The Evil Empire
Information about Microsoft, bugs, security holes, and dirty business tactics.
Updated irregularly (about once per week)

Microsoft software "riddled with vulnerabilities", trade body claims

The US Computer and Communications Industry Association (CCIA) has urged the US Department of Homeland Security to avoid using Microsoft software.

The Washington based association, which represents members that generate over $200 billion, has issued an open letter to Tom Ridge, Secretary of the department, urging him to review his decision to choose Microsoft for its desktops and servers. More... [via Privacy Digest]

Stupid Microsoft Tricks

[...] The [court] hearing came about because Burst, Inc. felt Microsoft was not divulging all the documents it was supposed to as part of the discovery phase of the case. Discovery is where each side asks the other for pertinent information and documents important to its case. Among other things, Burst asked for copies of all Microsoft e-mail messages concerning Burst during and shortly after the time when the companies were trying to negotiate a license for Microsoft to use Burst's intellectual property.

Microsoft handed over the e-mail messages on a disk, and when Burst's lawyers had printed all the messages they filled 140 boxes.

When Burst's lawyers put the messages in order by date and time, they claim to have noticed a peculiar phenomenon. There were literally no messages from approximately one week before until about a month after all seven meetings between the two companies. This meant that either Microsoft completely suspended its corporate e-mail culture for an aggregate period of 35 weeks, or there were messages that had been sent and received at Microsoft, but not divulged to Burst. More... [via IT&W]

Microsoft Windows: Insecure by Design

Between the Blaster worm and the Sobig virus, it's been a long two weeks for Windows users. But nobody with a Mac or a Linux PC has had to lose a moment of sleep over these outbreaks -- just like in earlier "malware" epidemics. This is not a coincidence.

The usual theory has been that Windows gets all the attacks because almost everybody uses it. But millions of people do use Mac OS X and Linux, a sufficiently big market for plenty of legitimate software developers -- so why do the authors of viruses and worms rarely take aim at either system?

Even if that changed, Windows would still be an easier target. In its default setup, Windows XP on the Internet amounts to a car parked in a bad part of town, with the doors unlocked, the key in the ignition and a Post-It note on the dashboard saying, "Please don't steal this." More... [Washington Post via MyAppleMenu]

The End of E-Mail?

Two points: First, Microsoft has flat-out refused to use its illegally gained profits sufficiently to stop this. Second, Windows is a monoculture. Ask any biologist about monocultures, and you'll be told of the extreme danger they represent. The U.S. government's willingness -- eagerness -- to help Microsoft keep and extend its monopoly is part of the danger.

I find myself increasingly amazed that Microsoft can get away with its own misdeeds. Where are the trial lawyers? If ever there was a class-action case that demanded to be heard, isn't this one? The global economy lost billions of dollars in wasted time, downed servers and other problems during the past few days, and shoddy products from a monopolist that has $50 billion in the bank share at least some of the responsibility. More... [Dan Gillmor]

MS releases unholy trinity of security fixes

Microsoft yesterday released another cumulative fix for Internet Explorer designed to address all the old flaws with the Swiss cheese browser and fix a set of fresh problems.

Separately, Redmond also issued patches to correct less serious vulnerabilities with a ubiquitous Windows middleware package and a revision of a July advisory on a serious vulnerability involving MIDI files.

The new IE flaws could enable an attacker to run arbitrary code on a user's system if the user either visited a hostile Web site or opened a specially crafted HTML-based email message. More... [The Register]

Virus hits hospital systems

Staff at a Glasgow hospital worked round the clock to restore its computer systems after the network was struck by the Nachi worm. The problem was detected at Yorkhill Hospital at about 1600 BST on Thursday. Medical records, which are stored electronically, became unusable, and staff had to switch to using the paper files they normally store in the hospital. More... [BBC News]

Sobig-F timed for Trojan download tonight?

