Re: Why Does Microsoft Prosper?

Problem hardware manufacturers are committed to using MS stuff.

Salutations


"Patch Metrix" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Bottom line, copied here:
> * If you are using Microsoft Outlook or Outlook Express, quit it.
> Find and use something else.  Here are some suggestions:
> http://www.lsit.ucsb.edu/mail/tools/compare.php
> * If you are using Microsoft Windows operating system, quit it.  Find
> and use something else, like Linux or Macintosh.
> =================================
>
> In the last few years, wave after wave of viruses, worms, Trojan
> Horses, and other communicable destructive programs have rocked the
> Internet.  A very few -- the infamous "Internet Worm" of 15 years ago
> for example -- attacked UNIX computers.  Most of the rest attacked
> Microsoft computers.
>
> Why has Microsoft been the major target?  Because it is big?
>
> Of course.  Microsoft's size is a factor.  But Microsoft software is
> particularly suitable for harboring and proliferating these attack
> programs.  Let us consider an analogy.
>
> In days gone by, many wealthy homes employed butlers.  The butler was
> a combination bouncer, guard dog, and chief servant, among other
> things.   When a visitor came to the door, the visitor had to prove
> that he was harmless and worthy of entry before he set foot in the
> door, and the butler was the judge.  It was a case of
> convince-the-butler-or-stay-out.  That is the normal and expected
> behavior of a good email program.
>
> But suppose you had a butler who threw open the door, and immediately
> became the personal slave of anyone standing there.
> "Run through the house and smash up the precious china."
> "Immediately, Sir."
> "Open the safe and hand over the contents."
> "Of course, Sir."
> "Publish the master's private conversations."
> "At your command, Sir."
>
> Such is the fatal flaw in Microsoft Outlook email and some other
> Microsoft programs.  Usually, the commands in the email are harmless
> or even useful magic, and no one minds: enter dates on the personal
> calendar, play music, show pictures, etc.  But specially designed
> virus/worms can erase files, corrupt programs, download other
> programs, publish personal passwords, and mail copies of themselves to
> other computers.  Whatever the destructive program tells it to do,
> Microsoft Outlook does, with all the power of the computer and all the
> authority of a trusted butler gone mad.
>
> The Outlook email software is not the only traitorous servant in the
> Microsoft mansion.  A few years ago, vandals were building attack
> programs that used the power of the Microsoft spreadsheet program
> (Excel) and the Microsoft word processor (Word) as slaves for these
> destructive programs.  Currently, a number of worms use "remote
> procedure calls" (RPC) to travel between Microsoft systems.  RPC was
> recognized a decade ago as a security threat, and it is forbidden by
> most conscientious UNIX administrators and designers.
>
> The weakness in Microsoft is this willing obedience to take
> instructions from strangers.  Why does the butler take orders from the
> stranger who comes to the door?  Isn't this an obvious invitation to
> vandals?
>
> Indeed it is, as any review of the virus/worm history shows.  Of the
> more than a hundred virus/worms identified by Symantec in the last
> month, all of them exploit vulnerabilities in Microsoft.  Certainly,
> viruses have attacked Macintosh and Linux computers, but the threats
> are relatively rare, as a browse through the virus info library shows.
>  But Linux and Macintosh computers often use Microsoft-adopted
> programs, and when Linux and Macintosh computers are attacked, it
> often comes through Microsoft programs (as does the one virus in the
> list that attacks Macintosh -- It infects Microsoft Word documents).
>
> (see http://securityresponse.symantec.com/avcenter/vinfodb.html)
>
> Consider the worm, [EMAIL PROTECTED] for example, a nuisance that
> appeared on about August 18, 2003.  This worm comes in on an email
> message entitled
> * Re: Details
> * Re: Approved
> * Re: Re: My details
> * Re: Thank you!
> * Re: That movie
> * Re: Wicked screensaver
> * Re: Your application
> * Thank you!
> * Your details
> and invites the reader to "See the attached file for details."  The
> recipient who opens the attached file accidentally turns his computer
> over to the worm, which then goes into action.  Among other tricks,
> the worm opens the personal address book and floods the net with
> copies of itself embedded in emails:
>
> "Email spoofing
> [EMAIL PROTECTED] uses a technique known as 'spoofing,' by which the worm
> randomly selects an address it finds on an infected computer. The worm
> uses this address as the 'From' address when it performs its
> mass-mailing routine. Numerous cases have been reported in which users
> of uninfected computers received complaints that they sent an infected
> message to another individual.
>
> "For example, Linda Anderson is using a computer infected with
> [EMAIL PROTECTED] Linda is neither using an antivirus program nor has
> the current virus definitions. When [EMAIL PROTECTED] performs its email
> routine, it finds the email address of Harold Logan. The worm inserts
> Harold's email address into the "From" portion of an infected message,
> which it then sends to Janet Bishop. Then, Janet contacts Harold and
> complains that he sent her an infected message; however, when Harold
> scans his computer, Norton AntiVirus does not find anything, because
> his computer is not infected."
>
(http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
)
>
> To a security professional, the willingness of Microsoft computers to
> run hostile software is a staggering vulnerability, and it has become
> worse with the newer software, not better.  Almost ten years ago, Sun
> Computers published the Java standard, whereby "stranger" software
> could be downloaded from the web and run without fear.  Java uses a
