My Computer Is On Drugs - Help!
By Gerry Patterson
The phrase Microsoft Security could be considered an oxymoron.
Security? What security?
Much of the problems with Microsoft security stem from the companies
obsession with market strategy. Microsoft has concentrated
attention on how their product is positioned and how it will inter-relate
with other products, but the company often neglected security because
the requirements conflicted with user friendliness.
Your Computer is on drugs! Click anything for Rehab.
Beware of programmers carrying screwdrivers!
-- Old Engineers' Proverb.
Now I'm going to divulge a little secret. But please don't broadcast it, ok? A few decades ago, I actually worked in PC support! I hate hardware problems, so when I found myself dealing with an increasing number of hardware problems, I contrived to delegate the hardware problems. This was on the grounds of: "If you don't like a particular job, don't get good at it!". On the other hand a savage downsizing initiative had meant that it was beginning to look as if I would be the only one left to do the work.
And so I found myself contemplating some very green lawns in front of a jungle of pipes and cylinders as I sat at a computer screen. What I could see was the labyrinthine machinery of chemical manufacturing. Sunlight slanted through the half-open venetian blinds in my office in the western suburbs of Melbourne. I left the blinds open because the sunlight helped keep me awake. I was struggling to keep my eyes open as I filled out a mind-numbing report to management on my activities to date.
George, the sole remaining member of the PC support group to whom I could delegate hardware support, entered my office, leaned against the door jam, crossed his arms and announced,
"Well, that's it ... we're all stoned."I looked at him quizzically, and raised one eyebrow. Had he completely lost his mind?
"Yep, we're all stoned ... on marijuana."
He lounged against the door with a silly smirk on his face. "Not bloody likely!", I replied. Ok, the sixties and seventies were wild times and some punters had inhaled a little deeper than Bill Clinton in those smoke-filled rooms. But those days were long gone. So I set out to investigate the source of this mind-altering disturbance. I decided to leave the screwdriver in the filing-cabinet since George assured me I would not need it.
We took a short cut through the fire exit out past the over-watered lawns. The dense green luxuriance helped high-light some footprints made by an unknown worker from the glyphosate plant. Trace amounts of the well known herbicide on the soles of his boots would ensure that the unknown walker's size ten prints would remain on the lawn as a monument to the power of chemicals to alter our biosphere. We ended up inside the labrynth of pipes that surrounded my office, talking to one of the foremen, our heads bent close to one another as we shouted to be heard above the constant rumble of machinery. After a brief confabulation, we crowded into a room that was so tiny it could hold barely one person, let alone all three of us.
Connected to some monitoring equipment was an IBM XT which had seen better days. The machine was covered with a layer of dust so thick that it almost undergone a colour change. Normally this machine was concerned with the chemicals that came out of the styrene plant. Now however, it was being used to proselytise for an entirely different chemical. The green screen contained only these words:
This computer is stoned. Legalise marijuana!
I had already heard about the infamous marijuana virus. This was the first time that I had encountered one however. I removed the virus from the hard disk and took the floppy disk that was in the drive back to my office. There I reverse assembled the boot portion of the disk. I don't have a copy of that code anymore but it was remarkably simple. Whenever the computer was switched on or rebooted the program would be the first thing that the computer ran after the BIOS checks. It would stay in memory and wait until a disk access was performed. Whenever it was it would place a copy copy of itself on the disk. If the computer had a fixed disk it also inserted a copy of itself in the Master Boot Record. I have forgotten the mechanism that was used to determine whether the message would be displayed. But the result was that the stoned message would be displayed on about twenty-five per cent of reboots At this point I should digress and consider the prehistory of computing. Back in the cretaceous, when computing dinosaurs ruled the world, they used to be built from very expensive components. This meant that computer resources were very expensive. These resources were CPU time which was the amount of time that the computer spent thinking about a process, mass storage, which was often some form of magnetic storage and printing resources. Most computing centres kept a record of how much of these resources each user consumed and billed them accordingly. The bill may not have been invoiced and often served as a record for various departments that the computing centre served. Whether or not they were actually billed, Computer Operating Systems were usually constructed to share these expensive resources amongst many users and to record how much they used.
