partition magic and change your partitioning slightly from week to week. Eventually SMS will fill up it's MS-SQL (slogan: "just like daddy's") database with 100-some entries on your machine and its contents and cease to be useful.
Wow! Looks like you have 362 copies of Netscape installed!
Re:SMS is a tool of control (Score:2)
Re:But what, exactly, makes BO2K a cracker tool... (Score:1)
Gary
Hmm. (Score:1)
No, BO2K or any other remote admin tool do not expose any security flaws. Windows systems are all single user, and have adequate security for single user systems. (Granted of course, you don't have machines that need security running Windows 9x, since the level of security in Windows 9x is effectively NONE).
However, single user machines have no business being attached to a network of any kind, and if you are fool hearty enough to trust sensitive data to a networked single user machine, god help you.
P.S. Any misspellings or faults of grammar you think you detect are mearly transmition errors, and probably your fault anyway.
A small difference (Score:1)
BO2K allows a script kiddie to control/observe your system.
I think MS is right on this one.
How many tool kits are out there to let you build trojan horse programs for SMS?
CDC can play with words and semantics all they want. They created a hacking tool and thats that.
Re:Discovering hidden surveillance (Score:1)
That only changes the Microsoft networking (ie, smb and others who use it's authentication like IIS/domain) and not any old port that is open on the machine.
The wheel is turning but the hamster is dead.
Re:Discovering hidden surveillance (Score:1)
bo2k can be set up to run at different times of the day. Netstat won't help you out there unless you repeatedly run it.
The wheel is turning but the hamster is dead.
Re:Discovering hidden surveillance (Score:2)
That won't work. If a "process" like bo2k is running as a thread under some other program (like EXPLORER.EXE, for example...) then it will not show up on any process task you care to use.
For removal, you should be able to find BO2K's registry entry in RegEdit, under HKEY Local Machine>Software>Microsoft>Windows>Run or a similar directory either under windows her, or under the HKEY current user.
That will catch the default install of bo2k, but that is not the only way it can function. There are several other attacks (like the one above coupled with the default search path of Windows NT which searches $HOME before anything else).
The only reliable way of seeing if someone is monitoring you is to run a network snooper on some other machine on the same non-switched subnet as your machine. That only works if you can guarantee the security of the auditing machine (like turn off *all* network services on a Linux box and just have it snoop your NT machine's traffic). With that kind of setup you can see all the connections your machine is making and recieving.
The wheel is turning but the hamster is dead.
Re:SMS 1.2 and hiding. -- last links were bad. (Score:3)
There was a BugTraq issue a few weeks ago about the lame search path that is used by Windows NT. It searches $HOME before *anything* else and so all you really need to do is put explorer.exe on the home drive and put a bo2k thread in it (well, you get the point). This can all be done easily within Word macros.
Another thing that bugs me: A user can do this and under certain circumnstances the process is kept alive between logins. AND, as if that weren't enough: it registers itself as a startup program (all users have the ability to do this on a default NT install) and as soon as the Administrator logs in...
Microsoft has a lot of work to do in order to make NT safe for multiple-user workstations.
The wheel is turning but the hamster is dead.
Re:Both Right, Both Wrong (Score:1)
This whole incident made us look a little TOO much like "professional" software developers for my taste.
Re:I know we all hate M$ but... but what? (Score:1)
Back Orifice, and Back Orifice 2000, can NOT attach to another executable fro a "stealthy" delivery on their own. In order to install an "out of the box" BO2K client, you have to click on the icon for the bo2k server, which then installs and begins running.
A third party (Brian Enigma of netninja.com) has produced a series of plugins which allow this functionality, but they are neither developed nor endorsed by the Cult of the Dead Cow.
Re:Legitimate Anal Remote Administration (Score:1)
A couple of points here: first of all, it's free, so it seems unlikely that anybody would have to submit an expense report for it, unless they really WERE doing something nefarious, like embezzling. Second, you can feel free to call it BO2K if it makes you feel better about using it to administer a network. From what we hear, that's what Pat Robertson called it, and if it's clean enough for him, I would imagine it's clean enough for anybody. We chose a name like Back Orifice partly because we believe that if you are developing free, useful software entirely as a hobby, and you know you're going to get blasted by critics no matter what you do then, well, you're allowed to have some fun once in a while.
