Microsoft Sucks Update I've begun to think maybe I should take down this page. I'm not asfrothing-at-the-mouth against Microsoft as I used to be. Heck, I evenstarted using Windows 2000 because I finally thought Microsoft hada stable, powerful enough operating system that I could have almostas much power as I had under Linux. Now Microsoft is even admittingtheir operating system has bugs and releasing frequent fixes, somethingthey never did in the early days. That kind of honesty surprisedme and I'm softening up to them. Maybe they don't suck after all. Maybethis page can be a snapshot of what Microsoft used to be like.Maybe. Just Maybe. - Tue Sep 16, 2003Why Microsoft SucksThis is an informal hogde-podge of anecdotal information lending credenceto the hypothesis that Microsoft is a disgraceful, unreliable, dishonestcompany. And sometimes just plain bone-headed, too. Most of theinformation is actually from the moderated USENET Newsgroup comp.risks,which is a reasonably reliable source of technical information.FLASH!The "Halloween" Documents,a collection of leaked internal Microsoft memos from late 1998 that areself-testimonials to the dishonest tactics that are normally used by thiscompany, in response to their deep fear thatLinux and otherOpen Source Software might blowMicrosoft out of the water over the next few years.First, some links to other people that agree with me.Other "Microsoft Sucks" linksThis is just a very small sampling of the pages around the world thatalready have the title Microsoft Sucks. A much more extensiveand up-to-date list can by generated by going toGoogle andsearching for the string "Microsoft sucks".I'm not sure why I was surprised at the numberof pages that already exist on the topic...Survey proves: Microsoft sucks 14.77 times as much as Apple sucks My list of examples of why Microsoft sucks[1] RISKS DIGEST 18.64Date: Mon Dec 02 14:47:15 EST 1996From: Tim Panton Subject: Web-based auto update of Microsoft's Java support [Here is a frightening snippet from Microsoft's website I'm not sure I understand the full implications of it, but I don't doubt that there are risks involved.]http://www.microsoft.com/java/sdk/getstart/javac007.htm :Updating the Java Support on a User's MachineIf you are placing an applet that uses COM on an HTML page accessible fromthe Internet, you must ensure that any users who encounter that page have aversion of the Java Support for Internet Explorer that fully supportsJava/COM integration.To do this, you must insert the following tag on the HTML pagecontaining your applet (or on the introductory page of your Web site): This tag causes the user's Internet Explorer to check the version of itsJava support. If the version installed on the user's machine is notup-to-date,Internet Explorer downloads the latest version of Java support fromhttp://www.microsoft.com and updates the user's machine. - - - -The potential risks are endless. Say I know of a security hole in a specific version of IE, I can automatically get visitors to my website to install it, then attack them through the hole.Some questions:Does it ask the user first ?Can I force a 'down'grade, i.e., install an older version ?What happens if the user uses two sites that require different versions?Is the code signing strong? (i.e., stronger than MS's CD keys ?), can Ifake a CAB file?Tim Panton, Westhawk Ltd, Frederik Hendriklaan 89, 2582BW Den Haag. TheNetherlands tpanton@ibm.net +31 6 5348 1795 http://www.westhawk.co.uk**************************************************************************[1] RISKS DIGEST 18.65Date: Tue, 3 Dec 1996 13:25:24 -0500From: Bob.Price@cwi.cablew.comSubject: MS-Access Runtime trashes WFWUnless especial pains are taken, 16-bit MS-Acess runtime disks made on aWindows-95 machine with 16-bit Access will cause near-irreparable harm wheninstalled on a WFW or Windows 3.1 machine. The reason is that some 32-bitsystem .DLLs are copied to the distribution diskettes (or networkdistribution set) along with the 16-bit files, and because the 32-bit fileshave the same names as the 16-bit files, the 16-bit platform no longer worksproperly. I'm told the official Microsoft paper on the subject says toformat the hard drive and re-install everything. I was able to "recover" byupgrading to Windows-95; others have had success ferreting out the specificfiles and replacing them. Reinstalling WFW didn't fix anything.Bob Price Cable & Wireless Inc. bobp0303@hotmail.com (703)760-3071**************************************************************************[1] RISKS DIGEST 18.80Date: Sat Feb 01 19:07:45 EST 1997Date: Fri, 31 Jan 1997 12:51:38 -0800From: Geoff Kuenning Subject: Spelling checkers and inconsistent interfacesA posting on the Orchestra List once again highlights the RISKS ofinconsistent interfaces:> From: Symph@uwyo.edu (Michael T. Griffith)> To: orchestralist@hubcap.clemson.edu (ork)> Subject: spellcheckers...> I know some of you have been amused (at best) by my spellchecker episodes> in the past few weeks (Hindemith came out as Hindmost was the worst). If> you're interested, I've discovered the problem, and will share it with> Microsoft Mail users out there.>> In MS Word, if the spellchecker highlights a word it doesn't know, like> Hindemith, you can click on "add" and it puts Hindemith into its dictionary...> In MS Mail, if it highlights a word it doesn't know, and you click on "add,"> it puts the highlighted correction it offered into the dictionary as a> permanent correction. Since "Hindmost" was the first offered correction, it> permanently noted that every time I type Hindemith, it would substitute> Hindmost.So in one interface, "add" means "add this word, as-is, to the dictionary."In the other, "add" means "add this suggested replacement to the dictionaryand never ask me again."Incidentally, ispell users have been asking for the latter feature foryears, but I have stubbornly refused because I think that automatedreplacement is far too RISKy to trust a computer.Geoff Kuenning g.kuenning@ieee.org geoff@ITcorp.comhttp://fmg-www.cs.ucla.edu/geoff/ [Hindemith wrote "Mathis der Maler". Hindmost wrote "MS der Mauler", seemingly applicable in English (one who mauls). Although not quite echt deutsch, there are several potentially pertinent interpretations as well. PGN]**************************************************************************[1] RISKS DIGEST 18.84Date: Fri Feb 21 19:04:08 EST 1997Date: Fri, 21 Feb 1997 11:46:11 -0800 (PST)From: fc@ca.sandia.gov (Fred Cohen)Subject: Re: MS on the CCC ActiveX virus (RISKS-18.83)Re: SBN Wire: News Flash, Brad Silverberg> You may have heard reports about a malicious software program created and> demonstrated recently by the Chaos Computer Club (CCC) in Hamburg, Germany.