Then there was the IBM PC, which wasn't actually an IBM product. It was a Microsoft-Intel PC. But the IBM badge gave the machine credibility with the business sector. The machines were built from components that were comparatively cheap, although they would seem ludicrously over-priced by today's standards, they were cheaper then the older mainframes by orders of magnitude. And it soon became appararent that they had computing power that was far in excess of the of the mainframes when measured as bang per buck. The key to this affordability was mass-production. Large numbers of IBM PCs meant a lower per-unit cost. Soon the number of IBM PCs became vast.
And they were almost identical.
This is to say the machines all used similar hardware, architecture and startup firmware. This firmware was known as the Basic Input Output System (BIOS). The software was also largely identical. The Operating system, PC-DOS, had been supplied by Microsoft and each release was shipped as an identical binary. This was only possible because the machines were identical. Prior to this Operating systems would often need to be compiled or tailored for each installation. Now the operating system was pre-compiled, which saved time, space and, of most interest to burgeoning software corporations, kept the source code secure. The distribution model that resulted allowed the same economies of scale to apply to Operating System software. Herein lay the great strength of the PC. This overall cost-effectiveness fueled the PC revolution.
It was also a great weakness. It presented a security hole big enough to drive a bus through.
The PC devoted all those previously expensive resources to a single user. The system owner, the system manager, the application manager, the systems programmer, the database manager, the operations manager, the operations staff and the user community were now all the same person. One bum on one seat in front of one screen. The designers of the original PC realised this and they assumed that there was no need for security. After all it was unlikely that a system owner would cheat on himself or attack himself. And the designers of the original operating system made a similar assumption.
When the system was switched on the first task executed by the CPU was the BIOS program. This went through a series of preliminary checks and, having established which storage devices were connected to the computer, started searching those devices. The first device (called device zero), was the floppy disk. Then device number two (the fixed disk) was searched. If something was found, it loaded it and executed it. And this is the important part. The BIOS program would pass control to anything residing in the boot sector of a floppy disk or the master boot record of the fixed disk. For those of you who still remember floppy disks, the following message will be familiar:
Non system disk or disk error, replace and strike any key ...
This message was probably responsible for the destruction of many keyboards. On reflection it probably would have been preferable to have written something like gently press any key ... rather than strike any key ... Many computer users took this message to heart and hammered the living daylights out of their hapless keyboard whenever it appeared! However, the message had not been put there to encourage the manufacture of new keyboards, it appeared because it had been displayed by a small program embedded in the boot sector of the floppy disk. The format procedure for floppy disks has changed very little and the program is still put there by processes which prepare the disk for writing. As far as programs go, the little program is extremely simple. It merely prints the message and halts. This is because the BIOS program has its' usual checks and passes control to whatever it finds in the boot sector. The stoned virus replaced this program with its' own version. The new version still printed out the message ... but it did not halt. The program remained resident. So when a user stuck out at the keyboard, in search of the any key, there was an uninvited hidden guest in the system ... no matter how forceably the long-suffering keyboard was struck.
The famous "Stoned virus" was the precursor of many other programs that also came to be known by the misnomer of virus. The reason for the name was the mechanism by which these mischevious programs propagated. The offending program would attach a copy of itself to a location that would enable it to run again. This was supposedly similar to the way that a biological virus would propagate. Although in nature the elegance and adaptability of a real virus far surpasses anything that has ever been written for computers.
In the case of the boot partition virus the program would attach copies of itself to the boot sector of a floppy disk. Other programs might attach copy of themselves to executables that had names ending in .EXE or .COM. The weakness that a so-called virus would exploit would be due to the single machine and single owner architecture of the PC. The MS-DOS operating system gave complete ownership of the machine to any program that was executing. This is quite reasonable given that it was intended to run only one program for one user. So a program that was running on a PC could do virtually anything it wished. Other operating systems that were intended for many users would place limits based who owned the program. Each user had rights (or privileges) which enabled them to access certain computing resources. But an MS-DOS program had no restrictions. Except of course the physical limit of crashing (and hence coming to a halt).
The wave of "viruses" which followed in the late eighties spawned a new industry. The so called "innoculation" programs. In keeping with the undeserved misnomer of "virus", these all adopted medical terminology that would have been more appropriate for the arena of public health. Computers that had run one of the malicious programs were said to be "infected" and the anti-virus software would "innoculate" your machine. Since the programs that caused such mischief were exact copies of an original, all the anti-virus software did was look for a "virus-signature", which was a chunk of sufficient length to uniquely identify it as part of the virus.