>2. The cDc claims that both that BO2K is a legitimate remote network administration tool, and that it is releasing BO2K to force Microsoft to plug (intrinsic design-related) security holes in NT. That's a contradiction. Imagine the press release for pcAnywhere 2000: "This version contains all kinds of all-new features, primarily designed to force Microsoft to plug security holes." And maybe Symantec will rename itself the Cult of the Norton Commander (cNc).
While I do like the idea of Cult of the Norton Commander, I don't honestly see a contradiction. If you read our press releases and bo2k.com, you will hopefully see a slightly different take on things. We believe that an operating system should be robust and secure enough that a powerful and useful tool such as bo2k will not be an enormous security threat. Every feature of bo2k has administration uses, and the program itself is extremely efficient and modular, things that I've always been taught are a hallmark of good software design. However, because of this very effectiveness, the bloated hulk that is Windows is unprepared to deal with the control users have been given. We developed bo2k because people should have it, and because they shouldn't be scared of it; if they are, maybe that will make people think about the real issues involved.
>BO2K has *only* a stealth mode, and stealth seems to have been a major design consideration. (Correct me if I'm wrong here, I didn't actually download it as I don't want to be sifting through my registry to get rid of it.)
Okay, I'll correct you. You are 100% wrong about this. BO2K by default has stealth mode OFF, and will show up in the process list just like any other application. And as far as that crack about sorting through your registry to get rid of it, there is a function in the client - shutdown server - which can very easily be used to completely uninstall the server from the machine it is running on. No need to hunt through the registry or anything else.
BO2K IS just a useful program for remote administration. The fact that it can be portrayed as anything else, by us or by anyone, is a sad comment on the current state of operating system and application security, at least as far as Microsoft operating systems are concerned.
- Tweety Fish
Re:"The Deth Vegetable" ??? (Score:1)
I am astonished at the number of people who claim to know our motives, age, and level of commitment to what we have to say through no more facts than what we choose to call ourselves.
I can only pray that, should you get a life-threatening illness, the doctor who recommends the drugs that could save you doesn't have a silly name.
Re:This is so NOT true, its not even funny. (Score:2)
As far as requiring Windows NT, a login to a domain controller, and a SQL server login... well, no, we don't require any of those, because we don't think that people should have to buy NT, a machine to act as PDC, OR SQL Server in order to effectively administer their network. We think it should be FREE.
Re:surpise, surpise, surpise (Score:1)
Hmm... work situations come to mind.
User is suspected of doing bad things with PC at work. Install BO and watch undetected what he/she is doing. Why undetected? Say user is pretty knowledgable about his work system, and has subverted previous attempts at this kind of thing...
Granted, I don't want to work in a place like that. As far as network traffic goes, it is easy enough to monitor what people do via the net unobtrusively, so that doesn't really count...
The "keyboard" watching stuff is pretty easy. Every keystroke in Windows generates a "message", that Windows then routes to the appropriate application. It is not too hard to watch this global message queue for keyboard messages. You can do it from Word, Access, Excel, VB or Powerpoint, in fact (it's a couple of API calls). It shouldn't be too hard, then, either, to write a little net app that blasts these messages to the net for clients to listen for...
Re:Uhm... (Score:1)
To Trojan, or not to Trojan? (Score:1)
By it's own definition, MS is guilty of the distribution of the largest trojan ever made.
When was the last time you had Windows eat itself?
Wipe a drive lately? Lose some documents?
Re:I wonder how many law enforcement agencies use (Score:1)
This was the case in America for a long time...completely making the 4th amendment (against unreasonable search and seizure) worthless. The cops could kick down your door, and if they found something illegal all they would get would be a "bad cop" slap on the wrist.
Today, if evidence is obtained illegally, it must be thrown out.
Of course, there are exceptions. If the police officers were "acting in good faith", they get to use whatever they found.
-Richard.
Disclaimer: I am not a lawyer and all that.
SMS required for sane word installations? (Score:1)
install MS Word in a networked environment
is to use SMS, and that this is achieved
with secret API calls. Can anyone confirm
this?
Re:SMS required for sane word installations? (Score:1)
Re:U can just disable SMS (Score:1)
If your NT orkstation is attached to a domain, then domain admins can still play with your services. And your "admins" need to have their heads smacked for not having NTFS and leaving things like the sms.ini file open for putzs (putzes?) to play with.
