> What allows and causes a foreign unauthorized program to start
> execution on a computer where it doesn't belong?
Users who will click on anything in email or on the web. "This
program installs a virus. Only an Idiot would deliberately install a
virus on his own computer. Install Virus?" A friend of mine set up a
piece of a web site that had prompts like that and little graphics of
a checking account balance counting down to zero. Most visitors
clicked all the way through the multi-stage warning to install the
"virus", which never actually installed anything, just called them
idiots for trying.
Email programs which will run active content in emails in the "preview
pane" without a user being present.
Operating systems subject to remote code execution vulnerabilities
caused by, often, buffer overflow problems.
> In other words, who presses the start button on a supposedly
> personal computer to run sabotage?
Often, ignorant users, Microsoft Internet Explorer, Microsoft Outlook,
and Microsoft Windows, not necessarily in that order. Don't take this
to mean that non-Microsoft systems are invulnerable: they aren't.
I consider the fact that you can double-click on an attachment in an
email and cause it to execute to be as serious a problem as having a
self-destruct pedal between the gas and the brake of a car, even if
it's labelled "Press here to explode entire car".
> I don't understand how some external person can gain control of my
> computer, as if my neighbor could drive my automobile from his
> kitchen window.
If he installs a teenager with his head glued to a cell phone (who
will obey instructions from him) in your car, he *CAN* do that. It
gets even worse when he can persuade YOUR kid or wife to do it for him
with YOUR cell phone minutes. The same applies to higher-tech remote
controls.
There's a lot of remote-access stuff that is on by default and makes
life harder if you turn it off (see ports 137, 138, and 139).
>> were scanning the Internet for Windows systems that had the
>> MS06-040 vulnerability
>> What allows a private computer to be scanned by external means (like
>> Spock using his scanners on a planet far below) so that its internal
>> software may be examined and manipulated?
If the vulnerability is in the network stack or in servers listening
on network ports, it's possible to probe corner cases by either
attempting the exploit or looking at a side effect of a fix (say, it
changes the way TCP sequence numbers are generated). The probing is
done by treating the software as a "black box" but suspecting its
contents, for example, looking at the response to a particular type of
malformed packet.
Some scanners can operate as simply as connecting to port 25 of some
server, look at the banner line that comes back, and checking the
version of Sendmail against the known-vulnerable-version list.
>> and then using publicly available code
> Who wrote such code?
I wish they were residing in Club Fed.
> Lastly, why do such vulnerabilities exist in the first place? I keep
> reading how the present Windows operating system is old; shouldn't all
> the necessary fixes be developed by now?
Software is complex and anticipating everything that can be thrown at
it is hard. For example, suppose that at your house you have a phone
and an eight-year-old child who sometimes answers it when others are
busy. Are you *ABSOLUTELY SURE* that nothing a stranger says to the
kid over the phone could cause your house to burn down?
> How much does it cost for companies to keep applying these patches
> every week?
Microsoft's Patch Tuesday is the second Tuesday of every month.
Some people don't like the Microsoft prioritization of patches: a
DRM patch that closed a hole allowing stripping protection came out
in 3 days. Patches for the hole OPENED by MS06-042 and the silent
data corruption caused under certain conditions by MS06-049 didn't
get anywhere near that fast a fix.
Gordon Burditt (gordonb.y6w4o@burditt.org)