SI
SI
discoversearch

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor.  We ask that you disable ad blocking while on Silicon Investor in the best interests of our community.  If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.
Technology Stocks : How high will Microsoft fly?
MSFT 492.01+1.3%Nov 28 9:30 AM EST
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  
To: Charles Tutt who wrote (9969)8/7/1998 4:22:00 PM
From: Hal Rubel   of 74651
 
FYI: MS Press Release On BO

"Information on the "BackOrifice" Program
------------------------------------------------------------------------
Microsoft's response to the Cult of the Dead Cow's "BackOrifice" tool

Last Revision: August 4, 1998

Summary
On July 21, a self-described hacker group known as the Cult of the Dead Cow released a tool called "BackOrifice," and suggested that Microsoftr Windowsr users were at risk from unauthorized attacks. Microsoft takes security seriously, and has issued this bulletin to advise customers that Windows 95 and Windows 98 users following safe computing practices are not at risk and WindowsÿNTr users are not threatened in any way by this tool.

The Claims About "BackOrifice"
According to its creators, "BackOrifice" is "a self-contained, self-installing utility which allows the user to control and monitor computers running the Windows operating system over a network." The authors claim that the program can be used to remotely control a Windows computer, read everything that the user types at the keyboard, capture images that are displayed on the monitor, upload and download files remotely, and redirect information to a remote internet site.

The Truth About "BackOrifice"
"BackOrifice" does not expose or exploit any security issue with the Windows platform or the Microsoft BackOfficer suite of products.

"BackOrifice" does not compromise the security of a Windows-based network. Instead, it relies on the user to install it and, once installed, has only the rights and privileges that the user has on the computer.

For a "BackOrifice" attack to succeed, a chain of very specific events must happen:

The user must deliberately install, or be tricked into installing the program The attacker must know the user's IP address The attacker must be able to directly address the user's computer; e.g., there must not be a firewall between the attacker and the user.

What Does This Mean for Customers Running Windows 95 and Windows 98?
"BackOrifice" is unlikely to pose a threat to the vast majority of Windows 95 or Windows 98 users, especially those who follow safe internet computing practices. Windows 95 and Windowsÿ98 offer a set of security features that will in general allow users to safely use their computers at home or on the Internet. Like any other program, "BackOrifice" must be installed before it can run. Clearly, users should prevent this installation by following good practices like not downloading unsigned executables, and by insulating themselves from direct connection to the Internet with Proxy Servers and/or firewalls wherever possible.

What Does This Mean For Customers Running WindowsÿNT?
There is no threat to WindowsÿNT Workstation or WindowsÿNT Server customers; the program does not run on the WindowsÿNT platform. "BackOrifice's" authors don't claim that their product poses any threat to WindowsÿNT.

What Customers Should do
Customers do not need to take any special precautions against this program. However customers should ensure that they follow all of the normal precautions regarding safe computing:

Customers should not install or run software from unknown sources -- this applies to both software available on the Internet and that sent via e-mail. Reputable software vendors digitally sign their software to verify its authenticity and safety. Corporate administrators can block software that is not digitally signed by a reputable or authorized software company at their proxy server and/or firewall. Customers should keep their software up to date to ensure that hackers cannot take advantage of known issues. Companies should actively use auditing and monitor their network usage to deter and prevent insider attacks.

More Information
Please see Microsoft's Response to the "BackOrifice" Program, for more information related to this issue."
Report TOU ViolationShare This Post
 Public ReplyPrvt ReplyMark as Last ReadFilePrevious 10Next 10PreviousNext  

HomeMailHotSubjectMarksPeopleMarksKeepersSettings
Terms Of UseContact UsCopyright/IP PolicyPrivacy PolicyAbout UsFAQAdvertise on SI
© 2025 Knight Sac Media.  Data provided by Twelve Data, Alpha Vantage, and CityFALCON News