> I want to personally assure you that Microsoft(R) Internet Explorer 3.0 has> the appropriate safeguards to protect against this type of threat. By using> its default security level (High) that comes pre-set, Internet Explorer 3.0> will not download and run any "unsigned" control such as the one from the> CCC.I appreciate your insightful opinion on this matter, however... Anyone can get a signature key without authenticating their legitimacy. It's relatively easy to break into a system and take a legitimate key. The default may be changed by the user for one use and remain changed. Other flaws in Explorer may be used to turn that feature on - then look out.> The CCC demonstrated its malicious executable code running on Microsoft> Internet Explorer 3.0, though they could just as easily have demonstrated a> similar attack on any other browser. While it is unfortunate that hackers> have created this harmful program, it does point out the need for users to> act cautiously and responsibly on the Internet, just as they do in the> physical world.I appreciate your insightful opinion on this matter, however... This is not accurate. The very nature of ActiveX makes it impossible to operate it securely. Unlike other vendors who make attempts at providing improved protection, ActiveX is a hole waiting to be exploited.> Malicious code can be written and disguised in many ways - within> application macros, Java(tm) applets, ActiveX(tm) controls, Navigator> plug-ins, Macintosh(R) applications and more. For that reason, with> Internet Explorer 3.0, Microsoft has initiated efforts to protect users> against these threats. Microsoft Authenticode(tm) in Internet Explorer 3.0> is the only commercial technology in use today that identifies who published> executable code you might download from the Internet, and verifies that it> hasn't been altered since publication.I appreciate your insightful opinion on this matter, however... No disguise is needed for malicious ActiveX programs. Any ActiveX program can potentially - either maliciously or by accident or even as a result of configuration differences, cause a system crash, the corruption or destruction of information and/or unlimited leakage and it doesn't depend on some hard-to-find hole in an otherwise secure application. It is a direct result of the methods used by Microsoft, cannot be easily cured with any bug-fix.> If users choose to change the default security level from High to Medium,> they still have the opportunity to protect themselves from unsigned code.> At a Medium setting, prior to downloading and running executable software on> your computer, Microsoft Internet Explorer presents you with a dialog either> displaying the publisher's certificate, or informing you that an "unsigned> control" can be run on your machine. At that point, in either case, you are> in control and can decide how to proceed.I appreciate your insightful opinion on this matter, however... Even if you choose wisely, ActiveX is a hole waiting to be exploited and provides essentially no protection. As the folks at Microsoft know well, impediments are easily and commonly removed - and the use of the display box for popular applications is likely to result in the question being turned off in favor of easy access.> As you know, Microsoft is committed to giving users a rich computing> experience while providing appropriate safeguards. Most useful and> productive applications need a wide range of system services, and would be> seriously limited in functionality without access to these services. This> means that many Java applications will have to go "outside the sandbox" to> provide users with rich functionality. By signing code, a developer can> and integrity safeguards they need. Other firms such as Sun and Netscape> are following our lead, and have announced that they will also provide code> signing for Java applets. Microsoft will also be providing an enhanced Java> security model in the future, giving users and developers flexible levels of> functionality and security.I appreciate your insightful opinion on this matter, however... "...while providing appropriate safeguards" is just not true. Microsoft has a long history of providing systems with no protection, and only recently introduced the first system with even mild protection in it's NT product. Java provides a lot of functionality within the "sandbox", but I am not an advocate of Java either. The syle of computing being pushed out to consumers is inherently risky and must be implemented with substantial controls There is nothing wrong with having signatures, but it is no guarantee either.> Microsoft takes the threat of malicious code very seriously. It is a> problem that affects everyone in our industry. This issue is not tied to> any specific vendor or group of people. All of us that use computers for> work, education, or just plain fun need to be aware of potential risks and> use the precautions that can insure we all get the most out of our> computers. For this reason, we are committed to providing great safeguards> against these types of threats in Internet Explorer. We expect hackers and> virus writers to get increasingly sophisticated but we pledge we'll continue> to keep you and us one step ahead of them.I appreciate your insightful opinion on this matter, however... Microsoft still has not addressed Word Macro viruses, PC viruses, Windows viruses, etc. The claim that "Microsoft takes the threat of malicious code very seriously" is ludicrous on its face. This is the same company that has distributed viruses to its customers because it didn't do adequate checking of its distributions for known viruses. This is the company whose Windows installation deleted all of the README files on a system when the user upgraded. This is the same company that continues to ship software with inadequate protection. All of this "perception management" doesn't change the fact, and it shouldn't sway the readers of this letter either.FC [Fred Cohen can be reached at tel:510-294-2087 fax:510-294-1225]**************************************************************************RISKS-LIST: Risks-Forum Digest Saturday 31 May 1997 Volume 19 : Issue 20Date: Thu, 29 May 1997 12:04:45 -0400From: "Mich Kabay [NCSA]" Subject: Microsoft and Privacy>From Computer Privacy Digest Wed, 28 May 97, Volume 10 : Issue: 026Date: 27 May 1997 14:45:37 -0600>From: cooler Subject: Microsoft and PrivacyYesterday I became aware of an online privacy issue involving Microsoft, andI hope to bring an awareness of this issue to anyone