I'm only here to spread the FUD... ;)
This is a very interesting read taken in their context....
M$ Windows XP Professional Bugging Device?
Printable View
I'm only here to spread the FUD... ;)
This is a very interesting read taken in their context....
M$ Windows XP Professional Bugging Device?
Yup...very interesting indeed. Nice find!
Hmmm.... A packet sniffer picked up nothing on the first two items..... Whod'a thought :rolleyes:
<puts on aluminum foil hat>Quote:
Originally posted here by Tiger Shark
Hmmm.... A packet sniffer picked up nothing on the first two items..... Whod'a thought :rolleyes:
Might that be because they are using a secret protocol and your protocol analyzer can't see it? :D
</puts on aluminum foil hat>
Actually, I regulary sniff traffic wheather I'm using the PC or not using the PC... just to see what "normal" activity. I've never noticed any suspicious transmissions... well, except from the occasional peice of spyware I've been "infected" with.
However, I do beleive in some of the "features" that are not needed that "ghost" more images on your hard drive... anyone who has used any forensics tools can confirm that... Sometimes I've several copys of the same file(s)... Those files have been very easy to recover so far... unless you regularly wipe your slack space... and even still... there is the protected storgae.
Its interesting, but theres certain things about it that I dont like such as this one -
thats the typical newbie comment that xxx is better than xxx, to a certain extent i agree with this, like yea some things clearly excel over the same thing on another operating system, if you see what i mean...Quote:
How long as Microsoft been programming Windows for?
Ten, maybe fifteen years, and we are seriously asked to believe that a company with the financial resources of Microsoft cannot a create a bug-free Operating System?
OpenBSD is a free Operating System and with very little funding (nowhere near what Microsoft has, in a million years) the only remote exploits you will find, anywhere in the world, will be at least 12 months old.
But the coders at MS are only human and there bound to make mistakes, maybe they should invest more in finding errors, but then if they did that to much things would never get released and something such as an operating system is a massive amount of work and youd be a god if you did it entirely error free when work is past between hundreads of people.
its an interesting overview, and yes the bits that Ive heard of before the stuff seems factually correct, but things like the search fuction spying doesnt seem rite to me ive never captured anything in a packet capture, and the person doesnt support it with any evidence,
however im interested if any one knows about this thing -
anyone have any info on that?Quote:
27. Web-Cams and Microphones
These devices can be remotely activated providing visual and audio feedback from the target subject. There is also no way of telling if your devices have been remotely activated. These features are demonstrated in 'proof of concept' applications such as NetBus, etc.
With raw sockets (or driver) this information can bypass your firewall without any problems.
i2c
i2c: There have been several trojans and viruses that have activated both webcams and viruses.
http://www.shortnews.com/shownews.cfm?id=42350
Thats not the only instance either... its nothing new.
http://www.microsoft.com/technet/sec.../virusrat.mspx
I beleive that sub7 will even allow you to activate the webcam and microphone?
I agree with you on the bugs in the operating system. Humans will make mistakes... but they need a lot more people to review it. Thats one advantage of OSS. People can review and correct mistakes whenever they want... I'm not saying there are less bugs in OSS. There are probably just as many. But because people want to find and fix the bugs... they do so. They are not being paid (in most cases) to code as fast as possible. OSS is coded for quality? Where non OSS is coded for quantity? More features in less time? I'm no professional programmer... I'm only speculating....
although the articles has some good points, it is also load of BS.
1) Start--> Search sending to Internet. Ive got some strange internal Windows programs caught by
my firewall (an old fashion NIS). I neve caught that, but from time to time, some processes try
to connect to internet, blocked by my fw
2) Help System --> BS. It was designed to help the users with fresh info, so connecting to
internet cant be taken as a bugging device.
3) Microsoft Backup --> as most of backup software. Even on mainframe, IBM backup software can
bypass security and backup every file on disk. However, you cant change the security attributes
on restore and "good pratices" show us to protect very well backup tapes. BS
4) Task manager --> BS. It wasnt designed as an anti-spyware tool. MS designed it thinking that
we are good admins and wont allow malware enter at our machines. You cant blame a tool that wasnt
design to do that.
6) Regitry --> a lot of ppl complained about old .ini structure. I hate those .conf files, hard
to find. Registry is a good idea. But it has some performance problem, i admit
7) Temp files --> most of o.s. has the same problem. O.S. cant deal with automatic deletion of
temp files. sometimes files are left of temp folder. Its a crap, i admit, but not ONLY MS fault
11) Swap page file --> BS. guy that wrote that knows nothing about virtual memory and paging
technics. Every modern (since 1970) has it. If the guy read FIPS recomendation (that is generic,
not for MS) he/she will see there "pages that contains key is clear form should be fixed in
storage and process must be nonswapable".
