Why Does Microsoft Prosper?

Bottom line, copied here:
* If you are using Microsoft Outlook or Outlook Express, quit it. 
Find and use something else.  Here are some suggestions:
http://www.lsit.ucsb.edu/mail/tools/compare.php
* If you are using Microsoft Windows operating system, quit it.  Find
and use something else, like Linux or Macintosh.
=================================

In the last few years, wave after wave of viruses, worms, Trojan
Horses, and other communicable destructive programs have rocked the
Internet.  A very few -- the infamous "Internet Worm" of 15 years ago
for example -- attacked UNIX computers.  Most of the rest attacked
Microsoft computers.

Why has Microsoft been the major target?  Because it is big?

Of course.  Microsoft's size is a factor.  But Microsoft software is
particularly suitable for harboring and proliferating these attack
programs.  Let us consider an analogy.

In days gone by, many wealthy homes employed butlers.  The butler was
a combination bouncer, guard dog, and chief servant, among other
things.   When a visitor came to the door, the visitor had to prove
that he was harmless and worthy of entry before he set foot in the
door, and the butler was the judge.  It was a case of
convince-the-butler-or-stay-out.  That is the normal and expected
behavior of a good email program.

But suppose you had a butler who threw open the door, and immediately
became the personal slave of anyone standing there.
"Run through the house and smash up the precious china."  
"Immediately, Sir."
"Open the safe and hand over the contents."
"Of course, Sir."  
"Publish the master's private conversations."  
"At your command, Sir."

Such is the fatal flaw in Microsoft Outlook email and some other
Microsoft programs.  Usually, the commands in the email are harmless
or even useful magic, and no one minds: enter dates on the personal
calendar, play music, show pictures, etc.  But specially designed
virus/worms can erase files, corrupt programs, download other
programs, publish personal passwords, and mail copies of themselves to
other computers.  Whatever the destructive program tells it to do,
Microsoft Outlook does, with all the power of the computer and all the
authority of a trusted butler gone mad.

The Outlook email software is not the only traitorous servant in the
Microsoft mansion.  A few years ago, vandals were building attack
programs that used the power of the Microsoft spreadsheet program
(Excel) and the Microsoft word processor (Word) as slaves for these
destructive programs.  Currently, a number of worms use "remote
procedure calls" (RPC) to travel between Microsoft systems.  RPC was
recognized a decade ago as a security threat, and it is forbidden by
most conscientious UNIX administrators and designers.

The weakness in Microsoft is this willing obedience to take
instructions from strangers.  Why does the butler take orders from the
stranger who comes to the door?  Isn't this an obvious invitation to
vandals?

Indeed it is, as any review of the virus/worm history shows.  Of the
more than a hundred virus/worms identified by Symantec in the last
month, all of them exploit vulnerabilities in Microsoft.  Certainly,
viruses have attacked Macintosh and Linux computers, but the threats
are relatively rare, as a browse through the virus info library shows.
 But Linux and Macintosh computers often use Microsoft-adopted
programs, and when Linux and Macintosh computers are attacked, it
often comes through Microsoft programs (as does the one virus in the
list that attacks Macintosh -- It infects Microsoft Word documents).

(see http://securityresponse.symantec.com/avcenter/vinfodb.html)

Consider the worm, [EMAIL PROTECTED] for example, a nuisance that
appeared on about August 18, 2003.  This worm comes in on an email
message entitled
*       Re: Details 
*       Re: Approved 
*       Re: Re: My details 
*       Re: Thank you! 
*       Re: That movie 
*       Re: Wicked screensaver 
*       Re: Your application 
*       Thank you! 
*       Your details
and invites the reader to "See the attached file for details."  The
recipient who opens the attached file accidentally turns his computer
over to the worm, which then goes into action.  Among other tricks,
the worm opens the personal address book and floods the net with
copies of itself embedded in emails:

"Email spoofing
[EMAIL PROTECTED] uses a technique known as 'spoofing,' by which the worm
randomly selects an address it finds on an infected computer. The worm
uses this address as the 'From' address when it performs its
mass-mailing routine. Numerous cases have been reported in which users
of uninfected computers received complaints that they sent an infected
message to another individual.

"For example, Linda Anderson is using a computer infected with
[EMAIL PROTECTED] Linda is neither using an antivirus program nor has
the current virus definitions. When [EMAIL PROTECTED] performs its email
routine, it finds the email address of Harold Logan. The worm inserts
Harold's email address into the "From" portion of an infected message,
which it then sends to Janet Bishop. Then, Janet contacts Harold and
complains that he sent her an infected message; however, when Harold
scans his computer, Norton AntiVirus does not find anything, because
his computer is not infected."
(http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED])

To a security professional, the willingness of Microsoft computers to
run hostile software is a staggering vulnerability, and it has become
worse with the newer software, not better.  Almost ten years ago, Sun
Computers published the Java standard, whereby "stranger" software
could be downloaded from the web and run without fear.  Java uses a
"sandbox" to run the stranger program, whereby the stranger is
permitted to do any graphical trick on the screen or sound system, but
is forbidden to touch the file system or use the network.  The
stranger program is locked harmlessly in the sandbox.  Compare this
with the Microsoft model, where the stranger program can open files on
the disk, mail out copies of itself, download other programs, and even
erase important system files, all without the knowledge of the
computer owner.

