CeePrompt! Computer Connection

Originally published October 1, 2001

Viruses Exploit Microsoft

w32.Nimda (admin spelled backward) started spreading like wildfire throughout the globe Sept. 18, causing a noticeable slowdown of the Internet. Many networks locally were brought to their knees. Its wreaked more havoc than the dreaded Code Red virus and may have time-laden cargo onboard that re-infects after 10 days. Nimda tried to invade my system, but the ever-vigilant Norton was able to intervene and quarantine the invasive file. I was lucky -- some systems required an entire hard-drive reformat.

Nimda is particularly vicious in that it can invade Web servers and anonymously change the code on random Web pages. You can succumb to the virus just by visiting an infected site and innocently agreeing to view a "readme.exe" file. Not all viruses masquerade as e-mail attachments anymore.

Another more-recent virus exploits the horrific events of Sept. 11 and offers people the opportunity to vote on going to war. The executable file WTC.EXE, called the "vote virus," once again spreads through the Outlook mail program and propagates by attaching itself to every address in the Outlook Address Book. Like Nimda, the Vote Virus will also attack Web pages, in this instance defacing them with anti-American remarks.

Virtually all these viruses that have caused such grief for so many take advantage of holes and security defects in Microsoft products. From the operating system, to the browser and e-mail programs, hackers have exploited the shortcomings in these products. It's not just one or two small details that are overlooked by the developer. Product after product that consumers pay top dollar for are left with gaping security holes that allow unscrupulous hackers access. Microsoft responds appropriately, after the fact, with patches for the vulnerabilities as they're exposed.

I think it's high time that Microsoft invest as much serious time and energy into securing their current products as they do bringing new projects to market, such as XP. I often feel like my browser and operating system is a patchwork quilt of afterthoughts rather than the security blanket I originally invested in. I visit the Windows site seeking critical updates as much as I do Norton's AntiVirus center.

In a recent issue of "InfoWorld," Windows expert Brian Livingston chronicled the flaws in Microsoft's Passport authentication program. This system is used by millions to access HotMail and will be required in the new XP operating system to access most Internet communications features. A Trojan horse or worm can easily compromise the Passport system, exposing the user's personal information, including financial and credit card data that's stored on Passport's central Web server.

In all fairness to Microsoft, their products were originally designed for personal use and integrated with Visual Basic programming tools to extend the usefulness of its operating system and Office tools. But the open door to increasing productivity has also been an invitation to the dark side.

Anyone connected to the Internet is now part of a larger network and no longer just "personal computing." We are all vulnerable to the security flaws in Microsoft products. In an era of increased vigilance, the security of our networks and software has to come from the source.