The prolific mass-mailing Sobig-F email worm, which has flooded computer users this week, could attempt to download a Trojan horse tonight, anti-virus companies are warning.

The worm has been programmed to automatically direct infected PCs to a server controlled by the virus writer from which a malicious program could be downloaded. It is timed to do so at 19:00-22:00 GMT on Fridays and Sundays.

At the moment, it is unclear what the download material will do, or even the Internet address of the server from which the worm will download malicious code. Likewise, it's unclear if any attack will succeed. More... [The Register]

Windows schools crippled while Mac schools unaffected

Bowling Green City Schools Technology Coordinator Lee Jordan thought the system’s thousand or so computers had been inoculated against the latest round of viruses. That was until Wednesday, when the Nachi worm began shutting down computers equipped with Windows 2000 and Windows XP until the entire network was crippled. The worm sought out other computers on the district’s network, which is controlled remotely, and began shutting them down, Jordan said.

Warren County schools weren’t affected, according to Technology Coordinator Pat Stewart. Jordan said the county lucked out because it has mostly Apple computers, which have been immune thus far to the viruses. More... [MacDailyNews]

Microsoft warns of critical IE flaws

Microsoft alerted PC users to three critical security flaws in Internet Explorer and Windows on Wednesday, as the MSBlast worm and its variants used a previous vulnerability in Windows to spread across the Net for a second week.

The software giant released a cumulative patch for Internet Explorer that fixes several vulnerabilities previously disclosed by the company, and it re-released an advisory for Microsoft's SQL Server software, warning that a flaw in that program actually affects most Windows users. More... [CNET News.com]

Geeks Grapple With Virus Invasion

Combine the typical ego-ridden virus writer -- who may have more time to kill with school out -- with sloppy Microsoft code. Factor in users who are slow to patch their computers yet manage to click on virus-laden e-mail attachments, and you have inboxes laden with garbage and networks choked with nonsense.

Microsoft, whose products have been the target of a half-dozen successful worm and viral attacks over the past two weeks, is being criticized for writing code that security experts refer to as "Swiss cheese": code that contains security holes that leave operating systems and applications open to far too many attacks. More... [Wired]

Microsoft Tracking Behavior of Newsgroup Posters

Ever get the feeling your Usenet newsgroup list is being watched? By Microsoft? If so, consider yourself right. An interesting but troubling CNET interview with Microsoft's in-house sociologist goes into how the software giant is keeping a close eye on newsgroups and other public e-mail lists, tracking and rating contributors' social habits and determining "people who the system has shown to have value." Those concerned that it's not a good idea for computers to track their belongings and whereabouts are advised that they may ultimately have to fragment their identities, keeping multiple IDs and e-mail addresses. [Slashdot]

Outlook is bleak

Outlook is a joke. No sane computer user today should use it. If your company makes you use it, go to your CEO and explain how much time and money his company is losing by using it. More... [Scott Rosenberg]

Auto-responders magnify Sobig problem

Bounced messages from auto-responders in receipt of the prolific Sobig-F worm are feeding a flood of useless and malicious messages that threatens to swamp legitimate emails for many users. Sobig-F spoofs or forges the name in the From: field in infected emails sent out from pox-ridden PCs. This forged email address is often randomly plucked off the infected computer by the virus.

Some gateway applications that scan email attachments for viral content email auto-replies when a virus is found. If the 'Sender' name has been forged, the auto-reply can be received by an innocent party, causing undue confusion and stress. A false accusation may even harm an organisation's relationship with clients and partners. Although we've seen the spoofed email tactic before, the explosive growth of Sobig-F is making the behaviour a greater problem. More... [The Register]

DirectX attack expected - patch Windows now

Microsoft seems to have survived the MSBlast worm attack, but now the company is urging Windows users to patch their systems against a different, potentially more dangerous, vulnerability in its software. Even though most businesses have installed the patch for MSBlast, there is another vulnerability that could completely overshadow last week's events. On 23 July Microsoft posted a security bulletin on its Web site that describes a "critical" vulnerability in DirectX. According to Microsoft, unprotected systems could be at the mercy of an attacker by simply playing a midi file or visiting a malicious Web page. More... [ZDNet.co.uk]