who can take thatawareness further.The issue is this: Microsoft has begun to set up a series of "Sidewalk"sites, ostensibly to provide local information for various cities. Oneexample is at http://www.newyork.sidewalk.com/ . If you visit that site,you can see a link (toward the right) to "Terms and Conditions". The linkis to a page explaining the "Terms of Use" of the Sidewalk site. This israther unusual; I don't know any other site that has "Terms of Use".Reading through six paragraphs of fine print you will see that they areasserting that your usage of their site entitles them to sell your e-mailaddress together with any demographic data they might gather about you.I believe there is a serious online privacy issue because: 1) Few visitors will be aware that they have implicitly consented to allow the sale of their personal data. 2) Providing local information about cities increases the chance that your personal data will be tied to geodemographic data. 3) Microsoft also makes a browser. We have no way to know that they can't grab your e-mail address with it. Indeed, their new browser integrates seamlessly with the information on your desktop, so the potential is there for them to grab much more data.While the selling of personal data is nothing new, I believe thatMicrosoft has an unusual advantage here. Their willingness to gatherand sell this data, together with the intimacy of their browser,presents a new and possibly dangerous threat to personal privacy.**************************************************************************alt.humor.best-of-usenet (moderated) #8191 (0 + 0 more) [1]From: Toby Speight [1] [comp.emacs] Re: RMS is being a weenieFollowup-To: alt.humor.best-of-usenet.dDate: Sun Oct 19 13:55:53 EDT 1997Organization: best of usenet humorLines: 34X-Disclaimer: The "Approved" header verifies header information for article+ transmission and does not imply approval of content. See .sig+ below.X-Submissions-To: ahbou-sub@acpub.duke.eduX-Posting-Moderator: Peter SimonsX-FAQ-Is-At: ftp://rtfm.mit.edu/pub/faqs/best-of-usenet-humorX-For-FAQ-Mailto: ahboufaq@eey.orgX-Moderator-Review: thumps-upSubject: Re: RMS is being a weenieFrom: David Kastrup Newsgroups: comp.emacsRich Pieri writes:>>>>> "JAB" == John Arley Burns writes:JAB> Grow up? Stop using windoze - that's maturity! ;)> Yeah, right. OS flames are really mature.>> Ever hear of the concept of using the right tool for the job?Of course you're right. Nothing like Windows for programmers intoheavy masochism (oh, yes, Master Gates, I have failed to adapt to yourlatest secret API. Punish me. Give me the Global Protection Fault.Give my hard disk freely to others via one of the many holes youpierced in my ActiveX. Boot and reboot me, again and again. Make mesay "industry standard", then whack me with unexpected changes justwhen I'm feeling safe. Come up with faster ways to use my inputs andoutputs (cd http://www.i2osig.org), but let never again let me knowfreely about how to work with them).Use the right tool for the right Job [sic].Sorry, this was too hard to resist. I promise to be a good boy fromnow on (at least for a while). Sob.**************************************************************************Date: Wed, 12 Nov 1997 13:46:29 -0500From: Harvey Newstrom Subject: Re: Why Microsoft is a Threat to FreedomMichael Lorrey wrote:> there's a route to take for personal choice....Or you could buy a Mac,> pay twice as much for the same performance you get in your PC. There's> another choice.Actually, price/performance ratios for Macs are the same or better thanIntel PCs. Keep in mind that Macs come with built in ethernet, stereosound, video capability, music synthesizers, voice recognition, andother items that aren't included in some PC prices.It's also hard to compare prices on the fastest Motorola or Alpha chipswith Intel chips because Intel can't go that fast yet. If you need thefastest machines, the price of Intels become infinity (= not available).At 21:23 3-11-97 Lee Daniel Crocker wrote:> > Anbody that tries to make a M$ competing product will be aquired by MS or> > will be cut of with technical incompatibility tricks. That failing, theThis has been my experience with Microsoft products. I am currentlytrying to build web pages that are standard HTML and compatible withevery browser. I downloaded Microsoft Internet Explorer to my Macintoshand installed it. In the "README.TXT" file it explained that it changedthe data format of my "Internet Config" control panel, which is used byall TCP/IP programs on my Mac. It them explained that other programsmay not be compatible with the "newer" version. Basically, theyreformatted another product's data files in such a way to make itMS-compatible only, and broke it for other products.Another example just occurred at IBM where I work, also involvingMicrosoft and Web Pages. The Microsoft servers wouldn't feed graphicscorrectly to Netscape browsers. They claimed that the Netscape browsercan't view the file, but that Internet Explorer can. Uponinvestigation, it turns out that the files are readable by Netscape, butthat the Microsoft Server refuses to serve to Netscape clients. Whenone of our engineers tried to retaliate by making his webserver refuseto serve to Microsoft Internet Explorer, we discovered that theMicrosoft browser will misrepresent itself to gain access. It firstclaims to be Microsoft Internet Explorer. If access is denied, it thenclaims to be Netscape Mozilla to gain access.There also are many examples of Microsoft products opening back doors onmachines to allow their servers to gain access, or for their anti-piracysoftware to check for stolen products on your machine. Some of these Ihave discovered will open listening sockets on the network, even whennetworking appears to be disabled and all access permissions are denied.This latter example occurred with a wordprocessor program on a"non-networked" machine that was causing network problems for othermachines. There was no way to open a document file without the machineturning on the network and communicating data about the local machine toother Microsoft products on the network.As a Network Security consultant, I recommend that my clients do not useproducts that deliberately sabotage other products, lie to securityfilters to gain access to other machines, or open back doors to thenetwork that are neither documented or part of the product's normalfunction.- -- Harvey Newstrom (harv@gate.net)---Date: Thu, 13 Nov 1997 11:46:16 -0500From: Harvey Newstrom Subject: Re: Why Microsoft is a Threat to FreedomMichael Lorrey wrote:> Haven't been shopping for PCs lately huh?Of course I have. I wouldn't have made a statement about pricecomparisons if I hadn't actually compared prices. I have recentlypurchased six PC's, 3 Macs, and 2 Unix Workstations for my home lab.