Microsoft had given the world a new industry. The anti-virus industry for computers. And it was an industry that would keep many software developers employed for years to come.
Connecting ... Your computer is now connected!
This is all very well when the PC sits in a corner with a printer attached to a parallel port and perhaps some serial input devices. Before long the PC was put to many other uses. One of the more common uses was as a so-called dumb terminal. In this role, the PC usually served a dual purpose, pretending to be a terminal connected to an internal network, while offering many of the processing capabilities which made it attractive as a terminal. It soon became possible to link PCs together into networks. At first this growth was almost invisible to the corporate data centres.
And there was the Internet.
After the widespread adoption of the Internet it was possible to disseminate mischevious software much more rapidly than when executables had to be physically transported on floppy disks.
Within the space of a few years, the PC could be connected to huge numbers of other computers and there was a dramatic evolution in networking technology and computer component manufacturing, especially chip manufacturing. The basic structure of the Microsoft operating system and the firmware of the PC did not change all that much. Close examination of the Microsoft-Intel platform reveals many remnants of the past structure. Rather than undergo a dramatic structural change which might jeopardise the Microsoft-Intel market position, the platform has, in effect, put on new clothes. This consists of many layers of cumbersome garments and an extremely thick and shiny lacquer of marketing and hype. Strip these many layers away however, and much remains of the original Microsoft-Wintel product. The approach that Microsoft took to security was to add the user management components as one of these many layers.
This meant that security was an after thought. This may have worked had Microsoft been committed to the idea of security. However the primary focus of the corporation was consolidating and maintaining market share. This meant that the software had to be User Friendly. This term grew into accepted parlance in the late eighties. Many MacIntosh enthusiasists claim the word as their own. Microsoft adopted it, in order to differentiate themselves from IBM. The inference to consumers was that the mainframe and the mid-range machines were User Unfriendly. Much of this unfriendliness was security related. The insistence on logins and passwords, the constant requirement to remember and change passwords. Procedures performed on these large enterprise systems kept running up against security related barriers. Although it is true that the user interface seemed cumbersome and security appeared to be considerable burden, much of it was necessary. Most PC users would gain a little wisdom as they interacted with their machine, and with this came the realisation that there were certain commands like "fdisk" and "format c:" that they would be well advised to leave for more knowledgeable or experienced users. In the case of mainframe however, one could only imagine the pandemonium that would ensue if any user could run the equivalent of "format c:" on a corporate enterprise database used by thousands of users world-wide.
Security and "friendliness" are mutually exclusive. The user-friendly approach which was successfully promoted by Apple and then adopted so enthusiastically by Microsoft assumes that each individual is working on data that is important to his or her own endeavours. Once a group of people start working on data which becomes important to the group or the corporation, the issue of security increases geometrically with the size of the group. The problem for the user-friendly approach is that recent trends in computing have tended towards sharing of data and consolidation of databases. Whereas the low-security user friendly mindset remains appropriate for the stand-alone PC of the eighties.
Strategic Software
Microsoft has always regarded market strategy as one of the most important components of their enterprise. These days they don't refer to their products as strategic. The strategy has become one of the most contentious elements of their corporate behaviour. Although they don't use the word anymore, they have consistently promoted software which aids the corporation in the process of locking users into continued use of all their products whilst locking competitors out. There are many examples of strategic decisions that would have conflicted with security concerns. However for Microsoft there has been no conflict. The Microsoft strategy takes precedence. Some examples of strategic decisions which impact on security are:
- The Registry: If the Microsoft Registry had been invented first, what a marvellous invention the unix environment space would have seemed! After out-growing ye olde autoexec.bat, config.sys, and various .ini files of its' childhood, the new bigger and considerably more bloated Windows adopted a scheme of storing configuration data in databases which resided as hidden and/or system files on the hard disk. The dilemma which faced Microsoft was the need to balance the requirement for access to these files with the need to restrict access due to security implications. The Registry is used so widely by so many processes for so many tasks that restricting access could add fearsome complexity to the procedures for installing and/or maintaining (and in some cases simply running) applications. On the other hand allowing easy access could (and does) represent a serious security hazard. True to form the brains' trust at Redmond identified ease-of-use as the most important criterion. This does not mean that it is impossible to secure the Registry. However, the default setups are not secured. This is especially true of the earlier versions of Windows that do not use the NTFS file system.