OK, Microsoft makes imperfect software, you say? What is wrong with
this explanation?

Microsoft has pounded almost every other computer operating system and
software company into the ground.  All the others have shrunk into the
shadows, or disappeared from commercial America.  The computer race
has gone to neither the swift nor the strong, but to a poor, weak,
lowball contender.

The story on this is full of unpublished details.  As long ago as
1993, the US government recognized Microsoft as the Chosen Software,
the obligatory standard.  The government required proposals from
corporations for government contracts to the Defense Department and
other federal agencies to be submitted in printed and electronic form
-- and that electronic form was Microsoft Word.  There were a number
of other word processing programs available at the time, but the
government mandated Microsoft.

This meant that government desks that studied the proposals must all
use Microsoft.  It also meant that corporations that hoped to do
business with the federal government must all use Microsoft.

A year or so later, the Defense Department mandated that every Defense
desktop computer must use Microsoft.  Hundreds of thousands of
desktops became locked into the Chosen customer base.

When the Defense Department settled on a design for the mighty Defense
Messaging System to carry the ultra-secret messages of the military,
Microsoft was again the chosen platform -- for about another million
systems.  Look again at the catalog of worms discovered in the month
of August, 2003 (see
http://securityresponse.symantec.com/avcenter/vinfodb.html), and
consider -- why Microsoft?

In the mid-1990s, Microsoft invented Active X and used it for web page
magic in competition with Java.  So many security holes were found in
Active X, it died the terrible death of infamy.

When the destructive macro worms first started appearing in the late
1990s, infecting Word documents and emails, who was blamed by the FBI?
 Computer administrators who failed to run a tight ship, of course,
and university punks who deserve jail time for writing prank worms. 
Not a single word of opprobrium was spoken about the soft underbelly
of Microsoft.

Scan any news article about computer worms and viruses -- is the
Microsoft weakness ever mentioned?  Never.  Yet look at this
evaluation of email packages by the College of Letters and Science,
University of California, Santa Barbara. 
http://www.lsit.ucsb.edu/mail/tools/compare.php

Of Microsoft Outlook, LSIT says: "Often used to propagate viruses." 
Microsoft Outlook is only program mentioned with that vulnerability.

If Ford Motors produced cars that ran on bubble gum tires instead of
vulcanized rubber, would you expect to see Ford become the Chosen
Automobile of the future?  Put in other words, Why Does Microsoft
Prosper?

It seems that Microsoft prospers because the US Government wants it
that way.  Can anyone think of another reason?

Few people know anything else exists beyond Microsoft, bugs, worms,
and problems.

One part of that can still be solved, now, today.  

* If you are using Microsoft Outlook or Outlook Express, quit it. 
Find and use something else.  Here are some suggestions:
http://www.lsit.ucsb.edu/mail/tools/compare.php  Also try Opera from
http://www.opera.com.  Some of those programs are free.

* If you are using Microsoft Windows operating system right now, quit
it.  Find and use something else, like Linux or Macintosh.  Linux is
cheaper, Macintosh is easier.  Microsoft programs, even on these
systems, have often  provided easy access for worms and viruses.  In
this respect, a Microsoft program operates as a Trojan Horse in a
system that is otherwise secure.

If civilian America insists on using Microsoft, it is easy to predict
what will happen next:  Civilian America will be so overwhelmed with
worms, viruses, Trojan Horses, and other bugs that civilian America
will scream for an end to free e-mail and information interchange --
and the monopoly on information will be returned to the Media Lords.

====
Some Definitions:

Virus: A small, parasitic computer program.  The virus analogy comes
about because viruses often function by attaching themselves to
legitimate programs, and because they have the ability to replicate
themselves, copying from one program to another.  When an infected
program is copied to another computer, the virus is passed also. 
Viruses are often designed to harm or destroy the host system.

Worm: A virus with additional network intelligence so that it can
"crawl" through a network infecting computers as it goes.  The worm
[EMAIL PROTECTED] reads address books and mails itself to other
computers.  There are many email worms, and there are other types of
worms, too.

Trojan horse: A "con-man" program that contains hidden destructive
functionality.  For example, Program X is advertised as a cheap
firewall that stops virus infections.  On test, Program X does that,
but it also records credit card numbers as they are entered for
Internet purchases, and secretly mails the information to the thief.

The FBI has publicly discussed using Trojan Horse programs to capture
file encryption passwords, so that the FBI can decrypt and read the
files when they seize computers for evidence.

Your correspondent,
Patch Metrix
"Code not tested is code not working."