> What do you mean "another products data files"? Do you mean that it made> IE the default browser for .html files for that computer? Duh, thats> merely a matter of file format association.No, I mean the installer opened up private preferences files for othernon-Microsoft products that were previously installed on the computerand changed the data in those files such that the original applicationscouldn't use their own files any more. Internet Config is a seperateproduct for configuring IP on the Mac. No other product is supposed towrite to those files, although the product will feed information fromthose files to other applications. By changing the data formats in thisfile, Microsoft caused competing products to start failing withcorrupted data while Microsoft products continue to work with the newformat. Restoring the Internet Config file from backup reenables theother products to their original functionality.> Here's an idea. Netscape could, GASP, do the same thing, impersonate an> Explorer browser to gain access to a MS webserver.... Gee why didn't I> think of that... I dunno, it must be because I don't work for> microsoft.....Sure they could do the same thing. But as a Network Securityconsultant, I take a dim view of software deliberately providing falseinformation to queries in an attempt to access server areas that theserver administrator is clearly trying to withhold from that software.Just as any hacker caught trying to get in under false pretenses couldbe banned from the site, any software that lies to try to bypasssecurity under false pretenses could also be banned.Of course my preferred solution is that my clients beef up their ownsecurity the way they want, and then they don't have to worry about whatclient do to try to break in.>> There also are many examples of Microsoft products opening back doors on>> machines to allow their servers to gain access, or for their anti-piracy>> software to check for stolen products on your machine.> I'd like to see more about this. Any system administrator would find> this a useful tool, and this data must be how many of the network> oversight applications operate. A good way to make sure your coders and> data entry weenies are working and not playing solitaire or sending each> other joke email....I'm sure my boss would like to have that capability> over me... he he...Yes, it would be a wonderful tool if it were documented and if theNetwork Administrators had access to this data. Instead, it isundocumented, and only Microsoft software uses this information togather data about someone else's network without their knowledge.Any knowledgeable network engineer can analyze these interactions with asniffer and write their own code to access the same listening ports(backdoors) to gather information about PCs. For each PC, you couldtell what time an application started and what time it ended. You couldeven choose to deny any specific (Microsoft) application by telling itthat its copy is illegal. The Microsoft product will override the localuser's desire with the directives received over the network.> As a network consultant, I recommend that others in the field find out> more about how PCs work in background operations to expand their> horizons past their Mac blindered knowledge...I have discovered this stuff using packet sniffer tools to detectanomolous behaviors occurring in the background of most software vendorsproducts. Much of my research has been part of top secret DoD projects,for which I was specifically brought in because of my investigationsinto backdoors deliberately created by software vendors. None of myresearch is second-hand or unsubstantiated. (Long-time readers of thislist will remember when I left the Government arena to found my owncompany in 1994.) Besides consulting for DoD security projects, I alsopull six figures per year from IBM for researching their PC networkingdifficulties. I assure you that my knowledge of PC networking is notslight or biased.But why argue with me? Anybody can buy the products, and then reverseengineer them to see what they are really doing in the background. Ifyou are a network consultant, you should probably have the tools to dothis already. Did you actually investigate any of these items beforeyou decided to disagreed with them, or do you merely have the "faith"that Microsoft would never do anything underhanded with their software?- --Harvey Newstrom (harv@gate.net)**************************************************************************[1] RISKS DIGEST 19.53Date: Fri, 12 Dec 1997 19:16:15 -0000From: Ken Tindell Subject: Re: What really happened on Mars Rover Pathfinder (Jones, R-19.49)>This scenario is a classic case of priority inversion.So classic that it has happened before many times in many projects. And Ifear will continue to happen. Today, people are building critical real-timesystems based on Windows NT. But NT doesn't implement priority inheritance.Instead it contains a "priority randomizer" which randomly selects tasks andalters their priorities in the hope that eventually the priority inversiongoes away. Whilst this may be adequate for a general-purpose computer in aworkstation environment, this is unlikely to be adequate for a criticalreal-time system.>For the record, the paper was:>L. Sha, R. Rajkumar, and J. P. Lehoczky. Priority Inheritance Protocols: An>Approach to Real-Time Synchronization. In IEEE Transactions on Computers,>vol. 39, pp. 1175-1185, Sep. 1990.I must point out that their work appeared much earlier in technical reportsand conference proceedings and was widely cited before the 1990 paperappeared. Interested readers might like to read the following paper, whichgives an historical perspective on when major results were made available: "Fixed Priority Scheduling: An Historical Perspective", Audsley, Burns, Davis, Tindell, Wellings, Real-Time Systems journal, March 1995, Volume 8, No. 2/3, pp. 173-198.I find it outrageous that engineers in 1997 are building critical systemsthat contain serious defects that were detectable and correctable ten yearsago. I do wonder at what point failure to be aware of these risksconstitutes negligence.