Re: Spammers Jump on Latest MS Hole

What allows and causes a foreign unauthorized program to start
> execution on a computer where it doesn't belong?

Users who will click on anything in email or on the web. "This program installs a virus. Only an Idiot would deliberately install a virus on his own computer. Install Virus?" A friend of mine set up a piece of a web site that had prompts like that and little graphics of a checking account balance counting down to zero. Most visitors clicked all the way through the multi-stage warning to install the "virus", which never actually installed anything, just called them idiots for trying.

Email programs which will run active content in emails in the "preview pane" without a user being present.

Operating systems subject to remote code execution vulnerabilities caused by, often, buffer overflow problems.

In other words, who presses the start button on a supposedly > personal computer to run sabotage?

Often, ignorant users, Microsoft Internet Explorer, Microsoft Outlook, and Microsoft Windows, not necessarily in that order. Don't take this to mean that non-Microsoft systems are invulnerable: they aren't.

I consider the fact that you can double-click on an attachment in an email and cause it to execute to be as serious a problem as having a self-destruct pedal between the gas and the brake of a car, even if it's labelled "Press here to explode entire car".

I don't understand how some external person can gain control of my > computer, as if my neighbor could drive my automobile from his > kitchen window.

If he installs a teenager with his head glued to a cell phone (who will obey instructions from him) in your car, he *CAN* do that. It gets even worse when he can persuade YOUR kid or wife to do it for him with YOUR cell phone minutes. The same applies to higher-tech remote controls.

There's a lot of remote-access stuff that is on by default and makes life harder if you turn it off (see ports 137, 138, and 139).

> were scanning the Internet for Windows systems that had the >> MS06-040 vulnerability >> What allows a private computer to be scanned by external means (like >> Spock using his scanners on a planet far below) so that its internal >> software may be examined and manipulated?

If the vulnerability is in the network stack or in servers listening on network ports, it's possible to probe corner cases by either attempting the exploit or looking at a side effect of a fix (say, it changes the way TCP sequence numbers are generated). The probing is done by treating the software as a "black box" but suspecting its contents, for example, looking at the response to a particular type of malformed packet.

Some scanners can operate as simply as connecting to port 25 of some server, look at the banner line that comes back, and checking the version of Sendmail against the known-vulnerable-version list.

> and then using publicly available code > Who wrote such code?

I wish they were residing in Club Fed.

Lastly, why do such vulnerabilities exist in the first place? I keep > reading how the present Windows operating system is old; shouldn't all > the necessary fixes be developed by now?

Software is complex and anticipating everything that can be thrown at it is hard. For example, suppose that at your house you have a phone and an eight-year-old child who sometimes answers it when others are busy. Are you *ABSOLUTELY SURE* that nothing a stranger says to the kid over the phone could cause your house to burn down?

How much does it cost for companies to keep applying these patches > every week?

Microsoft's Patch Tuesday is the second Tuesday of every month. Some people don't like the Microsoft prioritization of patches: a DRM patch that closed a hole allowing stripping protection came out in 3 days. Patches for the hole OPENED by MS06-042 and the silent data corruption caused under certain conditions by MS06-049 didn't get anywhere near that fast a fix.