Subscribe to Windows IT Pro
October 01, 1997 12:00 AM

Microsoft Needs a Different Approach to Security Risks

M Edwards
Windows IT Pro
InstantDoc ID #266
Rating: (0)

What is Microsoft doing to close security holes as people discover and report them? If Windows NT is Microsoft's flagship product, the company ought to be guarding NT with all the resources it has, scouring all associated code to look for ways of breaking in and crashing the system. The result would be Microsoft's beating the hackers to the punch.

Unfortunately, I don't see Microsoft taking this approach. Even when handed an exploit, complete with source code, on a silver platter, Microsoft still doesn't find all the ways hackers could use the code. This lack of attention indicates that Microsoft isn't seriously trying to find new holes. GetAdmin is just one of several cases in point. Microsoft released two hotfixes for the GetAdmin exploit over the course of 10 business days and still didn't fix all the associated problems! After the second fix was released, users quickly revealed that yet another related problem could quite easily crash an NT system entirely. The egg on Microsoft's face could have been avoided with a shield of diligence.

Microsoft is merely putting out the fires as legitimate researchers and would-be intruders discover them. Microsoft's security team could be much more proactive­like fire spotters looking for smoldering problems before they get out of control.

Furthermore, contrary to popular belief, Microsoft does not always reveal all the necessary information about a particular security exploit. In fact, Microsoft sometimes understates the potential dangers. The GetAdmin attack is an example. Microsoft claims this exploit is only a local attack problem, when a hacker can easily run GetAdmin remotely if an NT system is running on a Web or Telnet server. A hacker can launch the GetAdmin attack from a remote browser by placing the GetAdmin.exe program in the IIS /scripts directory. Similarly, giving people Telnet access to an NT system means that a hacker could launch the attack using a Telnet client.

Microsoft's practice of downplaying the severity and potential of a given exploit simply must stop. This practice is placing all NT users in more jeopardy than necessary. Not completely revealing the full scope of a security exploit makes no sense. The correct information always turns up quickly on the Internet anyway­so why try to downplay security risks?

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • Anne Dakmak
    9 years ago
    Sep 25, 2003

    Not able to get customer help is frustrating enough but when the tool to rescue the security response to undo the damage that a worm - or two worms - have done, the page that would have told how to do this is not longer available or has been moved to WHERE?

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.