- Visual Basic: In an effort to unify the various components of the desktop under a single rooftop, Microsoft promoted the use of Visual Basic. This departed radically from the original BASIC. The MS version became a hybridised procedural language with an IDE that offered easy access to the Windows libraries. The language was used in the Office products, replacing the older Macro languages. Visual Basic is a powerful tool and could offer a fast and efficient way to organise the desktop. This is the case for users who only ever receive programs that have been written by a competent and trusted colleague. Unfortunately Visual Basic and Visual Basic Script are also powerful tools for causing mischief. And not everyone who sends you a script is your good friend and trusted ally. Once again Microsoft has chosen the path of ease-of-use. This is because the process of establishing whether or not a particular program is trustworthy can be very tedious and involve a considerable amount of user education. And who wants smart users? Smart user might do something like change software platforms.
- File Associations: By themselves, VB and registry vulnerabilities might be something that users could cope with, were it not for another strategy adopted for creating file associations with application software. File types, on the older MS-DOS systems were denoted with a suffix (extension) up to three characters in length. This scheme continued into Win 9x/NT/2000. The file types have applications associated with them. These applications will be called up whenever a file of that type is referenced. For example, a system with Microsoft Office will have Microsoft Word associated with files of the .doc type. Clicking on these files or entering a filename at the command line with a .doc suffix will initiate the Word application (if it is not already running) and load the particular document. Once again the well-worn path of ease-of-use was the chosen. Most dangerous were the associations with scripting engines which Microsoft refer to as active scripting. Generally when Microsoft refer to something as being active it should raise an alert in the minds of wary customers. By creating large numbers of file associations, without informing them, less wary Microsoft consumers have, in a sense, been trained to use the mouse to point and click, in the same way that Pavlov's dogs were trained to salivate when a bell was sounded. Rather than cause their customer base unnecessary brain strain by worrying unduly about such technical matters, the default settings for Windows are set to hide file types associated with applications, showing instead an icon for the application. The message had been reinforced so often that a well-trained Microsoftie would click on almost anything, without thinking.
- Microsoft Outlook: The final weak link in this strategic chain on the client side is the Microsoft mail user agent (MUA). It is, of course, Outlook by name and outlook by nature, because this MUA gives the user a distinct Microsoft outlook on the Internet. In an attempt to persuade (coerce?) users into adopting HTML mail, earlier versions of Outlook would display plain text e-mails (until recently, the universal standard) in a proportional font! It is difficult to see how this was anything other than a deliberate ploy to make plain text e-mails appear broken. Less well-informed computer users would no doubt conclude that there was something wrong with those "old-fashioned" plain text e-mails, and feel indebted to Microsoft and their team of smart programmers for setting up their MUA to send all that lovely HTML e-mail, and "fix" those broken plain text e-mails. With the default settings for HTML mail, the users could be assured of an almost seamless Microsoft experience. They would see HTML in the MUA window, which could be called seamlessly from the Microsoft browser and if they saw anything ... anything at all ... they could just click on it and be taken just as seamlessly to another Microsoft application that would display the document. The justification for this scheme was ease-of-use, but the strategy was clearly intended to lock customers in and competitors out. The file file types and their associations were also embedded deeply in the MUA, making Outlook probably the biggest single threat to computer security. (See the discussion below).
- Microsoft Servers: It was in the server market that the Microsoft security blanket really began to unravel. Although there are security holes in many operating systems, the attempt to integrate the entire chain from server to client resulted in some of the most serious security threats to date. Fortunately the early versions of Nimbda were flawed, and the worm failed to spread as rapidly as it might have. Most of the security flaws that have afflicted IIS have been due to an attempt to offer features to web clients and to get these features out the door as soon as possible. Once again it was strategic imperatives which dictated the outcome. Potential security threats were overlooked, because it was deemed more important to offer platform-dependent features from Microsoft servers. Most of this runs counter to the structure of the Internet, which is meant to be platform-independent.
The Microsoft Outlook: Smart Software For Dumb Users
Microsoft Outlook has became the single biggest threat to computer security that the world had ever seen. The most remarkable practical demonstration of the extent of this threat was the extraordinary "ILOVEYOU" trojan horse. Ok everyone called it a "virus" so I will keep with the established nomenclature. The most troubling thing about this program was the ease and rapidity of its' dissemination. As the dawn rays of the sun swept around the globe so did the "ILOVEYOU" virus, as office workers around the world clicked on their morning inboxes. Fortunately the program, was nothing more than a harmless little jape written in visual basic with an appealing subject. After all everyone wants to be loved. And what better e-mail could one discover first thing in the morning than a message from a secret admirer? Had the "ILOVEYOU" script been armed with a deadly "payload" or been part of a suite of malicious batches, the PC community could have been bleeding from every Microsoft orifice on that May morning in 2000.