12) firewall --> yeah, MS give a "free firewall" and everybody complains. Its better to give a
complete one and kill all software companies, isnt it? BS
13) memory usage --> BS. Windows needs a lot of ram (but not 1GB) because ITS A GRAPHICAL OS!.
dont come with *nix on console mode and compare.
14) Automatic updates --> so, its the same on linux implementation of it. you hit "update" and
what is executed? who knows? bs
15) raw packets --> bs. No user process need it. period. User process writing raw packets is
stupid. Its like an user process writing direct to disk or controlling direct the keyboard.
16) remote acess bugs --> that is true. MS has a problem on code quality,in special on "buffer
overflow" basics.
20) stability --> man, so no windows on weapon designing? no University using large cluster of windows for research? bah
21) msn search --> yeah, thats annoying. i agree with that
24) cookies --> oh, only windows has that problem? if someone tell me that is an IE problem i admit.
bah, its easy to blame MS and forget that others, including O.S. that has more than 40 years in market (like IBM O.S.) suffer of the same problems.
Comparing MS to Linux is like comparing an F15 with a Cesna. All right the Cesna would have to have a jet engine but they are not the same.... T00 be more accurate you would have to state that Linux with MYSQL, PHP, Snort, X-Windows, an FTP Server, File Sharing Components, the printing systems, Apache, Kiwi, FireFox, Star Office, VirtuaDub, etc all operate forever and ever with no glitches, then give it to the lady at the front desk who wants to load GAIM on it and play Bejewled all day. :D
Not all OSS projects are as good as those above, in some cases it takes months to fix a bug or you have to find it yourself. I have been active in some help desk applications recently at sourceforge, spending days and sleepless nights tooling the source. I gave up and bought Track-it. Maybe next year some OSS projects will be further along or I will build one myself.
Time is a factor, A BIG one. In fact there are 3; Time Money Resources and they are all dependent on one another. If you shorten time it will cost more money and resources. If you want to take away money, it will cost more time etc. I use this alot to "motivate" changes in projects.
\\Edit as for stability, wtf are these guys running windows 3.1??? The only servers I ever reboot are the one's using shitty data mamangement tools. They are 3rd pary data engines by some schmuck who built them.
RoadClosed: I agree with you. I choose a poor example...
Anyone can start an OSS project... I've seen plenty that never make it past its first release...
<offtopic>
BTW: TrackIT is good software. I use it all the time... however... we've had a couple of problems getting the audit sotware to work silently with startup scripts... not to mention it uses massive amounts of resouces... and sometimes hangs causing the system to become unstable. We've worked out those problems... just caused a huge headache for a couple of days.
Other than that... we've been really happy with it.
</offtopic>
my god thats scarry! even taken with a grain of salt.
this brings up something ive been trying to answer since last week when i ran lads.exe on the whole drive...so many ads files attached to everything. i thought ads was implemented to be more compatable with mac's files and of course as a way to hide trojans. i checked a few other computers on the network to verify...they all have them. even graphics ive created. i didn't watermark anything! whats up with that?
this weeked my work computer download the lastest freeBSD (burning as we speak). windows may butter my bread but at home its going to be bsd. even though the guys speaking hypothetically the implications are more than i can handle. i mean ez pass is against my better judgement.... this is just plain obscene
Hey Hey,
I know that everyone is putting little faith in these notes... and that Tiger Shark has sniffed and found nothing... but I'm going to have to disagree.... -- Check out
http://sa.windows.com/privacy/
Quote:
Using Microsoft Windows XP Search Companion, you can search for all types of objects, from pictures, music, and documents, to printers, computers, and people. You can search your own computer, other computers (if you are connected to a network or workgroup), and the Internet. You can also choose to search with the help of an animated screen character.
No information is ever collected by Search Companion when you search your local system, LAN, or intranet for any reason. Enough Packets Were sent... even if no information was collected...I'm still not sure when the privacy policy was sent out. Check out the screenshot
When you search the Internet using the Search Companion, the following information is collected regarding your use of the service: the text of your Internet search query, grammatical information about the query, the list of tasks which the Search Companion Web service recommends, and any tasks you select from the recommendation list. Search Companion does not record your choice of Internet search engine, and does not collect or request any personal or demographic information. Information collected by the Search Companion can not be used to identify you individually, and is never used in conjunction with other data sources that may contain personal data. All information is retained for twelve months, and discarded in the thirteenth month following collection.
Where did I find that you might ask?? When I ran a sniff and searched... I'm wondering if when TS did it, he forgot to reenable the default Windows Services... I turned Alerter, ALGS, BITS, Error Reporting and a few others back on before running my sniffs.
