Some experts have have long argued that MS Windows was inherently insecure, but now a Microsoft manager has confirmed it.
It all started in a technical discussion forum during last week's parade of security flaws in Windows products that were uncovered by outside experts.
Also:
Hotmail Scofflaw? No Worries
Hotmail Fallout: A Mere Trickle
Hotmail Hackers: 'We Did It'
Hotmail Accounts Exposed to All
Want Security? Forget Web Mail
Did MS Dig Its Hotmail Hole?
Security experts identified some of the problems during presentations at the Usenix convention last week in Washington.
One, unearthed by Bulgarian bug expert Georgi Guninski, lets hackers insert malicious programs into a victim's hard drive. Another, reported by Wired News, lets an attacker take control of a PC by sending an email message.
On the Usenet discussion group microsoft.public.scripting.wsh, the reaction was fast and furious.
One participant complained that Microsoft's ActiveX scripting technology was so flaky that it was a time bomb waiting to explode.
"ActiveX in general, and ActiveX over the Web in particular, were never designed for anything at all, but are merely the final stages of a bomb which has been ticking in Microsoft's foundations," the poster wrote.
It should be noted, though, that the poster was comparing ActiveX to Java and Perl-5, which were designed specifically with safety in mind.
A few posts later, Peter Torr, MS Windows Script program manager, joined the fray. He defended MS Windows NT as an operating system that's "generally considered" less prone to break-ins than either Unix or Linux.
But what about Windows 95 or 98, used by millions of customers worldwide?
"If you're talking about Windows 9x, forget it," Torr wrote. "No one ever (seriously) claimed that it was secure."
But Windows fans shouldn't rush en masse to defenestrate those buggy PCs – yet.
On Tuesday, Microsoft released a patch that it said repaired "security vulnerabilities" in two ActiveX programs included with Windows. Anyone who knows enough about the technology can use those glitches to seize control of a PC through email or a Web page.
Microsoft could not be immediately reached for comment.
Related Wired Links:
'A Flaw Worse Than Melissa'
26.Aug.99
Hotel Hotmail
22.Mar.99
Hotmail Bug, Still an Open Book?
21.Sep.98
Another Freemail Security Flaw
31.Aug.98
Microsoft Rights Hotmail
27.Aug.98
Hotmail Open to Script Attacks
24.Aug.98
