Web hosting Custom Email SiteBuilder

Trojans Analysis
[ Home ] [ Up ]

    Trojans - a Windows security flaw?

    Many of you have probably noticed that trojan horses which enable remote entities to control an "infected" system have become very popular recently. It's also very likely that you've encountered them, or that your computer has at some point been infected by one. These trojans, NetBus, Back Orifice and the like, have become the worst nightmare of Windows Internet users. Many Microsoft-disliking persons or (news) companies have used the fact that this is mainly a Windows-related phenomena against Windows itself, some actually calling trojan horses "security flaws of Windows". People who do not have a slightly deeper understanding of how trojans and Windows work fall for these stories, and sometimes choose to switch operating systems to avoid possible problems. This not only hurts Windows' reputation, but also its users.

    If not a Windows flaw, what are they?

    In order to take precautions and not rush to misconclusions, one must know the true nature of the threat. First of all, it should be clear that trojan horses are not threats to users of a specific operating system, but an equal one to all computer users. Second, in order to "infect" a computer system with the trojan, a program must be run on the destination computer - there is no way to remotely infect a system. And third, the trojan gets only the authority that the account it was run under has - meaning that on multiuser systems like Unix or Windows NT the trojan would be able to compromise only what the user has access to, not the entire system. Administrators and people with higher level of access should naturally be trained well enough not to infect the system themselves.

    So how do we deal with it?

    Measures similar to those when protecting against a virus must be used. Do not run programs that you received from an unreliable source. Do not let others run such programs on your machine. The only thing to blame in case your system does get infected is your lack of caution - learn from that and be more cautious next time... and don't go switching your operating system, remember that the same thing can happen to you on any one of them!

    But Windows flaws ARE being exploited!

    Some Microsoft administrators claim it as well as the Cult of the Dead Cow. This surprises and disturbs us, because nobody who's trained well enough to be an administrator should think such a thing. Back Orifice uses some privileged calls to accomplish its goals, calls that naturally can not be issued under a non-privileged account. These calls, being a privileged part of the OS, are NOT and should NOT be called security holes! This is like saying that administrators should not be allowed to reboot the machine! Other operating systems have privileged system calls as well and they aren't and have never been called security holes by professionals. The only conclusion that can be drawn from this is that certain individuals dislike the Windows (NT/2000) OS in particular and would do or say anything to undermine Microsoft customers' confidence in it, while some others merely trust the first and blindly support them. We hope you have learned not to.