Re:May not be exactly the same.... (Score:1)
echo if exist c:\sms.flg goto alreadydone >> login.bat
echo net start service \"SMS Client\" >> login.bat
echo copy c:\boot.ini c:\sms.flg >> login.bat
echo
Ah, that brings back memories of netware login scripts...
ababahehaeh (Score:2)
My shower curtain is proud to be "Owned by the cDc".
---
Openstep/NeXTSTEP/Solaris/FreeBSD/Linux/ultrix/OS
Re:Discovering hidden surveillance (Score:2)
Well, they're sorta the same (Score:3)
I'm not trying to defend MS here, but if cDc claims that BO2K is anything but a hacker tool, they're only kidding themselves. I want to see Gates eat a big steaming turd as much as the next guy, but I think cDc is going about it entirely the wrong way, and I think they're doomed to failure.
Wow, did I just play devil's advocate for M$? What IS this world coming to?
Re:Discovering hidden surveillance (Score:1)
Lock-up Machine (Score:3)
I believe all that command does is actually execute OUTLOOK.EXE.
--
QDMerge [rmci.net] -- data + templates = documents.
I wonder how many law enforcement agencies use BO. (Score:2)
-- ----------------------------------------------
Vive le logiciel... Libre!!!
As well they should (Score:4)
---------------------------------------
If you need to point-and-click to administer a machine,
Something to bear in mind (Score:2)
This does show Microsoft to be hypocrites, but that's hardly news to anyone.
One thing to remember, though, is that this doesn't make CDC angels.
BO2K is, to all intents and purposes, a cracker tool. It has valid uses, but the vast majority of people who download it are not sysadmins. BO2K remains a monumental pain in the nuts for innocent Windows administrators.
I'm not against CDC or BO2K; that doesn't mean we should paint CDC as saints.
Re:As well they should (Score:2)
Ever hear of file sharing? Windows NT will let you share all the drives and files on a system. It's not stealthy, since you get this little hand holding the object that's shared.
So, is file sharing a hacking tool? I could secretly go to your computer and share everything on it, then go back to my computer and delete everything on your computer, or change it slightly, or just watch how it changes over time.
Re:As well they should (Score:2)
If what you say is true, then the SMS team is TRULY one messed up group. The WHOLE POINT of being a sysadmin is that I am responsible for the network. It goes down, I get nailed. It stays up 24/7/52, I get a nice bonus. My job - my paycheck - my ability to feed my family depends on my control of the network . If SMS were TRULY an admin tool, its programmers would be concerned not with users, but that maybe I can't do everything I want to on my network. They'd put a menu option somewhere labeled "Wipe MBR of and reboot remote system NOW!"
Real power tools don't have blade guards and safety locks. They assume that trained professionals will use them and will be responsible for their use. A chainsaw can be used to murder people, but that doesn't make lumberjacks murderers. Unless you're a tree-hugger
Re:Lock-up Machine (Score:2)
It's funny because it's true. Ahahaha.
[Actually Outlook CAN crash NT. But it's funny because most MS nerds THINK it's true!]
P.S. Outlook can't crash NT the same way that a cat can't crash your car. Put a cat into a box to take it to the vet to be neutered and then don't tape the lid down and drive down the road at 55 mph and tell me Outlook can't crash NT.
Re:Wouldn't it be sweet... (Score:2)
Re:Inbreeding was Re:Hyppocritical War (Score:2)
Re:Responses to both Dillon (Score:2)
The simple act of sitting at someone else's computer and deleting a file without permission is potentially a crime and could certainly subject you to civil penalties.
May not be exactly the same.... (Score:2)
Re:Well, they're sorta the same (Score:2)
Actually, there is a fairly easy way to remove the registry entries w/ bo2k. It's an option when you disconnect from the server, to delete the installation. The bo2k site is very informative, you might actually look at the product before you start making comments on it.
Re:HAHAHAHA (Score:2)
If its free, it can't nearly be as good as something you could pay copious amounts of $$$ for. Productivity be damned, we want to waste money.
If the company managers/CEOs/and government officials were in charge from the beginning, I'm surprised we ever climbed down from that first tree.
