Deja Vu #09 13 ноября 1999

Another world - The illusion of safety: Terrifying tales of Windows security and the Internet (Part One).

(C) Dmitry Simanenko
__________________________________________


 SCARY TALES ON THE SAFETY OF WINDOWS AND

                 INTERNET



                  part 1



                "The issue of security at the Institute
                 LTL - it's a matter of faith.

                 Faith in the pure intentions Bee
                 la Gates. "

                -------------------------
                Simon Di, NTAdvanced Inc.



   Internet security has traditionally
considered at the application level. Then
is, the entire analysis boils down to phrases such as
"What would happen if you send a letter to the conference call 
and enter your real address e-mail ", or what would happen if 
you go on such a site, there is fill out a form indicating

complete your credit card number. "

   Naturally, the implications are clear and understood by all. 
In the first case of spam (A powerful stream of advertising 
messages to your email address), the second leak of money. 
Trivial! Trivial and recommendations, do not fill in forms and 
do not enter your real e-mail in a direct form, but slightly to 
mask it. Write your address, approximately, such as: dima 
"no_spam" @ bigfot.com. Naturally, people in the writing 
response remove "no_spam". I wonder what suggestions do in 
Moscow solid computer magazines (computer-Terra), if you still 
got spam? Very funny, but average user is invited to explore 
the intricacies of protocols and transmission of advertising 
messages, using numerous clever techniques and programs to 
determine a certain IP (dark wood for the common man), and on 
it, again using sophisticated methods, the name of the 
provider, through which you sent to the spam. Most likely it 
will be a foreign firm with hundreds of thousands or even 
millions of users, involved including the dispatch of 
advertising and, accordingly, with a huge flow complaint. Next 
in computer Terre recommended send this complaint to your ISP. 
Ha-ha-ha! The result is obvious-consider your complaint

a few years, maybe. Yes, in this
issue, Peter has overtaken Moscow. We have almost all providers 
in one form or another take the fight against spam by itself. 
For example, providers offer a special rate

Free admission of unlimited size
e-mail with a small ($ 5) a fixed monthly fee. Many providers 
in the first request set so called filters that block the flow 
of e-mail messages from specific addresses. For this user only 
has to send a sample of your junk mail ISP and ask them to put 
a filter. That is now a solution available

anyone, even novice users to the Internet in St. Petersburg!


   Nowhere and never (except in rare
there are "threads" in the newsgroups)
not discussed Internet safety
the "ideological" level. But with the advent of Winternet 1998 
(Windows 98) is an ideological party becomes the most 
interesting. Windows 98, in my opinion, has a brand new line. 
Now, every single copy of the operating system on each PC at 
the time of connection to the Internet to become part of a huge 
single global operating system of Microsoft. The most innocuous 
or even minor side effect is

automatic update (change?) the inner parts of Windows 98. A 
principal is that when connecting to the Internet virtually all 
of the hard drive of any computer becomes available Microsoft. 
There are no other barriers hindering! All protocols, including 
TCP / IP, implemented by the same firm. In fact, it is not 
important TCP / IP or XXX / XX protocol used to connect to

Internet. It is important that this protocol is implemented by 
one firm. All passwords are actually stored in the body of a 
single global operating system, parts of which are located PC 
with Windows 98, and the main part of the head of the World 
System Administrator with unrestricted access rights (and who

or that may limit it?) to any
computer in the face while seemingly innocuous Bill Gates, 
obviously, at the headquarters of Microsoft. 



   This alone should cause at least a sense of anxiety and 
concern. As well it looks like in practice? And that's it! New

Big Brother (Microsoft) continuously scans the contents of hard 
around the clock drive tens or even hundreds of millions of

computers around the world (and your home
PC too, if you have Windows 98)
via the Internet, retrieves and downloads the information about 
the operating system version, about the equipment (sound and 
video cards, modems, hard disk, etc.) and software software 
installed on the PC, analyze and, if necessary, automatically 
online updating of the operating system, drivers and other 
software. And automatically means that as soon as you connect 
to the Internet (and, it does not matter through

a service provider) first thing in the operating system your 
computer is connected with Big Brother and the "report" it's 
all about the state of your PC and software. Then, on orders 
from Big Brother are updated or modified files. And all this 
happens in the background mode, imperceptibly to you. And it's 
not fiction is already a reality today! Many will say that such 
a system is very convenient for Microsoft, and for the end 
user. But good intentions The road to hell is paved with ... 
Apparently, the first thing Microsoft will take advantage of 
total control of computers via the Internet for combating 
illegal users (pirates) software products. Do it can be very 
simple. For example, at the first connecting to the Internet 
automatically checked serial numbers, registration names and 
other licensing information software on the PC and, if 
verification fails, then begins to delete all unlicensed files, 
including the operating system itself (if it is a pirated 
copy). In short, do low-level format the hard drive. There is 
another, more cunning version. Big Brother can analyze the 
contents of the hard drive of your PC for discover information 
about your residence, telephone, address the people with whom 
you correspond, your passport data (for example, you have 
stored on your PC text of the employment contract with your 
current employer) and other confidential

informatsii.Zatem this information may be
forwarded (again via the Internet) to the local
competent authorities (police, etc.) on
combat illegal copying of software.