**************************************************************************From: Matt Robinson Date: Tue, 24 Feb 1998 15:49:26 -0500Subject: Internet Explorer 4.0 for Solaris is out (long)Microsoft has released Internet Explorer 4.0 for Solaris.Note that this is the "final" release and not a "beta"or "preview" release.I've played with it a bit and can offer the following insights.One Line Summary: of course it's free - you have to be nuts to pay for it!Suspicious Release Schedule: currently available for Solaris andnothing else. HP-UX expected by the "end of the year". Now I know itis popular in the PC world to play-up the incompatibilities between various implementations of Unix, but this just reeks of incompetence.Most major implementations and many minor ones are largely POSIX-1003.1compatible or they're close enough that porting work is minimal to nil.At least Netscape, despite other deficiencies, seems to understand this -when they release one Unix version of their browser, they release it fora large number of versions (at a quick glance: AIX 4, Digital Unix,HP-UX 9 and 10, Irix 5.3 and 6.2, Linux 1.2 and 2.0, SunOS 4.1.3,Solaris 2.4 and 2.5.1 and Solaris x86 2.4 for Communicator 4.04).This is either a ploy (to make Unix systems look worse than PCs),incompetence (in not understanding how to make something remotely portable)or both.How Not To Do Things On A Unix System:- Create a font cache the first time you run on a particular combination of X server and font path. This is only done once but takes a heck of a long time as it forces the X server to load every single font in its font path, sometimes multiple times if the font has more than one name. Microsoft claims that this is to be able to quickly find font matches on the fly. While the font rendering does seem to be a little better than Netscape (perhaps just a better choice of fonts) it is not clear that this is particularly useful or necessary. Microsoft obviously got some complaints about this since the preview release since they have included a number of pre-fabricated caches for common configurations.- Replicate large chunks of the Win32 API. Installed package is about 43Mb, Communicator 4.04 is about 16Mb.- Store configuration data in a human-unreadable binary file. IE actually keeps a couple of registries, apparently in the Win32 format. While this was almost certainly done to avoid changing parts of the IE code, it does mean that you cannot edit the configuration outside of the IE program. Thus some of the tricks we could do with Ariel accounts and Netscape setup (i.e. installing a preferences file) cannot be done here. Mind you, Microsoft does sell an Internet Explorer for Unix Administration Kit for over $70CDN. Most other programs do not provide such a package for any price, since there are free third party configuration programs available, called (depending upon your preferences) ed, vi or emacs.- Determine the maximum size of your disk cache based upon a percentage of the partition size. Now who came up with this? I mean, you have to really make an effort to make a bonehead decision like this. I hope for the so-called "engineer"'s sake that they were blindingly drunk or had accidentally mixed medications when they put this in. I would hate to believe that somebody had deliberately set up the controls this way. (Aside: according to the readme.txt file, this feature doesn't even work and the limit is hard-coded to 1% of the partition size.)- Scrolling seems to be slower in many cases than Netscape, but has less flicker. The middle button is used in a misguided attempt to emulate the IntelliMouse wheel. I can just see this causing great confusion; when you click the middle button once, the mouse goes into "scrolling" mode where moving the mouse scrolls the page rather than moving the cursor. Clicking the mouse again exits the mode.- Java support is just broken. It crashes very easily - just scrolling back and forth quickly over an applet kills the browser.- Busy wait. When running Java applets, the browser would suck up at least 6-7% of the CPU on tiger, even if you weren't doing anything and nothing was actually running. The browser (according to truss) seems to keep trying to wait on a condition variable with a ridiculously short timeout. At other times, the browser still sits and spins (albeit less gratuitously) while it poll()s some file descriptors (often in multiple chunks) and also ioctl(FIONREAD)s others - all with short timeouts.- Memory usage is obscene. Opening a few pages (but only one window) and running a Java applet, ended up with an image of 33Mb (26Mb resident). Navigator 4 under similar conditions had 21Mb (16Mb resident). It also produces nice large core files, usually upwards of 11Mb.- Read local files, but not local directories. Trying to read a local file (e.g. file:/cs/home/tech1/matt/www/index.html) works, but trying to read a local directory (e.g. file:/cs/home/tech1/matt/www/) fails with a "File System Navigation Not Implemented" response. Mind you, FTP directories work fine (ftp://matt@localhost/cs/home/tech1/matt/www/) and we all know that the output from a "dir" command under FTP is radically different from an ls command on a local filesystem (sarcasm).- Dumps about 600k or so of junk in ~/.microsoft including a 400k registry file.- Microsoft's requirements: 32Mb of memory (64Mb recommended).- multiple instances (same user, same host, different display) work but seem to be related in some weird way as a crash in one crashes the other.Not As Bad Things:- although the exec memory usage is poor, it seems as though X resource usage is significantly better than Netscape 4.0.**************************************************************************[1] Risks Digest 19.94Date: Fri Sep 04 15:54:13 EDT 1998Date: Thu, 27 Aug 1998 14:08:15 -0600 (MDT)From: Bear Giles Subject: MS databases lose data; MS loses source code to DOSIt's bad enough that Microsoft databases lose data, but now Microsoftclaims, in court, that it has lost the crucial source code necessary toprove Caldera's allegation that Microsoft did in fact, as implied by aninternal 30 September 1991 that which Microsoft does not dispute, activelysabotage Windows 3.1 if it is launched from any competitive product toMS-DOS.Caldera is involved as the current legal owner of DR DOS, an increasinglypopular alternative to MS-DOS which was knocked out of the market after theintroduction of Windows 3.1 due to the flakiness of the DR DOS/Windows 3.1combination. (Not to imply that MS DOS/Windows 3.1 was particularlystable.)Since it lost the source code, Microsoft appears to be claiming that there'sno contempt of court in failure to provide the documentation (since it nolonger exists) and the judge should dismiss the case as without merit.No word on whether Microsoft's next defense will be that it stored thesource code for Windows 3.1 in an Access database.As an historical footnote, it's my understanding that the smoking gun memowas discovered in the 1995 DoJ investigation of Microsoft's businesspractices. That raises some obvious questions about what the current roundwill uncover.References: Wall Street Journal (27 Aug 1998?) http://www.news.com/News/Item/0,4,25763,00.html?st.ne.4.head http://www.zdnet.co.uk/news/1998/34/ns-5364.html http://www.caldera.comBear Giles **************************************************************************From: risko@csl.sri.com (RISKS List Owner)[1] Risks Digest 20.01Date: Thu Oct 01 20:21:52 EDT 1998Date: Fri, 25 Sep 1998 23:48:27 -0400From: Joe Thompson Subject: Re: "Windows NT security"There was a forum on InfoWorld Electric (http://www.infoworld.com/) aboutthis about a month or so ago. The actuality of NT's C2 certification isdependent on the following:* One of two or three (I seem to remember two Compaqs and one Digitalsystem) very specifically detailed hardware configurations must be used.These do not include any kind of external connectivity (network card,modem).