The principal (only?) argument in favour of the Microsoft outlook was to make life easier for users. Why should users have to learn about files, file types and applications? Why should they have to know what a file is? What a program is? After all many users found these concepts difficult to comprehend! Why not let them just click on something? Why not leave the hard stuff about files and file types up to the brains' trust in Redmond? The problem was that those users who found such concepts difficult were precisely the users who should not be clicking on things!
If the same approach were taken with heavy machinery or motor vehicles it would be a recipe for disaster. No sane person would challenge the convention that drivers should have to understand and recognise common controls like the steering wheel and brake pedal. No one would ask why should motorists learn to drive? Why should they learn about road rules? The prospect of handing over complete and unsupervised control of a half tonne of rapidly moving metal and rubber to a novice without any preliminary training would be alarming to say the least. Software just doesn't have the same mass or momentum as motor vehicles ... so we don't need the same stringent safeguards ... right?
With an impressive marketing campaign, firms like Microsoft have convinced many consumers that a smart terminal could and should be used by dumb users. User don't have to know or learn anything about what's happening under the floorboards, because all the intelligence is inside the computer. Not only has the public been persuaded that this is a desirable state of affairs, but that furthermore it is actually achievable. The lamentable state of personal computing security is largely due to the deliberately dumbed-down approach to user interfaces. The dumbing-down of the interface is in effect treating users as if they are too stupid to do simple tasks like decide where to save an attachment that is sent as part of an e-mail, or what type of application might be used to open the attachment. According to this school of thought a general user would be incapable of a preliminary investigation of the attachment to see if it is what it purports to be. Such an approach over-rates the intelligence of Microsoft software as much as it under-rates the intelligence of their customers. Some Microsoft users are reasonably intelligent people. There may even be several genuine rocket scientists amongst them. If they are smart enough to learn how to drive motor vehicles, fly airplanes, perform brain surgery, cook meals etc, they could easily be taught about the concepts of files, data storage and application software.
If Microsoft was attempting to integrate all their applications out of a genuine concern for their customers, it might be possible to forgive the occasional lapses in security. However the primary reason for integration has been too lock customers in. The user friendliness is a sugar coated pill designed to paralyse the unwary user and ensnare them forever in the dumbed-down Microsoft user interface. Rather than occasional lapses, Microsoft seems to have shown a complete disregard for security implications. And most of these problems have arisen because of strategic concerns. Like good boy scouts the Redmond lads offer to help confused users across dangerous intersections. But not all the way across ... The unfortunate partially sighted user winds up stranded on a traffic island in the middle of the highway! A permanent prisoner of the boy scouts from Redmond! Unfortunately the only escape route for them is self-help. They must learn how to see the traffic. And how to safely cross roads by themselves.
The boy scouts from Redmond will be doing their best to prevent their customer base from smartening up. If users get smart, they will stop purchasing Microsoft products.
BIBLIOGRAPHY:
DOE-CIAC | An Old DOE bulletin about the infamous Kiwi export, "The Stoned
(Marijuana or New Zealand) Virus on MS DOS Computers", is sadly no longer
available. The webpage that was displayed on their site had all the
flavour of antiquity appropriate for the subject matter.
|
Richard Forno | At the time of writing there was a classic white paper on the dangers
posed by Microsoft, available on the Info Warrior website, with the
title: Microsoft: A Proven Danger to National Security. It no
longer seems to be available at it's former URL. Even though it was
written 2002, much of it would still be relevant today.
|
Richard Forno | Forget California, it's time to recall Microsoft
Since this was first written, the "Blaster" fiasco has given
further entertainment. This article by Richard Forno is still
available. It is proof yet again that the word "Microsoft
security" is indeed an oxymoron. As it turns out, the "Blaster"
worm was yet another warning shot. Yet another silly little prank.
We can only wonder, how long it will be before one of these
programs is truly armed and dangerous rather than a puerile and
innocuous bit of mischief?
|