ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Windows' popularity makes it easy target to hackers


May 16, 2000
Web posted at: 9:03 a.m. EDT (1303 GMT)

(IDG) -- The renowned user-friendliness -- and popularity -- of Windows software will continue to make the platform a prime target for hackers, warned users and analysts in the aftermath of the "I Love You" virus and its variants last week.

In addition, they said, Windows' evolution from a stand-alone desktop environment gives it features that can be exploited relatively easily by hackers in a networked world.

In fact, the speed and ferocity with which the so-called Love Bug propagated itself across millions of Windows computers worldwide -- while leaving users of Unix, Linux and Macintosh operating systems untouched -- underscores that fact.


Creating viruses to attack Microsoft Windows is not rocket science," said Dave Stringer-Calvert, a senior project manager at Stanford Research Institute International in Menlo Park, Calif. "There is no doubt that we will see another virus targeted at Windows users very shortly, and it could be far more damaging than the 'I Love You' (virus)."

Repeated calls to Microsoft Corp. late last week for comment weren't returned.

Making Windows applications a particularly attractive target is their huge installed base and the relative ease with which crackers can turn several of Windows' useful features into weapons against users, said Josh Turiel, network services manager at Holyoke Mutual Insurance Co. in Salem, Mass.

For instance, Turiel said, "the good thing is, Microsoft provides some very nice tools for integrating applications," such as Outlook, Internet Explorer and Exchange. The downside is that viruses are able to spread that much more quickly precisely because of such integration, he said.

  Security holes trip up Microsoft, AOL
  Microsoft: Bad security, or bad press?
  Primer of information security's product reviews page
  Reviews & in-depth info at
  Computerworld's home page
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for IT leaders
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

The current virus outbreak, for example, exploited an "exceedingly useful" feature called Windows scripting host, which lets administrators automate certain tasks by writing a script. But it interacts in "unanticipated ways with the mail-reading program," Stringer-Calvert said.

Another crucial fact is that platforms such as Windows 95 and Windows 98 grew out of a stand-alone desktop system environment that wasn't really designed for internetworked use, analysts and users said.

Several of the key usability features, such as the ability for users to install software or configure a system, pose a security risk in a networked environment, because what one user does can affect all the others, said Laura DiDio, an analyst at Giga Information Group Inc. in Cambridge, Mass.

"It brings us to the basic question of usability vs. security," DiDio said.

Reasons such as those make Windows users more vulnerable to virus attacks than users of Linux, Unix or Macintosh operating systems, where security is more of an architectural consideration. Therefore, it's crucial to protect yourself, said Tina M. Hynes, a software systems analyst at Directec Inc., a computer parts wholesaler in Louisville, Ky.

Though the company was hit by the "I Love You" virus and two similar Visual Basic script viruses recently, damage was minimal. "One thing that saved us a lot of grief was that all of our workstations and servers run Windows NT, where scripting just does not run out of the box like it does on Windows 95 and Windows 98," she said. Also key was the company's use of antivirus software.

Essential to minimizing exposure to such attacks is keeping virus protection software constantly updated, agreed Hugh Hale, manager of MIS at BlueCross/BlueShield of Tennessee in Chattanooga.

The company had to shut down all external e-mail for two days while the virus was weeded out of its systems. "About the only thing you can do is pick the best antivirus vendor out there and do the best to stop attachments of any kind being sent from inside or outside your systems," Hale said.

Also needed are restrictive policies that block out all executable files sent via e-mail, Turiel said. Holyoke has a formal policy prohibiting transmission of executable files in addition to technology for filtering out all e-mails with executable attachments. Staff writer Kathleen Ohlson contributed to this story.

New e-mail virus may hurt worse than 'Love'
May 12, 2000
I was bitten by the love bug
May 8, 2000
Microsoft issues fixes for Win2000 security holes
February 1, 2000
Microsoft vows security commitment on Windows 2000
Januaryt 20, 2000
Microsoft says "crack this!"
August 6, 1999
Microsoft downplays 2001 glitch
January 15, 1999

Microsoft acknowledges browser flaw
Industry Standard
Security holes trip up Microsoft, AOL
Industry Standard
Primer of information security
Network World Fusion
Primer of information security, part II
Network World Fusion
Microsoft: Bad security, or bad press?
Finjan to release proactive security software
Security gap affects NT servers
Microsoft acknowledges Windows 95, NT security hazard
PC World

Microsoft's Searchable Knowledge Base
Finjan's home page

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.