   In addition to the fight against software counterfeiters
open and other great potential. Moreover, the goals may be 
noble as well as criminal. Important fact a global information 
and software empire. While at its head is by and large fairly 
harmless person. Bill Gates still does not look like Hitler or 
Stalin. But by the nature of old age usually deteriorates. And 
it's not ruled out the possibility of trapping a legal (buying 
51%) or illegal (murder of Bill Gates) way Microsoft Mafia, a 
major financial - industrial or political group (and if the 
communists or fascists?). I think that for the powerful special 
services such as Mossad, the KGB or the FBI / CIA Microsoft is 
an incredibly attractive target. And then it may happen that 
when you turn any computer first thing to be given as

password, membership number of any
Party (KPRF?) and the number of card payments for payment
membership dues. And then followed by a mandatory brainwashing 
of "five-minute hate", well, then see the text famous book. 
Once again, the World Information and Computer Empire (After 
the appearance of Windows 98) became a reality. The only thing 
that saves us from the apocalyptic scenario is

nezloblivy and without political ambitions of the character of 
Bill Gates. It is obvious that the monopoly should not be 
universal. One reasonable way may be to publish All source code 
Windows 98, which would ensure that no "information bombs" and 
"electronic" spies "in the This operating system monopoly.



    Do not miss! I'm not saying goodbye ...


                  part 2



   I spent a small survey among a "home" PC users and 
professional system Administrators of the largest providers of 
Internet Petersburg and other cities. It turned out that 
ordinary users with difficulty believe in such things. Their 
main argument (Pretty funny for a multitasking operating system 
raspredelennoy) sounds something like this: "All the same to 
the operating system start searching the drive, have yet to 
press a button. "In This sweet delusion and stay

95% of humanity. Of course, the press nor the
it is not necessary. Theoretically (it will confirm
any novice programmer) is the only
requires pressing the button - a button
"Power on"! After that, your
computer to boot some program under
name of Windows such a version (if you
not contrived to establish a preliminary
download Norton Commanderie, and 90% of people in
the world has long been of no avail dosovskih programs). This 
Windows program now contains a Vse needed to reach a Internet 
tricks and all the necessary tricks. More recently, Windows has 
been separated from Internet-wall software

from independent companies that serve some guarantee of 
security (to the extent of What you trust these firms). Now

Windows is something that is part of a huge distributed system 
is very similar to neurons (!) Network manager center at the 
headquarters of Microsoft. Individual neurons (PCs) are 
connected between the network via the Internet. (Do not read 
the case polunauchny opus Stanislaw Lem on this

subject? He argues that when the computational power of this 
virtual neural network reaches a certain threshold value, 
comparable to the capacity of 15 billion of the neural network 
of brain person happens qualitative leap

(Dialektika. ..) and self-organizing network
Artificial Intelligence). It is quite obvious that if a 
"dialer" and tcp / ip are part of the operating system itself, 
then nothing can stop Windows, if she "wants" to call the 
provider and connect to the Internet (even if and the number of 
international headquarters Microsoft) and do all that I 
described earlier. To understand this is not even necessary

be an expert, just common sense. And for me, probably not a 
mystery in how to do this, and why Bill Gates

or some malicious programmer
many tens of thousands working in Microsoft's not done this 
until now (and maybe already ...). Incidentally, one of my 
friends HUMANITIES journalist yourself mastering home computer 
and Internet access for some Time to dial up his St. Petersburg

provider through 8 (intercity) have not yet received a phone 
bill ... It turns out to Its default Windows 98 "dialer" 
appeared on the long-distance! That's it ... leads to 
Reflections ... 


   Completely different attitude towards my
 views on the issue of Internet safety were of professional 
system administrators ISPs. They all agree that it is 
technically a Global System Administrator (Microsoft) is a real 
opportunity to access any data on the local personal

computers running Windows 98. C
On the other hand they have put forward and several
serious objections. Let us examine them in detail. Most 
internet professionals said that the user downloads files from 
local PCs will too noticeable increase in traffic

Dial-UP customers. And it - hook. The increase will be, but 
probably very low. Microsoft does not need to download or 
upload megabytes at a time. Firstly, the process will be 
extended in time to a few days or weeks. That is a big

file will be injected slowly, in small chunks. Second, to deal 
with software pirates just download

few bytes of registration numbers,
that will not cause a noticeable increase in traffic! In the 
third, with on-line connection in while surfing the real 
average load modem does not exceed 30%, and usually I

