>Subject: Windows 95 Warning on comp.risks [RISKS-17.13], in Information Week
>
>Microsoft officials confirm that beta versions of Windows 95 include a small
>viral routine called Registration Wizard. It interrogates every system on a
>network gathering intelligence on what software is being run on which
>machine.
This is old FUD.
Like most fud, it's based on a mis-perception of the truth.
The online registration program asks if you want to include information on
your hardware and software along with registering your W95 upgrade. It shows
you what it is collecting and sending. The information is the same stuff you
can fill in on a registration postcard. It just automates the process.
I personally click no, and leave post cards blank, thank you very much.
> - "*user*" fires up MS-Network which then transmits the
> entire corporate filesystem topology to MicroSoft.
>
> - security types never know that internal information has
> been severely compromised.
No, it won't happen.
Think about it. Even if it were true, how long would it take for a single PC
to navigate and discover your entire corporate file system? How long would
it take to transmit that info by 14.4 or 28.8 modem? More than a second or
two, I would suspect.
> 3). Am I wrong here??? I find the potential for this scenario
> both realistic and horrifying!!!!
Congratulations. You've been successfully fuddified.
[not Stefan's comment, snipped from usenet post]
>So spread the word as far and wide as possible: Steer clear of Windows 95. =
Plenty of reasons to do this that are based on the truth, not nonsense. I
personally choose Macintosh for my own computing. (this is a whole 'nother
animal, and yeah I feel wierd being on Microsoft's side.)
Windows 95 presents a significantly *improved* security profile over
DOS/Windows. Since practically everyone has to deal with offices littered
with Wintel boxes, I'd think even a minimal security system would be a
welcome relief.
>Subject: Windows 95 Warning on comp.risks [RISKS-17.13], in Information Week
>
>Microsoft officials confirm that beta versions of Windows 95 include a small
>viral routine called Registration Wizard. It interrogates every system on a
>network gathering intelligence on what software is being run on which
>machine.
At 11:33 AM 8/1/95 -0700, Stefan Jon Silverman wrote:
>Folks:
>
> 1). Please see the posting below my sig line from comp.risks
>
> 2). I can imagine the following scenario:
>
> - "*user*" thrilled with his new upgrade to Win95 runs out
> to Fry's, Egghead...and buys a modem unbeknownst to the
> security types.
>
> - computer is also running a TCP/IP stack and PCNFS to
> access all of the corporate resources behind the firewall.
>
> - "*user*" fires up MS-Network which then transmits the
> entire corporate filesystem topology to MicroSoft.
>
> - security types never know that internal information has
> been severely compromised.
>
> 3). Am I wrong here??? I find the potential for this scenario
> both realistic and horrifying!!!!
>
> 4). In addition to the security implications, this might actually
> be a way to tame the MS beast...if enough corporations get
> probbed in this manner, the lawyers will have lots of fun
> putting together a class-action lawsuit to make MS (the
> original home of proprietary information and disclosures)
> much, much poorer for stealing tradesecrets, copyrights,
> etc....ALAS...I love it....
>
> 5). I think this also has implications for the MS TCP/IP port
> discussion that has been going on on this list recently.
> I.e., as the article points out, if they have your filesystem
> structure and you are not blocking that port, they could
> grab any file that they want and you would never know it...
>
> Regards,
>
> b c++'ing u,
>
> %-) sjs
>
>-------------------------------------------------------------------------------
>Stefan Jon Silverman - President SJS Associates, N.A., Inc.
> 572 Chestnut Street
>Distributed Systems Architecture & Implementation San Francisco, Ca. 94133
> Phone: 415 989 2741
>E-mail: sjs @
sjsinc .
com Cell: 415 519 3494
>-------------------------------------------------------------------------------
> Weebles wobble, but they don't fall down!!!
>-------------------------------------------------------------------------------
>
>Date: 30 Jun 1995 07:47:48 U
>From: "Paul Saffo" <psaffo @
iftf .
org>
>Subject: Warning on Using Win95
>
>>From PLS_MCI_MAIL FWD>>Warning on Using Win95
>
>Date: 6/26/95 8:44 PM
>From: jbreyer @
accel .
com
>Subject: Warning on Using Win95 [Update on RISKS-17.13 item]
>
>Believe it or not, this is not Net humor but serious. It would otherwise
>be outstanding satire!
>
>Subject: Windows 95 Warning on comp.risks [RISKS-17.13], in Information Week
>
>Microsoft officials confirm that beta versions of Windows 95 include a small
>viral routine called Registration Wizard. It interrogates every system on a
>network gathering intelligence on what software is being run on which
>machine. It then creates a complete listing of both Microsoft's and
>competitors' products by machine, which it reports to Microsoft when
>customers sign up for Microsoft's Network Services, due for launch later
>this year.
>
>"In Short" column, page 88, _Information Week_ magazine, May 22,1995 The
>implications of this action, and the attitude of Microsoft to plan such
>action, beggars the imagination.
>
>An update on this. A friend of mine got hold of the beta test CD of Win95,
>and set up a packet sniffer between his serial port and the modem. When you
>try out the free demo time on The Microsoft Network, it transmits your
>entire directory structure in background.
>
>This means that they have a list of every directory (and, potentially every
>file) on your machine. It would not be difficult to have something like a
>FileRequest from your system to theirs, without you knowing about it. This
>way they could get ahold of any juicy routines you've written yourself and
>claim them as their own if you don't have them copyrighted.
>
>Needless to say, I'm rather annoyed about this.
>So spread the word as far and wide as possible: Steer clear of Windows 95. =
>
>There's nothing to say that this "feature" will be removed in the final
>release.
>
> [GML addition: Prodigy was accused of doing something similar several
> years ago. In that case it was not nearly as threatening due to: 1) it
> was = limited to a single PC, 2) Prodigy couldn't do much with the info
> (i.e. they could not pursue you for copyright infringement, nor were they
> trying to expand into so many businesses the way Microsoft is).]
>
>
Larry Barras
Merak Projects, Inc.
|
|