Worm and virus overload networks

A "good" Internet worm and a new malicious mass-mailing computer virus are creating an enormous amount of network traffic, slowing some corporate systems, security experts said on Tuesday. The Internet worm -- called MSBlast.D, W32.Welchia or W32/Nachi -- started compromising computers on Monday and has overwhelmed some corporate networks with its aggressive scans for vulnerable hosts. Meanwhile, a new variant of the mass-mailing Sobig virus, called W32/Sobig.F, took off on Tuesday, swamping many companies' mail servers.

The latest version of the Sobig mass-mailing computer virus also caused headaches for network administrators. Email service provider MessageLabs stopped more than 100,000 messages carrying the latest virus in the first few hours of the attack. More... [ZDNet.co.uk]

Slammer worm crashed Ohio nuke plant net

The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours, despite a belief by plant personnel that the network was protected by a firewall, SecurityFocus has learned. More... [The Register]

Email worm joins Blaster attack on Windows

A new variant of the Sobig worm is spreading rapidly across the Internet this afternoon. Sobig-F, like its predecessors, can spread via either email or (less commonly) network shares. Sobig-F scans infected PCs for email addresses prior to blasting out copies of itself using its own SMTP client using spoofed email addresses filleted from the compromised PC. We're getting sick of saying this, but Sobig-F is a Windows-only menace. Mac, Linux, OS/2 and Unix users are immune. More... [The Register]

Rockin' on without Microsoft

Sterling Ball, a jovial, plain-talking businessman, is CEO of Ernie Ball, the world's leading maker of premium guitar strings endorsed by generations of artists ranging from the likes of Eric Clapton to the dudes from Metallica. Since jettisoning all of Microsoft products three years ago, Ernie Ball has also gained notoriety as a company that dumped most of its proprietary software--and still lived to tell the tale.

In 2000, the Business Software Alliance conducted a raid and subsequent audit at the San Luis Obispo, Calif.-based company that turned up a few dozen unlicensed copies of programs. Ball settled, but by then, the BSA had put the company on the evening news and featured it in regional ads warning other businesses to monitor their software licenses. Humiliated by the experience, Ball told his IT department he wanted Microsoft products out of his business within six months. More... [CNET News.com]

World squirms as Sobig returns

The Sobig e-mail virus that caused havoc two months ago has reappeared in a virulent new form, according to e-mail service provider MessageLabs. The company has given the virus a high-level alert statusbecause of its rapid spread. The new worm, code-named W32/Sobig.F-mm, appeared Monday, according to the company. All copies came from the United States.

The virus grabs e-mail addresses from several different locations on a computer, including the Windows address book and Internet cache, and sends e-mails to each one. The virus also forges the source of the message using a randomly selected e-mail address so that the infected message appears to come from someone else. More... [CNET News.com]

Note, its called "MSblast" not MAC blast

With a disaster befalling any company that was flawed in its service offering the stock would have tanked, but not MSFT. [via MyAppleMenu]

Microsoft patch process called into question

Microsoft Corp.'s Windows Update patch management program has a critical shortcoming that in some cases could fool users into thinking their systems are properly patched against some vulnerabilities when in fact they aren't. [ComputerWorld Security News]

Microsoft: We Will Appeal

This one's not over yet (And by the time it is, ActiveX will probably be a dead technology, anyway.) Eolas, the company that sued Microsoft back in 1999 for alleged violation of its browser plug-in patent, was awarded $521 million by a Chicago jury on Monday. Microsoft was quick to point out that the award was substantially less than the $1.2 billion that Eolas had sought. And Redmond officials already are working on an appeal. [Microsoft Watch]

'MSBlast' worm a piecemeal monster

"MSBlast," the latest threat to hit the Internet, is a piecemeal compilation of programs cobbled together to do a single job: spread across the Internet. The Frankenstein's monster of code stitches together a widely available file server, one of several public programs to exploit a widespread Windows flaw, and common techniques for compromising computers.