* The version of NT that was certified was NT 3.5 with Service Pack 3applied, and no networking or comm drivers installed. 3.51 is notcertified, nor is 3.5 without SP3. 4.0 has not, to anyone's knowledge,begun the process of certification, and Microsoft declined to comment.The forum was started by InfoWorld columnist Nicholas Petreley, who spokewith a fellow named Ed... I can't recall his last name, but he headed upLone Star Systems, the company which developed the testing software thatMicrosoft used to gain the seal of approval. He alleges that Microsoft hasboth actively and passively misrepresented the security of NT to, amongothers, government agencies, and that Microsoft reneged on promises todistribute his compliance-testing software.It was a very interesting forum. Petreley sent a comprehensive list ofquestions to Microsoft and their answer was a blanket "no comment." Mostof the questions were not even speculative in nature, but were seekingcomment on facts that could easily be verified independently (e.g., detailsabout Microsoft displays at various trade shows).Nicholas will be happy to comment I'm sure, and the forum discussion shouldstill be archived (I'd provide direct addresses and URLs, but my copy ofNetscape is flaky today). -- Joe**************************************************************************[1] Risks Digest 20.03Date: Fri, 9 Oct 1998 09:55:45 -0400 (EDT)From: "Daniel P. B. Smith" Subject: Unreliable reception of e-mailed WP documentsSome unpleasantness occurred in a meeting recently. Person A said that thereasons he hadn't performed a task was because he was still waiting forPerson B to supply some needed information. Person B said he'd supplied it aweek ago in a specific memo which he'd distributed via e-mail. Person Csaid, "I got it and I'm almost sure I saw A on the distribution list."Person A said "I got the earlier version where all of those numbers wereblank, but I've never gotten anything that had the numbers." Person B said"What version where the numbers were blank?" Person E said "You know, theone you sent out about a week ago. I never got the one with the numbersfilled in, either."On comparing notes, it turned out that a single version of the memo had beene-mailed, and when opened by about half the participants a critical table wascomplete and had information visible in all columns, and about half of themhad a column in which all cells were blank. All recipients of the damagedversion had simply assumed that the blank cells were intentional.Incidentally, this was a 100%-pure-Microsoft situation, involving no versionof Word more than a year old (no version skew of more than one version) andinvolved RTF format which is the format Microsoft specifically designatesfor document transfer. There was no obvious pattern to the problem; theoriginator used Word 97 on a PC, and some receivers using Word 98 on a Macreceived it correctly while some receivers using Word 97 on a PC got blankcolumns. We don't know the full story but it is suspected that the set offonts installed, the OS version, the screen dimensions and resolution, andthe kind of printer the user is connected to may all play some part in thiscrazy equation.The RISK here is the same as with any other kind of unreliable communicationthat is falsely _assumed_ to be reliable. Notice that, in general, when yousend a word-processing document to someone else, _the sender has no reliableway to confirm what the receiver will ultimately see and print. Unless theuser guesses there is something wrong and complains, the problem is likelyto go undetected. Even when the problem is detected, it is usually hard toresolve, because nothing in the system logs all the configurationinformation that would be needed to resolve it. Unless the recipient is acolleague in an adjacent cubicle and is willing to experiment with you inreal time, problems of this kind are likely to remain unsolved.Daniel P. B. Smith **************************************************************************RISKS-LIST: Risks-Forum Digest Friday 29 January 1999 Volume 20 : Issue 18>From: "Daniel P. Stasinski" Subject: Microsoft HotmailI contacted Microsoft/Hotmail asking them to close the account that waslisted in the backdoored tcp wrapper source code. I also forwarded theoffending code.The word back from them is that they will not close it. Theftof passwords and hacking does not violate their terms of service.Daniel P. Stasinski, Software Engineer, Karemor International, Inc.2406 South 24th Street, Phoenix, AZ 85034 dannys@karemor.com**************************************************************************RISKS-LIST: Risks-Forum Digest Monday 2 August 1999 Volume 20 : Issue 51Date: Fri, 23 Jul 1999 15:32:18 -0700From: Thomas_Gilg@ex.cv.hp.comSubject: 2nd-class invitation in OutlookOne of our engineers has decided to leave and go back to school to completeher Ph.D. and enter teaching, a career move we all wish her the best in.Before a going-away party could be scheduled however, she ended up in anunusually contentious software design meeting with four othermomentarily-combative engineers, including myself. It was ugly!As I pondered whether or not I was out of line during the meeting, and howwe could reconcile our differences so she could leave on a high note, ouradministrative assistant used Microsoft's Outlook/Exchange "meeting request"feature to schedule a lab-wide going away party. Unlike most engineers inthe lab, I and one of the other combative engineers quickly hit the "accept"button which converts the e-mail based meeting request into a calendar itemand sends a RSVP back to the meeting organizer.A day later, an update was issued on