15% -20%. We must also read and what to load (!), And not just 
constantly jumping from one page to another. Of course, 
advanced users online first swing many pages, and then in the 
off-line reading, but these are relatively small and still boot 
the modem will not reach 100% ever! IE (on average) IS ALWAYS 
FREE Data link, and if used wisely it will not affect the sense 
of Users of the Internet connection speed. Fourth, an ordinary 
user (And their vast majority) will likely write off a small 
decrease in the rate of data transmission on the deterioration 
of communication over a telephone line! I, for example, cps

night two times higher than in the afternoon. And during the 
day cps may vary from 3000 cps up to 700 cps. So that the speed 
reduction sending files by 10% -15% in general no

will not pay any serious attention or will not give any 
importance to this fact! System administrators also have 
expressed The view that the new version of the operating

system will be able to refuse
"Convenience" upgrade of the operating
system via the Internet and thus prevent the possibility of 
converting its PC into part of the global system. But as you 
can see again all based on faith! A would be correct to say 
that in Windows 98 there is some setting or a button, changing 
the that the user will think that he

abandoned these "conveniences." But REALLY
know whether this is possible only with the source Windows. 
Very interesting remark I received from one of the Ural Internet

providers. I do not know, a joke or not.
Here is the message verbatim: "At the same time
Win 98 loads in Flash-Memory Modems
(User and provider) during a communication session with the 
Internet a secret firmware 115K to update system files

happened is really transparent to the
user. But we have it on hand, at least for selected customer 
traffic increase significantly. "Looks like we are talking 
about the birth of a new type of virus, living in Flash-Memory 
Modems! Such a virus can not remove even low-level formatting 
the hard disk. In any case, providers to increase profitable 
traffic clients so that they, if they find

strangeness will not blow this on
every corner! So that any tracking
oddities have to take end-users.


   Professionals also expressed the view
that the network operating system, Windows
98 provides for measures to control access rights to the 
contents of the hard disk local PC. That's what I wrote 
Alexander Zelenin (Www.izhcom.ru): "I want to say - quite

without my permission to update system files
will not work ... At least, I always
I try to know what makes my car. Discover what makes WIN-98 
without your knowledge, it seems to me quite easy. Hang 
sniffrra segment and in a calm atmosphere parse the logs. 
Odindva user to do so and declare the whole world about the 
results. Minutes of a he is one - TCP / IP and has not been 
canceled. " In principle I agree. But again it all

protection from another user, not the
Global System Administrator. Suppose, for example, Windows 98 
users prohibit access to certain directories

or segments of your hard drive? But to whom he
prohibited? It is obvious that another user, not the operating 
system itself and not a global system administrator

Absolute rights of access! After all,
Windows itself and control on the basis of indications Users 
who grant access, and who does not. Imagine you're a guard 
(Windows 98) and you boss instructed not to let such a person. 
And you took and want to miss it. So who or what

you are prevented from doing so? Only the fear of
that the boss finds out and deprive you of (a fire you can not, 
something other operating systems, almost no), or your 
conscience and dobroporyadochnost.Tak that all hope for 
something that Bill was a decent man. That is, once again

We must believe in Bill Gates (blasphemy?). But
what decency under capitalism nobody really can not explain! A
In addition, do a huge authoritarian state Microsoft does not 
Dissidents or simply bad guys, or, finally,

Spies from the competition or special
secret services and the haters of the Microsoft?!


    Do not miss! I'm not saying goodbye ...


                  part 3



   Interesting conversations about this
the article was for me with one of the most authoritative 
experts on Interent in St. Petersburg, the system administrator 
of our the largest provider Peterlink Andrew

Dementieva. Let me give ee in full:

"Part of everything you can you describe, really.
1. any update'y really can be done through the Internet;
2. this can happen without Vasheg about participation, but 
activity should be your machine - YET exist yet nobody is able 
to interrogate All computers in the world for what would

whatsoever;
3. Rumor has it that Microsoft had once
caught in the fact that it is using its
software transmits information about the contents
user's hard drive to his lair
(Of course, impossible to convey the entire disk, but
much can be done and so) Try searching through altavista around 
"check-in Microsoft Network" - exactly what should be :-) But 
all this has nothing to do with the global catastrophe that is 
drawn at the end. This is - as long as unreal :-) But in 
general, you now heavily dependent on Microsoft -

The new version of Ward, who can not read the old files, and 
everyone is looking for Decoders :-) " 

   Next, my question is:


   "I met this phrase: in Windows
95 there is a strangeness in the implementation of TCP /
IP, when you access port 3128 with any query system "hangs". 
Thus, any PC connected to the Internet can

be suspended from any PC connected to the Internet. "

   Reply Andrey Dementiev:


"3128 - no, he does not listen in Windows 95.
But there are other ports - 135, 138, ... Members Win95/WinNT 
doomed to hemorrhoids. 



