Worm Hole in Win2k, and Windows Protection as a Business Model

The Internet Patrol - Patrolling the Internet for You

Both ZDNet and IIS Resources are reporting a newly discovered “worm hole” in Windows 2000, one for which they say there is no work-around. According to the reports, the Windows security company eEye discovered the flaw this week, indicating that the flaw was in a core component which was on by default, and could not be switched off.

Said Marc Maiffret, Chief Hacking Officer (now there’s an interesting title) for eEye, “You can’t turn this (vulnerable) component off. It’s always on. You can’t disable it. You can’t uninstall.”


In keeping with eEye’s stated policy, they are not releasing further information about the flaw until a fix is available, presumably so as to not facilitate exploitation of the flaw.

Crawling around eEye’s site, however, does provide some interesting information, and gives rise to some interesting questions. eEye’s offerings to the public include security products with cute names like Retina, Blink, and Iris. Many of their products are aimed directly at Windows protection and issues, and eEye is hardly alone in that field. But eEye seems to have taken to a new level not only protecting users from malicious attackers, but protecting users from problems with Windows itself. “eEye Digital Security is a leading vulnerability management software developer with a unique approach to enterprise security – eliminate vulnerabilities, rather than just thwart attacks,” says the eEye home page. And just last week they announced “protection for an unpatched MS IE flaw”.

The questions this raises include: what does this say about what consumers expect in terms of the security of a product they buy, out of the box? Have we as an Internet nation become accustomed to, accepting of, even complacent about products which somehow put us at risk but which we nonetheless continue to buy? (This is not a slam at Microsoft, lots of products suffer from these same issues.)

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

But perhaps most interesting to me is the concept of building a business model out of cleaning up someone else’s mess – and having it be a viable business model. Should consumers pay for 3rd-party mess cleaning? Should they have to? Should the mess-maker clean it up? Is this a voluntary or involuntary symbiotic relationship?

What do you guys think?

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

3 thoughts on “Worm Hole in Win2k, and Windows Protection as a Business Model

  1. eEye has made some pretty strong claims, but the article seems to say that they only go so far.

    I am using OSsurance Desktop, which protects against all buffer overflow vulnerabilities by detecting overflows and refusing to run the code. OS Security also combined in the program refusal to run any program that the user does not add to a white list voluntarily and the function of detecting and refusing substituted dll’s (proxy attacks) as well as programs that self-modify on the way from the hard disk to ram.

    I would like to see this article rewritten with awareness of OSsurance. There is a great (and by some miracle, objective) review at
    http://kareldjag.over-blog.com/article-498061.html
    Also, the main reason I tried OSsurance and bought it, was this press release from them, which is aimed at Firefox, but if you extend the logic, is really about all of Windows.

    Anyway, the upshot of this whole discussion is that by using OSsurance I don’t feel the need to ever consider any specific vulnerability or download any “critical patch” (ooo, scary).
    For the last two months I have seen OSsurance stop various attacks on my system and the guy on the overblog site above seems to have thrown everything at OSD that he can.

    So there.

  2. This goes along with what many of us have been saying for years- fix the code BEFORE adding any new features. Hopefully someday they’ll get it…

  3. Having a second pair of eyes (forgive the pun) looking at code, documentation, published material, etc. is always a benefit. That’s why there are editors. Perhaps Microsoft, and other software publishers would do their customers a great service if they were to hire firms like eEye BEFORE releasing their product for beta testing. Imagine that, an O/S released and no security flaws. Perhaps Microsoft can devote their time between O/S releases to develop something truly innovative rather than constantly putting out fires.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.