the same meeting request, and I scannedthe request for the change. While the lab-wide mail list alias "Lab.All"was still on the "Required Attendance" line, I and one other combativeengineer were now explicitly listed, by name, on the "Optional Attendance"line. My heart sunk at the thought that some of us were no longer welcomeat her going away party. Good friends for so long, how could one lousymeeting drive us apart?After some tactful asking around though, it became clear that there were nohard feelings and no one had tagged anyone as optional. Ah, enter anotherMicrosoft Outlook/Exchange feature.If a meeting request is sent to a mail list alias, and then individualsaccept the request *and* use the option to e-mail back a yes/no response tothe meeting organizer, Outlook/Exchange does not recognize that theindividual(s) are part of the original mail list alias. If an update isthen issued on the same meeting request, Outlook/Exchange treats theunrecognized names as optional attendees.Depending on the issue at hand, being explicitly listed as "optional" cantake on a whole lot of extra meaning. Who needs enemies when you haveOutlook/Exchange ;-)Thomas Gilg, R&D Software Engineer, Hewlett-Packard tomg@cv.hp.com**************************************************************************RISKS-LIST: Risks-Forum Digest Weds 1 December 1999 Volume 20 : Issue 66Date: Tue, 30 Nov 1999 17:59:03 +0000From: main@radsoft.netSubject: Expanding, Embracing, Devouring: IE 5.0 Task Scheduler ElevatesRe: http://www.ntsecurity.net/go/load.asp?iD=/security/tasksched.htmWhat this article will demonstrate is that installing a web browser fromMicrosoft changes the topology of the underlying operating system - evenon Windows NT.Ken Thompson used to say, "keep your hands off the drivers." With allthe ridiculous crashes IE4 and IE5 have been guilty of, it's obviousMicrosoft has never heeded that good advice.Instead, they now muck about with the innards of your operating systemwhen all they're really supposed to do is install a user modeapplication.The mind boggles.RA Downes, Radsoft Laboratories http://www.radsoft.net------------------------------Date: Thu, 25 Nov 1999 14:08:50 +0000From: main@radsoft.netSubject: No bounds checking in Microsoft RTF controlsI am speechless. Totally speechless. And for reasons which might becomeclearer later, I have a lump in my throat. This is not funny anymore.Dammit, it is not. I am mad.The morning mailbox contained a newsletter on NT security, and thisnewsletter had an article about an attack on the Microsoft Rich Edit(RTF) controls. The URL given is: http://www.ntsecurity.net/go/load.asp?iD=/security/richedit1.htmAs there are a few discrepancies in the RTF code reproduced there, Imade the mistake of assuming that this was a limited problem. But afterdisconnecting and thinking about the matter a bit (thinking still doeshave its advantages, even in this age when, thanks to Microsoft,information is at your fingertips) I realized it was "easy peasy" tocrash any of Microsoft's Rich Edit (RTF) controls any time I wanted, andset about doing so.But let's make sure everyone is up to speed before we continue.RTF is a Microsoft invention (or so they claim) for formatting text. RTFstands for "Rich Text Format", thereof the description "Rich Edit" oftenused to describe this "technology". Microsoft encapsulates this"technology" all over the place, in their Office suite, in FrontPage,and in two resident system DLLs, RICHED32.DLL and RICHED20.DLL. Again,the attack works on _any_ version of the DLL, and not just one or theother as the article at the above URL implies.RTF consists of a number of "tokens" all introduced with the (youguessed it) backslash. An RTF file is always enclosed in braces (whatgood this does no one knows, next question please) and after the initialopening brace the token "\rtf1" should follow immediately. (The articleonline at the URL above incorrectly gives this token as "\rtf" - the '1'on the end, to the best of my knowledge, is necessary.)As the article states, the buffer used for interpreting RTF tokens seemsto be 36 bytes. This is such a ridiculous magic number it's not funny. Ican't get past this one at all. The backslash is regarded as part of thetoken in this context: thus any character sequence beginning with abackslash and continuing with at least 35 characters before the nexttoken will send the control south.Also, RTF tokens are considered to conform to the American alphabet: anynon American alphabetic character in a token will in effect break thetoken and avoid the attack.Another tidbit that might prove beneficial to readers: the initial MSRich Edit control, Riched32.DLL, was written in C, the follow up,Riched20.DLL (sic) is written in C++, and Microsoft probably regardsthis latter DLL as a vast improvement, which it is not. But as thisattack works on all generations of the control it can be concluded thatthe same brain dead code snippet is in effect here in all cases.The buffer for parsing an RTF token is 36 bytes (including backslashcharacter) - and no checks are used in the code to make sure the bufferdoes not overflow.There is evidence in the disassembly of a character pointer beingincremented with the postfix ++ operator - that the loop not check thatthis pointer is within bounds really and truly boggles the mind.I can think of hundreds, thousands, hundreds of thousands of loops Ihave written and seen over the years, everyone of course having a boundscheck built in. I mean, this is very _basic_ programming, isn't it? for (cp = buf; cp < buf + BUFSIZE; cp++) /* * */I mean, this is all really very _elementary_, isn't it? Tell me I'mwrong! Please, someone, _anyone_, tell me I'm wrong!!!!I used to think so. But now that "Redmond RuleZ", who knows what goesanymore? The real pity is that in a week, as everyone becomes aware ofthis issue and what is behind it, that people will just end up_accepting_ it. Crimenee!!!!This RTF control in all its generations is one of the most used controlsfrom the Microsoft arsenal. That this control be subject to thekindergarten programming practices of Redmond is more than at least thisauthor can stomach.This is absolutely horrendous. I feel literally physically sick. This isnot funny any more.RA DownesPS. As this affects almost everyone using any kind of PC programanywhere, I guess I'll just have to devote the rest of this day towriting a wrapper to protect us. The idea is simple: send all referencesto RTF editors to the wrapper instead, which will first parse the filefor evidence of malignant tokens, and then pass the file on to thetarget editor if all is in order - or otherwise issue a