> "sandbox" to run the stranger program, whereby the stranger is
> permitted to do any graphical trick on the screen or sound system, but
> is forbidden to touch the file system or use the network.  The
> stranger program is locked harmlessly in the sandbox.  Compare this
> with the Microsoft model, where the stranger program can open files on
> the disk, mail out copies of itself, download other programs, and even
> erase important system files, all without the knowledge of the
> computer owner.
>
> OK, Microsoft makes imperfect software, you say? What is wrong with
> this explanation?
>
> Microsoft has pounded almost every other computer operating system and
> software company into the ground.  All the others have shrunk into the
> shadows, or disappeared from commercial America.  The computer race
> has gone to neither the swift nor the strong, but to a poor, weak,
> lowball contender.
>
> The story on this is full of unpublished details.  As long ago as
> 1993, the US government recognized Microsoft as the Chosen Software,
> the obligatory standard.  The government required proposals from
> corporations for government contracts to the Defense Department and
> other federal agencies to be submitted in printed and electronic form
> -- and that electronic form was Microsoft Word.  There were a number
> of other word processing programs available at the time, but the
> government mandated Microsoft.
>
> This meant that government desks that studied the proposals must all
> use Microsoft.  It also meant that corporations that hoped to do
> business with the federal government must all use Microsoft.
>
> A year or so later, the Defense Department mandated that every Defense
> desktop computer must use Microsoft.  Hundreds of thousands of
> desktops became locked into the Chosen customer base.
>
> When the Defense Department settled on a design for the mighty Defense
> Messaging System to carry the ultra-secret messages of the military,
> Microsoft was again the chosen platform -- for about another million
> systems.  Look again at the catalog of worms discovered in the month
> of August, 2003 (see
> http://securityresponse.symantec.com/avcenter/vinfodb.html), and
> consider -- why Microsoft?
>
> In the mid-1990s, Microsoft invented Active X and used it for web page
> magic in competition with Java.  So many security holes were found in
> Active X, it died the terrible death of infamy.
>
> When the destructive macro worms first started appearing in the late
> 1990s, infecting Word documents and emails, who was blamed by the FBI?
>  Computer administrators who failed to run a tight ship, of course,
> and university punks who deserve jail time for writing prank worms.
> Not a single word of opprobrium was spoken about the soft underbelly
> of Microsoft.
>
> Scan any news article about computer worms and viruses -- is the
> Microsoft weakness ever mentioned?  Never.  Yet look at this
> evaluation of email packages by the College of Letters and Science,
> University of California, Santa Barbara.
> http://www.lsit.ucsb.edu/mail/tools/compare.php
>
> Of Microsoft Outlook, LSIT says: "Often used to propagate viruses."
> Microsoft Outlook is only program mentioned with that vulnerability.
>
> If Ford Motors produced cars that ran on bubble gum tires instead of
> vulcanized rubber, would you expect to see Ford become the Chosen
> Automobile of the future?  Put in other words, Why Does Microsoft
> Prosper?
>
> It seems that Microsoft prospers because the US Government wants it
> that way.  Can anyone think of another reason?
>
> Few people know anything else exists beyond Microsoft, bugs, worms,
> and problems.
>
> One part of that can still be solved, now, today.
>
> * If you are using Microsoft Outlook or Outlook Express, quit it.
> Find and use something else.  Here are some suggestions:
> http://www.lsit.ucsb.edu/mail/tools/compare.php  Also try Opera from
> http://www.opera.com.  Some of those programs are free.
>
> * If you are using Microsoft Windows operating system right now, quit
> it.  Find and use something else, like Linux or Macintosh.  Linux is
> cheaper, Macintosh is easier.  Microsoft programs, even on these
> systems, have often  provided easy access for worms and viruses.  In
> this respect, a Microsoft program operates as a Trojan Horse in a
> system that is otherwise secure.
>
> If civilian America insists on using Microsoft, it is easy to predict
> what will happen next:  Civilian America will be so overwhelmed with
> worms, viruses, Trojan Horses, and other bugs that civilian America
> will scream for an end to free e-mail and information interchange --
> and the monopoly on information will be returned to the Media Lords.
>
> ====
> Some Definitions:
>
> Virus: A small, parasitic computer program.  The virus analogy comes
> about because viruses often function by attaching themselves to
> legitimate programs, and because they have the ability to replicate
> themselves, copying from one program to another.  When an infected
> program is copied to another computer, the virus is passed also.
> Viruses are often designed to harm or destroy the host system.
>
> Worm: A virus with additional network intelligence so that it can
> "crawl" through a network infecting computers as it goes.  The worm
> [EMAIL PROTECTED] reads address books and mails itself to other
> computers.  There are many email worms, and there are other types of
> worms, too.
>
> Trojan horse: A "con-man" program that contains hidden destructive
> functionality.  For example, Program X is advertised as a cheap
> firewall that stops virus infections.  On test, Program X does that,
> but it also records credit card numbers as they are entered for
> Internet purchases, and secretly mails the information to the thief.
>
> The FBI has publicly discussed using Trojan Horse programs to capture
> file encryption passwords, so that the FBI can decrypt and read the
> files when they seize computers for evidence.
>
> Your correspondent,
> Patch Metrix
> "Code not tested is code not working."