Anyways Check out the screen shot.. If anyone wants the capture to see the details they can PM me.
Peace,
HT
FYI- I'm not sure if any of you read the comments at the bottom of the page... but there is a discussion going on at hackinthebox.org too. The author has joined in on that discussion and further explains his concerns.
http://forum.hackinthebox.org/viewtopic.php?t=7778
I Agree with i2C, the impression I was getting was the writer was pushing another product.
This is very interesting
Great article, but am I the only one that found this part ironic?
But then he went on to demonstrate quite well that in order to be properly interpreted, facts have to be taken in context?Quote:
They never could grasp that context is irrelevant to the scientific process or methodology, science examines facts, not interpretation
ie..
1+1=2, that's a fact.
1+1=3, also a fact (dig out your trigonometry text :p )
My 2 cents.
Great article on many levels. Thanks phish. :D
HT:
Ok..... Guess who's the dimwit? :o
I run XP on the laptop and 2K on the desktop..... I ran the test on the desktop without thinking..... Duh.....
Still, it's nice to know 2K doesn't leak any info..... :D
[Edit]
Ok, we're at the satellite office on the XP laptop and it does make requests.
If you look carefully at the trace when you opened the search feature it connected to a microsoft site. You will also notice that a response was returned to a GET that said 304 Not Modified. (304 Not modified is commonly used where updates are checked for). It seems to me that the search function is updatable, maybe a change in an algorithm to speed up the searches, and prior to it beginning searching it checks to see if anything has been updated. I looked all through the packet transfer paying special attention to my transmissions and there is no evidence that the word(s) I put in, (I did a couple of tries), are transmitted outbound. ie: M$ doesn't know what I am searching for though if I use it enough they could determine that a person on a fixed IP is bloody disorganized by the number of searches they carry out.... ;)
It sure as hell isn't the "tin foil hat" issue the author seemed to be trying to imply it might be.....
[/Edit]
I'm going to chime in behind i2c and Tiger Shark on this one. I've seen this article, or articles like it, since the advent of Win3.11 (the networkable version). All too common for someone with a smattering of technical knowledge to make those broad, sweeping statements and not back up any of the claims with anything of substance.
I sniff traffic going in and out of more than 500 Windows systems on a regular basis. Contrary to the paranoid line of thinking, Windows doesn't really give up much, anymore. At least, when it is not infected with spyware, trojans or P2P systems. It ain't like it was with earlier versions of Win98 and it just gave out everything, including the baby's bathwater.
Keep in mind that Microsoft has to do business in almost every country in the world, and the various privacy and trade laws make it imperrative that sensitive data and private information be protected, first and foremost.
As for 1+1=3, I remember having to write a proof for that statement. 9th Grade Algebra, if I remember correctly.
Firstly, wrong forum, I wouldn't be surprised if a mod moved this to a different forum.
Secondly, there is so much misinformation and lack of understanding on the author's part in that document so as to make it useless. Cacosapo pretty well covered a lot of it, but an addendum to #15:
The author states:
This is untrue on several points:Quote:
The truth is, raw sockets is not required, however, it just makes life simpler. For real time software, the overhead presented by TCP, is too great and the effects can be seen on excessive lag during online gaming, or media playback. A streamlined custom stack, allows for faster processing of the IP packet and over a 1000% improvement to connectivity management than TCP encapsulation.
Many developers do not realize that TCP is not required and that custom packets can be encapsulated within IP alone. IP routes the packet, from A to B, and TCP provides a data path encapsulated with the IP packet. This allows Internet routing to change, without effecting application support. Custom stack creation is a 'walk in the park', all it involves is parsing a binary stream and executing functions based on flags or value, it also, automatically, supports the OSI/DoD model.
By breaking support for raw sockets on Windows 2000, Microsoft manipulated the entire global market, as no developer could be assured their applications would function after 12-24 months. It also provided a way for Microsoft to eliminate tools such as 'Ethereal' that could inspect the communications of a Windows system.
- There are other commonly supported protocols than TCP that have lower overheads -- Unreal engine games have historically used UDP for data transfer for this reason.
- Since the author suggests he or she can trivially write a hugely superior protocol, how come I don't see any links to the specs for such a protocol?
- Raw socket support in all versions of Windows can be had using 3rd party libraries, which applications like Ethereal are capable of using. In fact, certain versions of Ethereal support raw sockets just fine, even when Windows does not.
All in all the site is largely inaccurate, the author evidently didn't do a lot of research, and the result is a collection of mostly false information, negatively skewed opinion, and uninformed derision being used wholly to put forth one person's paranoid delusional view.