The combination is unoriginal, but effective. The worm--also known as W32/Lovsan.worm and W32.MSBlaster--is successful not because its creator was knowledgeable about programming, but because a great many people whose computers are connected to the Internet are still ignorant of security. [CNET News.com]

Worm exploits major Windows flaw

The MSBlast worm is spreading rapidly, and security experts predict that the spread will accelerate when hackers refine its code.

The fast-spreading MSBlast worm seems to be crashing as many Windows computers as it's infecting, demonstrating to administrators that they need to patch their systems, security experts said on Monday. [ZDNet]

Yep, it's reached the place where I work, too. We've just had an announcement to shut down all Windows XP computers immediately.

Microsoft guilty of patent infringement

A federal jury in Chicago awarded the University of California and a browser technology company nearly $521 million after finding on Monday that their patents were infringed by Microsoft, according to Reuters: "The suit, originally brought against the world's largest software maker in 1999 by Eolas Technologies Inc., charged that Microsoft had used Eolas' patented Web browser technology which allows other mini-applications to work with Microsoft's Internet Explorer browser, according to court documents. Eolas had originally sought licensing fees that would potentially have totaled $1.2 billion." [MacNN]

EU gives 'last chance' to Microsoft

The EU executive says the US software giant has a final chance to comment before action is taken against 'market abuses'. [BBC News]

Is it a bird? A plane? No, it's a Windows Trojan

While one of the sneakiest viruses to date began spreading rapidly across the Internet at the weekend, antivirus software vendor Panda Software detected a Trojan that exploits, you guessed it, another Windows vulnerability. Its actions leave affected computers at the mercy of hackers, the company warns. [The Register]

Sneaky virus poses as email from sysadmin

One of the sneakiest viruses to date began spreading rapidly across the Internet this weekend. Mimail, which poses as an email from a potential victim's own sysadmin or ISP, suggests that a user's email account is about to expire. Potential victims are urged to open an attachment message.zip, containing a copy of the virus. [The Register]

Microsoft Downplays Mail Worm

Microsoft issues a warning about a worm that exploits a flaw in its Internet Explorer browser, but claims it won't cause major security problems. [Wired News]

CERT warns of attacks, new holes in Windows

In the past two days, CERT has received reports of thousands of systems compromised using variations of the malicious code, which is known as DCOM RPC. [Computerworld Security News]

Guess what? Microsoft won

CNET News.com's Charles Cooper says the "end of Microsoft as we know it" crowd must face the post-antitrust reality that the software giant is more confident and stronger than ever. [CNET News.com]

U.S. says Windows vulnerable to attack

The federal government says there is new evidence that an attack is being planned on computers using Microsoft's Windows. [CNET News.com].

So, um, what's new about this? Since when does exploiting one of Microsoft's billions of security leaks sound like terrorism? Will hackers taking advantage of the security leaks now be charged under the Patriot Act?

Here's what Joe Jenett says: "Computer security flaws have been a fact of life for a long time but this talk of an attack being planned (as if by terrorists) seems a bit fabricated, whether it be by CNET or the government." [jenett.radio]

Microsoft fixing another faulty patch

The flawed patch corrected a vulnerability in Windows NT 4.0 Server's file management function that could leave machines running NT 4.0 vulnerable to denial-of-service attacks. [Computerworld Security News].

Welcome

Welcome at the Evil Empire. We have moved to this new address, which is at the same time the address that we had until about a year ago.

As this page is currently still a bit empty (this is because we change the content management software with which we're editing these pages), you may want to check our July archives for previous news.