About | Buy Stuff | News | Products | Rants | Search | Security
Home » News » Roundups

XPSP2 Update VI: Ballmer's Waggers

24 October 2004 14:41 UTC

The Ballmer's Hype Machine has worked too well on the unwitting, the clueless, the intellectually weak, and the cerebrally disenfranchised - an e-ballyhoo that should be called e-bullshit. And things have been quiet in the press - almost as if they'd been under pressure from Ballmer to lay off for a while.

But a good trojan never sleeps, and bad code never gets better, and Windows cannot be secured, and all this time there's been code out there making Ballmer - through and including Service Pack 2 - look ridiculous.

The infamous Beagle worm, now into over three dozen incarnations, has quietly evolved, continues to infect machines at will, and today includes code to turn off Ballmer's Windows Firewall.

As if it was difficult: the actual code to do this, if one wanted to keep things simple, is little more than a command line run on CMD.EXE. That's it. And it's off. And your Windows machine is again wide open to attack.

Amateur hackers are also playing with more ambitious - albeit unnecessary - attacks on the rather wobbly defences of SP2. The SecuriTeam website today offers the complete source code to an easy break-in, and other examples are sure to pop up in the weeks to come.

At the end of the day it's still Beagle which frightens security experts the most. This extremely virulent and potent worm uses so many devices which make detection nigh on impossible and eradication short of 'wipe and reinstall' highly improbable. One variant uses UPX to obfuscate its contents. the next uses PeX, and so forth.

A few of the later variants are programmed to update themselves from the net every six hours, whereupon they can get an entirely new list of URLs to use for the next update in six more hours, and so forth. Most of the time the URLs don't even exist when the variants surface, only days later.

Against this kind of meticulous expertise Ballmer's brainwashed bungling wannabes don't stand a chance, and SP2 does not mark an improvement.

Curious as well is that although Ballmer offered a reward for information leading to the capture of other virus writers, he has not said anything about a reward for the author of Beagle. Speculation is that this is because Beagle is not programmed to attack Microsoft websites - only you.

Showing you once again where interests lie. It's just more tongue wagging by the Prince of Hype.


Windows Users Want Results, Not Ballmer Promises
http://www.eweek.com/article2/0,1759,1680772,00.asp


Writing Trojans that Bypass Windows XP Service Pack 2 Firewall
http://securiteam.com/exploits/6A00J0UBGS.html


The Beagle Worm History Part 2
http://securityfocus.com/data/library/beagle_lessons_2.pdf


Ballmer's Latest Waggers

Hackers get smarter too.
 - Steve Ballmer

I think we've learned a lot more about security basically than anyone else in the world.
 - Steve Ballmer

We need to focus in on a few things. We need to engineer in fewer vulnerabilities going forward. We have new development tools to spot security vulnerabilities. We will release those to users. These tools have made a difference in Server 2003 and XPSP2.
 - Steve Ballmer

We will be working on trustworthy computing for the rest of my days at Microsoft, which I hope are many. There are bad people out there in cyberspace, and they are not going to go away. We are going to have to be vigilant. That's going to last for the duration.
 - Steve Ballmer

It's not like five or six years ago viruses didn't exist. More damage has been done in other periods of time. The last 12 months was a better 12 months by a margin. I do believe in the next two to three years we'll get good enough and customers' practice of implementation will get good enough.
 - Steve Ballmer

Security is the potential downside for the business. Do people have enough faith? That's why we made security job one priority at Microsoft.
 - Steve Ballmer

The #1 way people get viruses is in fact with machines that are on their networks sometime and off the network other times. How do you check before you reintroduce someone to the network? It's a form of isolation.
 - Steve Ballmer

We're doing a little bit of rethinking but the technology and the way we've done it, we still think, is spot on.
 - Steve Ballmer

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.