warning and dropthe matter entirely. Drop me a line if you have any ideas. As Microsoftwill probably handle this "issue" as so many others - i.e. ignore it -and as I rather trust my own code at this point far more than I trustMicrosoft's (nil trust there to be honest) I think we have to takematters into our own hands.RA Downes, Radsoft Laboratories http://www.radsoft.net**************************************************************************RISKS-LIST: Risks-Forum Digest Monday 29 May 2000 Volume 20 : Issue 89Date: Fri, 19 May 2000 11:41:41 -0700From: "Gary Cattarin" Subject: Junk-mail filters [NOTE: Entire item in RISKS-20.89x. See below. PGN]This I'm sure has been covered before, but here's an interesting example offilters gone awry.I recently upgraded (?) to MS Office 2000, which, among other things, letsyou have more than 8 e-mail filters active at once. In my glee I startedturning things on, including junk mail filtering. Surprise! I found 8-10important messages -- all replies to a query I sent out to a personal mailinglist -- all dumped into the Junk Mail folder.What was it? I'm riding in a charity bicycle ride, and I needed to tell mypledge-ees that I needed their money now. So I sent them an e-mail updatingmy training status and asking them to send their checks. Obviously, thismessage had at least one dollar sign "$" in it -- and because I'm anexcitable guy it had at least one multiple exclamation mark "!!", and since,at the end, I chided my manager to make good on my exaggerated version ofhis pledge: >> Mark, didn't you promise $5,000 or something like that?...we also hit the magic phrase ",000".Now, the fine folks in Redmond have determined that if these three elementsconverge, you have received Spam. The actual rule (from their web site) is: Body contains ",000" AND Body contains "!!" AND Body contains "$"Who'd have guessed? In fact, even looking at their filter list, it took mea long time to figure out which rule I'd hit. (OK, I'm slow sometimes.)I guess the rule is (a) don't get too excited ! -- one "!" at a time! (b)specify your currency as "USD", and (c) use European periods ("5.000")instead of North American commas in large numbers. OK, that's silly. Butjust as silly is the fact that any spammer can read the list of rules andtailor their e-mail to avoid them.Of course, you might never read this, because if you have junk e-mailfiltering turned on, Outlook will catch THIS message and do with it asyou've requested for junk mail.Two other interesting points:(1) In the adult filters you'll find these two:(1) In the adult filters you'll find these two: Subject contains " sex" Subject contains "free" AND Subject contains "sex"The first is set up with a leading space to only accept the *word* "sex", sothose of us who live here in Middlesex county don't lose any local-relatedmail. But the writer of the second wasn't so careful -- what if theMiddlesex News offers free subscriptions? That's Spam, yes, but not porn (Iguess that's why that newspaper changed its name...).(2) Don't address your dear friend as such -- note the rule: Body contains "Dear friend"My golly! I can't send some good old-fashioned heartfelt feelings to mydear friends!! (oops, double "!!" -- I got excited!)This stuff can be very dangerous...The entire list is athttp://officeupdate.microsoft.com/Articles/newfilters.htmI included it here, but the moderator may choose to cut it from the journalin the interest of space.**************************************************************************Personal example: Wed Jun 28 17:36:27 EDT 2000From: Wayne HayesTried using Microsoft Word for the first time in many years. Triedprinting to an HP postscript printer. Didn't work. Tried printingpostscript to a file. That's when I noticed that Word isn't generatingstandard postscript. It's some other sort of screwed up postscript oftheir own. Just what the hell is wrong with these people? Postscriptis a STANDARD. That means it's supposed to be, well, STANDARD --- DUH,which means the same for everybody. I have crappy free software thatcan generate correct postscript. Why the hell can't Word do it?The programmers of Word are either incompetent, or intentionallyfucking with the standard for some reason.**************************************************************************Wed Jul 4 20:56:59 EDT 2001From: Wayne HayesMicrosoft Excel from Office 2000 (and presumably all earlier versions,and I'll bet any more recent version as well) contains a numericallimitation: if you try to take the geometric mean of a bunch of numbersgreater than 1, you can get Infinity as the answer even if the *actual*geometric mean is perfectly representable. After some experimentation,it appears that they're computing the geometric mean using themathematically correct but numerically naive algorithm: multiply the N numbers together, then take then Nth root.If the multiplies result in an overflow, then the Nth root is still anoverflow. A similar problem arises if all the numbers are less than 1;an underflow results, and you get 0 as the result.This makes Excel useless for any data reduction where you want to takethe geometric mean of a modest list of numbers. In my case, it wasonly about 300 numbers, each less than 100, and the actual geometricmean was about 80.The solution to this problem is utterly trivial, has been understoodsince the advent of numerical computing (let's be generous and saythe mid 1960's), and should be well-known to anybody who's taken anundergraduate introductory numerical analysis course. You note thatthe logarithm of the product of a bunch of numbers is equal to the sumof their individual logarithms, and replace the above algorithm withthe following: add the logarithms of the N numbers together, divide by N, then exponentiate.I sent this bug report and suggested fix by e-mail to Microsofttechnical support, and received back an informationless form letter;apparently the tech support person reading it had no understanding ofmathematics. I re-sent it, saying that if they didn't understand whatI was saying, that they should simply forward it to a supervisor, ordirectly to the Excel developers responsible for the mathematicalcomputations of Excel. I received the same form letter back. I gaveup.It is distressing to realize that, with all the nice glitter andease-of-use of Excel (I'll admit that it has quite a nice and intuitiveinterface, at least for simple tasks), the basic numerical algorithmsunderpinning it all are at the level of a mediocre high-school student.**************************************************************************Access count (updated once a day) since 1 Jan 1997: 100286 |
|
