Microsoft has published a scathing response to the general alarm over Back Orifice, a remote Windows administration utility for hackers (CI No 3,467). The company correctly points out that a victim must have installed or been tricked into installing the Cult of the Dead Cow’s hacker software on their machine, that the attacker must know the victim’s IP address, and that the attack won’t work through a firewall. All these factors mitigate the threat presented by Back Orifice. However Microsoft then goes on to say that users following safe computing practices are not at risk. According to the security bulletin, safe computing practices are: having a computer unconnected to the outside world; having a dialup connection through an internet service provider; or placing a firewall between the computer and potential attackers. That only leaves those users who have a permanent internet connection but no firewall. Any other company would call such a group a developer community, but to Microsoft it’s an insignificant minority. The company also takes the opportunity to tout Windows NT as a secure platform for mission-critical applications, since that platform is not vulnerable to this particular attack. Hacker source AntiOnline agrees with Microsoft that Back Orifice is no threat as long as victims don’t install the Trojan Horse application. Trouble is, many victims won’t even know they are installing it. The software can piggyback on executable files in email, software patches, web downloads and so on. So, how do you protect yourself? writes AntiOnline founder John Vranesevich in an editorial. Simple, don’t install ANYTHING that you haven’t gotten from a ‘trusted source’. What’s a ‘trusted source’? Well, that’s up to you to decide.
