Slashdot Mirror
WMF Flaw not a Backdoor
koro666 writes "In a blog post, Mark Russinovich from SysInternals responded to the allegations made by Steve Gibson labeling the flaw as an intentional backdoor. It seems that the hype was about Steve's discovery that the code would only be executed if the size of the metafile record was deliberately tampered with, which is not the case. The technical details are explained in his post."
Well, googlefight has Russinovich on the ropes, Gibson comes out well on top as far as hits go.
However, Mark has been gaining himself a decent reputation recently.
I know whos opinion and factchecking I trust at the moment.
Mark Russinovich
483,000 results
Steve Gibson
13,700,000 results
liqbase
It was funny seeing how a lot of people were dismissing the "Gibson Bashers" in the original /. thread. Well, guess what? grcsucks.com really was right about the guy. Told ya so. Mmm, vindication. :)
Just take one look at the sensationalist language and snakeoil-salesman design style of Gibson's website (doesn't it remind you of other shady sites) if people need more convincing that Gibson is a fraud.
What else is there to say? It's a bit of legacy code left over from the days when it was safe to assume that any code on a computer had been put their with the owner's knowledge and consent. That assumption has since been invalidated by subsequent events. A backdoor it may be -- but when it was put there, there used to be a fence around the back garden.
And this is just one example of a whole class of things that are really, seriously, terribly wrong with Windows {and for that matter, closed-source software in general}. A lot of benign application software has come to depend on behaviour in the operating system that ought never to have been allowed in the first place -- behaviour that makes the propagation of viruses and worms so much simpler. Now, if Microsoft change the way Windows works so as not to just hand out permission for any process to interfere with any other process, then the worms and viruses that depend on this behaviour will die off -- but so will all those applications that depend on this broken behaviour. Then what used to be a choice between "Stay with Microsoft, and all your old software will still work like it did before" and "Leave Microsoft, and none of your old software will work anymore" becomes one between "Continue to splash out good money after bad to Microsoft, but none of your old software will work anymore" and "Wave goodbye to Microsoft, none of your old software will work anymore but there are better-than-adequate replacements for all of it".
And my prediction? A company that still makes extensive use of an obsolete software product will find themselves -- and their precious data -- orphaned as a consequence of the switch to Vista. They will have to obtain a pirated copy or copies of an earlier Microsoft OS {because there is no way to obtain a legitimate one} just in order to read their own files. This will only be discovered in a Licencing Gestapo bust.
Je fume. Tu fumes. Nous fûmes!
Mark doesn't have access to NT source code. Never has. This is a common misconception.
He's a technical writer, not a psychologist. Why should he write about motivations. A classic adage goes, "Never attribute to malice what can be explained by stupidity". Steve jumped the gun in a BIG way. Microsoft's actions over time have been explained by many as being malicious. I never saw Microsoft as malicious at the coder level. Most developers at Microsoft love their jobs and could give a crap about a competitor - let alone coding in something to "cut off their air supply".
Windows sucks for the reason you have pinpointed. It is backward compatible to the point of killing itself. Compatibility code was one of the single largest attack surfaces I recall hearing about during the security code review in 2001. Windows doesn't get culled regularly for "old code" or "bad code" as those aren't binary values - those are hard things to discern in an automated fashion, so they get effectively swept under the rug. Code doesn't get removed in Windows. It just gets forgotten. Seriously.
The sociology of this is more interesting than the programming details, in my opinion. It often happens that one person in the computer industry analyzes an abuse, and another person, who is competing for attention, attacks the first person. Admittedly, Steve Gibson of grc.com has a flawed, exaggerated manner of communicating. But many abuses never are fully recognized because technical people attack each other, rather than analyze carefully how they are being abused.
:-("
As others have mentioned in comments I have excerpted below, the U.S. government stated clearly and for the record that it wanted access to all computers. It appears that the government got what it wanted in what I think I can show logically is the only way possible.
Mark Russinovich of SysInternals is an extremely competent programmer. His utilities for Windows are the best available. Even Microsoft recommends using them, to supplement the limited and unfinished and flawed utilities supplied with Windows. However, Mark Russinovich is not a sociologist, so his comments may not take into account the complexities of the social issues.
The main issue seems to be, not that graphics files have the ability to execute code, but why was there inadequate testing in the code to prevent security vulnerabilities?
Here are quotes from Mark's article:
"The actual reason is lost with the original developer of the API, but my guess is that he or she was being as flexible as possible."
And: "... given a choice of believing there was malicious intent or poor design behind this implementation, I'll pick poor design. After all, there are plenty of such examples all throughout the Windows API, especially in the part of the API that has its roots in Windows 3.1. The bottom line is that I'm convinced that this behavior, while intentional, is not a secret backdoor."
Mark's perception of Microsoft's sloppiness seems correct to me. I coded a program for Windows 3.1 using the Windows 3.1 API that dialed to a bulletin board and downloaded stock quotes. I was amazed at the extreme sloppiness and bad design of the Com port API. The actual code that Microsoft shipped had the quality of code that I would expect from an overtired programmer's first draft. A rested programmer would not have been so sloppy, even in his first proof-of-concept code.
Quotes from the comments:
"Thanks for this excellent analysis! Steve Gibson certainly does not deserver to be taken seriously by anyone, but unfortunately he is
This is a reference to the fact that Gibson's language often contains a hysterical, exaggerated quality.
Another comment -- This commenter makes the point that Microsoft had hired a technically knowledgeable top manager, who would certainly demand that programmers check the security of any code that is supplied by a user:
"Q: When was this backdoor coded?
A: About 1992.
Q: How old was VMS at that time?
A: 15 years.
Q: Who directed the development of Windows NT?
A: Dave Cutler.
Q: What's Cutler's background.
A: Directed VMS at DEC.
Q: On who's watch was this security lapse ported into the Windows NT stream.
A: Presumably Cutler's.
While anything's possible, it's hard to imagine how a security lapse of this magnitude (trusting user-written code) could have made its way into VMS code.
"The point is that Stephen Toulouse's "the security landscape in the early 1990's was very different than today" is, well, self-serving. Only in MS's myoptic view is this the case."
Another comment:
"Now that I think about it, even Mark has to guess at what some coder was thinking when she wrote this, and maybe she did it intentionally. You'll never know will you? Maybe somebody's been watching all of us for years, and it ends up in some massive NSA database."
An