   I quickly nashel Internet several programmok for 
"suspension" of any PC Windows 95 through the Internet and 
successfully hung a few computers of their friends. It turns 
out, I would say that Windows implements a protocol iceberg 
with little visible to the naked eye the tip of the tcp / ip 
and a huge underwater part with none unknown and undocumented 
features. In the presence of undocumented parts no doubt. 
Starting with the earliest versions of the operating system 
Microsoft ms-dos, and then Windows has always allowed 
third-party developers to use only a subset of all available 
options, their operating systems. This is eloquently

Numerous publications
Independent authors of articles and books obobschennym entitled 
"Undocumented Features ms-dos/Windows", in which they try, at 
least to some extent, raise the veil of secrecy on a secret 
"weapon" Bill Gates. 

   But the view from Kovalenko WEBPlus:



   "Share the truth is that it is technically possible to have" 
hatches "in the operating system and protocol stack. The 
ideology of TCP / IP more difficult the this, but even when the 
source is unavailable, it's all the same possible. Technical 
obstacle to the realization of such hatches is the existing 
decentralized nature of the Internet. If we imagine that all

ISPs really "eats henbane" and set the NT, then this obstacle 
is more dilute. However, rumors that it is somewhat exaggerated 
and problems still remain. There is also

considerations of common sense. Such actions can not be 
overlooked if they will begin a global scale. And then you have 
to either all users have been not very smart and did not pay 
attention MS either need to acquire their own

Army and police for taming the Shrew. In reality, however, any 
attempt at such action will lead to the collapse of most MS, 
due to the failure of users to use its products. "However, it 
should be noted that abandon Microsoft products with each

year it gets harder and harder. AND
may be in the near future, it will
not impossible, due to the lack of real and affordable 
alternative. 

   And here is the opinion of AD Semkin Nevalink:



   "Clearly, given reasonable arguments.
But while trying to MS or anyone else to do
something like that would be started very loud
process. Invasion of privacy in its purest form. To the west is 
sacred. Hide the same such attempts is not yet possible. "




   Microsoft initially sought to capture the market is not only 
operating systems, but, in general, all the software. The plan 
was this: in the first stage to capture the market for PC 
operating systems, then start gradually replace the market of 
third party software firms, creating a more reliable and more 
functional software of general application, taking advantage of 
access their native Microsoft's programmers

to the whole set as an open society,
and "secret" of undocumented and
sometimes virtually irreplaceable functions.
As we can see, this strategy worked and
gives Microsoft a huge success. Thus, the presence of 
undocumented functions and features are proprietary

STYLE Microsoft. Therefore, with 100% certainty we can assert 
that an undocumented part of the Windows drivers for network 
protocols contains a large number of all sorts of functions to 
facilitate the creation Microsoft programmers control systems

for local PC.
Of course, that they are available only team Bill Gates. In 
light of the above stated with great confidence I feel about 
reports of various oddities in the behavior Windows.



   Let's try to guess what is
the ultimate goal of Bill Gates on the market of software and 
operating systems? It seems it comes to what on earth will be 
only one copy of one global network distributed operating 
system Windows! All computers are essentially turned into 
"network computers", their work without connecting to the 
Internet will be functionally very limited. All hard drives of 
all computers will be part of One single network distributed 
file systems running a single copy single global operating 
system Windows. Naturally, all users will have different access 
rights to network resources. However, there is no doubt that 
the chief administrator in the face of Microsoft will have 
access to absolutely all resources, including any private files 
on any computers that are part of the system. Naturally, that 
there will be no other software companies besides Microsoft. 
And this monopoly would bring Bill Gates is just fantastic 
money. The truth is not clear why it so much. So

why does this all have happened? Obviously, there are 
constraints. First, in spite of the actual market monopoly on 
operating systems for PCs in Microsoft does not INTELLECTUAL 
monopoly. There (are stagnating?) Operating systems are not as 
good as or even superior in some respects Windows. For example,

OS / 2 or Linux / UNIX. And if Windows will stumble, they 
instantly take its place. So that while Bill Gates probably 
will not take decisive action to establish single global 
operating system, but the technical preparations for this step 
must be completed in soon as possible. Another real

constraining factor is the presence of yet
still a great many Internet Service Providers
UNIX like operating systems. This is not
allows Bill Gates to fully engage the undocumented parts of 
Microsoft TCP / IP, because these actions will be immediately 
detected UNIX with its fully documented network protocol 
system. However, there is evidence that Windows NT is still 
gradually replacing UNIX from the world of the Internet. It 
seems that if the world community does not take real steps to

limitation of monopolistic activity Microsoft, we are waiting 
for interesting events.