ad info
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards





Don't blame Back Orifice for security problems

September 29, 1999
Web posted at: 10:50 a.m. EDT (1450 GMT)

by Ann Harrison graphic

(IDG) -- BackOrifice is a remote administration tool for Microsoft Windows and, as Bruce Schneier, chief technology officer at San Jose-based managed security services firm Counterpane Internet Security Inc. (link below), points out, "one of the coolest hacking tools ever developed."

Computerworld reporter Ann Harrison spoke with him recently about the tool, which he insists has gotten an undeservedly bad reputation.

Back Orifice 2000 (BO2K) is free, open source and available at (link below).

Q: How does BO2K work?

A: There are two parts: a client and a server. The server is installed on the target machine. The client, residing on another machine anywhere on the Internet, can now take control of the server.

  Computerworld's home page
  New devices to foil PC snoops
  Your PC may be tapped
  Most hacks are inside jobs
 Reviews & in-depth info at's personal news page
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for IT leaders
  Search in 12 languages
 News Radio
 * Computerworld Minute
 * Fusion audio primers

This is actually a legitimate requirement. Perfectly respectable programs, like pcAnywhere or Microsoft Systems Management Server [SMS], do the same thing. They allow a network administrator to remotely troubleshoot a computer. If the server is installed on a computer without the knowledge or consent of its owner, the client can effectively "own" the victim's PC.

Q: Why has BO2K acquired a reputation as only a hacker's tool?

A: Back Orifice's difference is primarily marketing spin. Since it was written by hackers, it is evil.

That's wrong; pcAnywhere is just as much an evil hacking tool as Back Orifice.

Not only can the client perform normal administration functions on the server's computer -- upload and download files, delete files, run programs, change configurations, take control of the keyboard and mouse, see whatever is on the server's screen -- but it can also do more subversive things: reboot the computer, display arbitrary dialog boxes, turn the microphone or camera on and off, capture keystrokes and passwords. And there is an extensible plug-in language for others to write modules.

Q: How does BO2K run in stealth mode?

A: Unless the server's owner is knowledgeable (and suspicious), he will never know that Back Orifice is running on his computer.

Other remote administration tools, even SMS, also have stealth modes. Back Orifice is just better at it.

Because Back Orifice is configurable, because it can be downloaded in source form and then recompiled to look different... I doubt that all variants will ever be discovered.

BO2K's slogan is "show some control," and many will take that imperative seriously. Back Orifice will be used by lots of unethical people to do all sorts of unethical things. And that's not good.

Q: Back Orifice can't do anything until the server portion is installed on some victim's computer, right?

A: Yes. This means that the victim has to commit a security faux pas before anything else can happen. Not that this is very hard -- lots of people network their computers to the Internet without adequate protection.

Still, if the victim is sufficiently vigilant, he can never be attacked by Back Orifice.

Q: What about Microsoft?

A: One of the reasons Back Orifice is so nasty is that Microsoft doesn't design its operating systems to be secure. It never has.

In Unix, an attacker would first have to get root privileges. Not in Windows. There's no such thing as limited privileges or administrator privileges or root privileges. This might have made some sense in the age of isolated desktop computers. But on the Internet, this is absurd.

There are provisions to make Windows NT a very secure operating system, such as privilege levels in separate user accounts, file permissions and kernel object access control lists.

You have to make 300-plus security checks and modifications to Windows NT to make it secure. Microsoft refuses to ship the [operating system] in that condition.

Malicious remote administration tools are a major security risk. What Back Orifice has done is made mainstream computer users aware of the danger. There are certainly other similar tools in thehacker world -- one, called BackDoor-G, has recently been discovered -- some developed with much more sinister purposes in mind.

Microsoft responds to security threats only if they are demonstrated. Explain the threat in an academic paper and Microsoft denies it; release a hacking tool like Back Orifice and suddenly they take the vulnerability seriously.

Your PC may be tapped
September 23, 1999
Embassy site hackers aimed to show its vulnerability
September 8, 1999
New tool blocks wily e-comm hacker tricks
September 7, 1999
Hacker ruse can exploit ActiveX Controls
September 6, 1999
Back Orifice 2000 under control
July 15, 1999

Hacker tool targets Windows NT
Does Back Orifice 2000 help or hinder your security efforts?
Antivirus vendors post Back Orifice 2000 antidotes
Your PC may be tapped
You've been hacked! Now, what?
(The Industry Standard)
Most hacks are inside jobs
(PC World Online)
New devices to foil PC snoops
(PC World Online)
Year 2000 World
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

cDc - Cult of the Dead Cow
Counterpane Internet Security Inc.
Back Orifice 2000 (BO2K)
Microsoft Corp.
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.