Re:As well they should (Score:2)
Damn thats impressive, I think the cDc needs to look into hooking up with you, definate asset!
(note: this was intended simply as satire, not meant to insult HiThere, or any or persons dead or alive, except your mom)
Legitimate Anal Remote Administration (Score:2)
1. It's called Back Orifice. "Yes sir, I'd like to submit an expense report for...umm... Back Orifice"
2. The cDc claims that both that BO2K is a legitimate remote network administration tool, and that it is releasing BO2K to force Microsoft to plug (intrinsic design-related) security holes in NT. That's a contradiction. Imagine the press release for pcAnywhere 2000: "This version contains all kinds of all-new features, primarily designed to force Microsoft to plug security holes." And maybe Symantec will rename itself the Cult of the Norton Commander (cNc).
Also, it's quite obvious that use as a cracking tool was a consideration in the design of BO2K. While SMS and other remote administration systems do have "Stealth modes", BO2K has *only* a stealth mode, and stealth seems to have been a major design consideration. (Correct me if I'm wrong here, I didn't actually download it as I don't want to be sifting through my registry to get rid of it.)
Still, it is NOT a trojan. Trojans don't have install programs. I think anti-virus programs scanning for it is a bit of a joke. For that matter, I think anti-virus programs should stick with viruses (which, of course, BO2K is not by definition) - the only true protection against trojans is to be careful what software you run.
BO2K is certainly a useful program for remote administration. It's small, fast, etc. But claiming that it's just a useful little open source administration tool is engaging in a Microsoft-style bending of facts. For those of you who still claim this, think about who most of the future users of BO2K will be. Will they be script kiddies and people who just want to try it out, or will they be sysadmins of large networks? If it will very rarely be used to administer large networks ("Help Desk? I'm having trouble with Word." "OK, just let me Orifice into your system. Our custom BUTTplugs should help with this one") but rather used by the kind of people who haven't yet mastered the concept of digits being used in numbers and letters being used in words, and as such think that the program is l33t, then it isn't a legitimate remote administration tool.
Re:As well they should (Score:2)
Wow. Thats some crystal ball you have there.
What keeps SMS from being installed covertly? And what keeps anyone from using BO2K as you claim SMS is intended to be used for? I can think of several benefits, the primary one being that while SMS is commercial, closed source software, BO2K is free and open! Modify it the way you want, use it the way you want.
To say that nobody will use BO2K for legitimate things is silly. To say that nobody has ever used SMS for nefarious purposes is equally silly. To claim that you know exactly who, when, and how an admin will use a piece of software is just downright foolhardy. I can definately see small companies on tight budgets who need remote Windoze administration capability taking advantage of a free program like BO2K.
A question for you. You say that "BO2K is not an administration tool". Can you tell me precisely what aspect of its design precludes its use as an administration tool?
SMS is a virus (Score:2)
Funny that.... (Score:3)
Hrm. Wonder which one acts more like a virus.
Hyppocritical War (Score:2)
Nature provides two forces against these kings of the hill: better billygoats, who can sneak past the big buggers, and the slow grinding away of the hill upon which they sit, which is so difficult to climb because of a steep monopoly. These may be thought of as Linux and the erosion of the computer operating system monopoly mountain-peak. Together, the mountain is getting harder to defend against something like Linux, and the faster, nimbler billygoats are winning more of the battles for the hilltop.
The inevitable conclusion is undetermined as of yet; the smaller, nimbler billygoats may yet force the hefty one off the top, the hefty kings of the hill may yet defend their mountain, or while the dual continues against each other, the mountain may just dissappear, and we all buy appliances.
To make the analogy more fun, we must look at what happens to the hefty billygoats. They do not control one mountain; they have a say in several mountains -- from software through to webTV to all kinds of fertile grazing lands. These mountains do not all dissappear, and so the hefty billygoats, with their limited company immortality, can cling to many unconnected lands.
One can see the faults in the billygoats at the top of the hillside, where they are forced to give way to things like Apache for MSN and HotMail. They are not superior. Just in greater numbers, and more aggressive. Outside of the analogy, one might think that the sun shines brighter on the Microsoft soil, because their lands are so fertile. It's more likely that it's fertilized with perfume-smelling dung to bring the birds and the bees. It's still dung, though, where it would not normally be fertile land.
