______________________________________________________________________ _ _ BACK ORIFICE 2000 ((___)) BACK ORIFICE 2000 show some control [ x x ] show some control \ / (' ') (U) ________________________ http://www.bo2k.com/ ________________________
|FOR IMMEDIATE RELEASE||FOR IMMEDIATE RELEASE|
Press Contact: The Deth Vegetable cDc Minister of Propaganda firstname.lastname@example.org
[July 19th, San Francisco] The CULT OF THE DEAD COW (cDc) publiclychallenges Microsoft Corporation to voluntarily recall all copies of itsSystems Management Server network software. In addition, cDc calls forthe antivirus industry to respond with signature scanning for SMS files.
"Hypocrisy" is such an ugly word. So instead, why don't we just chalkthis one up to Do-What-We-Say-Not-What-We-Do?
Microsoft evidently dislikes our new tool so much that they've taken tocomplaining about one of its key features. We're talking about BackOrifice 2000, and the feature in question is its stealth mode.
Microsoft has claimed that BO2K is a malicious tool with nolegitimate use. Their primary evidence is BO2K's stealth feature, whichgives you the option to run the server on the remote machine without itbeing evident to anybody sitting at that machine.
In fact, here's what they're saying right now on the Microsoft Security Advisor website:
BO2K is a program that, when installed on a Windows computer, allowsthe computer to be remotely controlled by another user. Remote controlsoftware is not malicious in and of itself; in fact, legitimate remotecontrol software packages are available for use by system administrators.What is different about BO2K is that it is intended to be used formalicious purposes, and includes stealth behavior that has no purposeother than to make it difficult to detect.
Now, we concede that on its face, this sounds like a valid criticism.Being able to operate a remote admin tool without the person at the otherend knowing that it's running on the machine seems downright devious.(Keep in mind that BO2K's stealth feature is an OPTION, whichis in fact disabled by default.)
Maybe Microsoft is right; perhaps this stealth feature in and of itselfis enough to brand it a hacker tool with no redeeming social value.
But then, what are we to make of Systems Management Server (SMS)?
SMS is Microsoft's remote admin tool for Windows. As it happens, SMS hasa nearly identical stealth feature. As a matter of fact, they explain thisfeature in a Word document available from the Microsoft website:
Of all the operations that Systems Management Server allows you to do on a client, remote control is possibly the most "dangerous" in terms of security. Once an administrator is remote controlling a client, he has as many rights and access to that machine as if he were sitting at it. Added to this, there is also the possibility of carrying out a remote control session without the user at the client being aware of it. Thus, it is important to understand the different security options available and also to understand the legal implications of using some of them in certain jurisdictions."
Visible and Audible Indicators
It is possible to configure a remote control from a state where there is never any visible or audible indication that a remote control session is under way. It has been made this flexible due to customer demands ranging from one end of this spectrum to the other. When configuring the options available in the Remote Tools Client Agent properties, due notice must also be taken of company policy and local laws about what level of unannounced and unacknowledged intrusion is permitted."
Notice that? Microsoft's own tool has the same evil capability as BO2K.
Now, Microsoft did not invent surreptitious desktop surveillance; there areother products on the market that perform these functions. Microsoft is justthe largest supplier of the technology, as SMS comes bundled with each copyof Back Office.
Why is it that Microsoft can offer a tool having this illegitimate functionalitywithout any moral qualms, but when WE do it, they throw a hissy fit?Well... we have a hunch.
"Microsoft wants to keep everybody talking about the evil software from uscrazy computer hackers. So they paint BO2K as a dangerous application withno constructive uses," says Reid Fleming (cDc). "We beg to differ."
BO2K doesn't exploit any bugs in the Windows operating system thatMicrosoft is willing to categorize as such.So in order to convince the public that BO2K is a solely destructivetool, Microsoft is forced to criticize the tool's feature set.Evidently whoever dreamed up this press strategy was unaware ofSystems Management Server and its stealth feature.
Of course, there's another possibility. Microsoft sells SMS for cash money.Meanwhile, BO2K is free. (It's also open source, and better constructed anyway you measure it: size, efficiency, functionality, security.) Maybe thisis just another example of Microsoft's alleged anticompetitiveness?
"BO2K, like SMS, is a powerful software tool. Like any powerful tool, itcan be used either responsibly or irresponsibly," says Count Zero (cDc)."For Microsoft to claim that BO2K has no legitimate purpose is ridiculous.Their own SMS tool has nearly the same functionality as BO2K, andMicrosoft is happy to let you pay $1,000+ for it."
Regardless of their motivations, Microsoft is selling software which doesmany of same things as Back Orifice 2000, including the pernicious abilityto run hidden from the user.And if stealth mode is what makes BO2K a malicious program, then Microsoft's Systems Management Server is a malicious program too.
Consequently, we challenge Microsoft to recall all copies of the SMSadministration tool, because its featureset contains stealth capability.This feature clearly illustrates that their software has no legitimate use.Furthermore, we urge all antivirus vendors to include signatures for SMSin their scanner utilities.
Back Orifice 2000 is available for download free of charge fromhttp://www.bo2k.com/.
Equally hypocritical quotes from Microsoft about Back Orifice:
"Users who are tricked into getting this thing installed on their system arevulnerable to the attacker, who can then do anything that the victimcan do -- move the mouse, open files, run programs, etc. -- which islittle different from what legitimate remote-control software can do.Back Orifice, however, is designed to be stealthy and evade detectionby the user."
"In fact, it really ends up doing bad things -- thatís what aTrojan horse does. Back Orifice falls into that category because it isintentionally designed to hide itself from detection. The creators claimthat this is a useful administration tool, but it doesnít even promptpeople when it installs itself on the system. It doesnít warn them thatitís getting installed. And, once itís installed, it makes the systemavailable to other people on the Internet. That is a malicious act."
"Itís incomprehensible why a tool like this would be created. [...] [T]hereís no purpose for this tool other than harming actual usersof software products."
-- Jason Garms, lead product manager for Windows NT security
Microsoft's prefabricated interview, 8-July-1999
The CULT OF THE DEAD COW (cDc) is the most influential group of hackersin the world. Formed in 1984, the cDc has published the longest runninge-zine on the Internet, swallowed swords, made waffles, and so on.
For more background information, journalists are invited to check out our Medialist athttp://www.cultdeadcow.com/news/medialist.htm.
"Microsoft", "Windows", "Systems Management Server", "Word", and "Back Office"are all trademarks of the Microsoft Corporation. Blah blah blah, this isgiving me a headache.