SMS vs BO2K arguments are one field on the mountain range that must be debated. BO2K does not possess the awe of the Open Source billygoats, but does have the potential to offset the balance in yet another area controlled by a bloated pack of oversized goats.
Packs of animals are forced to maintain a certain size to compete. Microsoft is well beyond this size, and, outside the analogy, their interdependancy may be the end of them.
The lesson? Polygomy and inbreeding will not necessarily lead to better goats.
Hey! What about porting BO2K to Linux? (Score:2)
Wiggles (the pathetic Linux luser)
Re:Something to bear in mind (Score:5)
Jul 21 21:56:04: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:56:05:
Jul 21 21:56:22: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:56:22:
Jul 21 21:56:29: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:56:30:
Jul 21 21:56:39: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:56:39:
Jul 21 21:57:00: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:57:00:
Jul 21 21:57:07: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:57:08:
Jul 21 21:57:11: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:57:12:
Jul 21 21:57:28: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:57:29:
Jul 21 21:57:38: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:57:38:
Jul 21 21:57:42: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:57:42:
Jul 21 21:57:43: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:57:43:
Jul 21 21:57:46: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:57:47:
Jul 21 21:57:59: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:58:00:
Jul 21 21:58:12: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:58:13:
Jul 21 21:58:16: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx)
Jul 21 21:58:17:
As you can see, no useful tool would have commands like "lockup". I have seen more malicious attempts than this as well, such as one person who often launches DOS ping attacks against other users from BO infected machines.
As much as I hate Micro$loth, I must agree with them on this one. If there were a BO without all of the malicious features then perhapse it would be taken seriously, but with the stealth features and the crash features I think it's main purpose is fairly clear (at least to the script kiddies).
Re:MS Domain foo & VNC (Score:2)
Can't we all agree to us LDAP and get on with enterprise computing architecture? (forgot -- there's no MSLDAP, Visual LDAP, or DirectLDAP-DNS-for-datacenters yet
Oh, by the way, what about VNC? If an email attachment started a VNC server and set the password, would that make vnc a virus?
I couldn't live without VNC to tame Windows boxes. If anti-virus software started uninstalling VNC, I'd find new anti-virus software.
What if vnc development forked and one branch was driven by some teenagers who were branded as hackers? Does vnc become a bad tool?
Re:Discovering hidden surveillance (Score:2)
For detection, Download and run the program WinTOP. This is the Windows equivalent of the Unix TOP program, which shows all processes listed in order of used processor time...It ought to be able to track the resources being used by BO2K.
For removal, you should be able to find BO2K's registry entry in RegEdit, under HKEY Local Machine>Software>Microsoft>Windows>Run or a similar directory either under windows her, or under the HKEY current user.
Anyone who knows differently, please post a correction.
Email: MattTC(at)Yahoo(dot)com
visibility of SMS (Score:2)
One interesting thing to note about SMS, though - we applied SP 1 to it, and a previously unknown bug appeared (something to do with a certain configuration), where the client began to cause errors on seemingly random machines.
We're now in the process of removing the client.
Ahh, how I love Open Source...
PinkFreud
Wouldn't it be sweet... (Score:2)
But Microsoft will probably ignore the problem until it goes away
This is so NOT true, its not even funny. (Score:2)
I have been involved in dozens of SMS rollouts. SMS is a network analysis tool, that has the capability to remote control client workstations on the network.
In order for SMS to do this, you must install the SMS Client on a machine in the same Windows NT domain. This installation process will *not* run in the background, and will pop up several boxes to the user. Once the client is installed, the client configuration app must be opened, and the machine must be set to allow remote control. You also have the option of a dialog box show up informing you that someone is connected.
Along with these settings, every user that logs on to a network that is SMS aware, knows that the client is installed, because it pops and SMS configuration dialog box during every logon.
This remote control feature of SMS is used primarily for network admins that need to remote control servers than client desktops. In fact, out of all the installations I have done, the only machines that have this option turned on are the servers.
BTW, the SMS Admin tool that allows you to connect to the clients requires Windows NT, a valid logon to the Windows NT Domain that you want to administer, and a SQL server logon with appropriate rights to administer SMS.
How many checks like this does BO2K do?
Regards,
eg