From: "Geo" 

"Rich"  wrote in message news:42f8f30e{at}w3.nls.net...

>>   You are still being an idiot.

And the antivirus guys from Symantec and F-secure, are they idiots too?

Geo.

http://www.pcworld.com/news/article/0,aid,118045,00.asp

A planned component for Microsoft's next version of Windows is causing
consternation among antivirus experts, who say that the new module, a
scripting platform called Microsoft Shell, could give birth to a whole new
generation of viruses and remotely exploitable attacks.

Microsoft Shell, code-named "Monad," is still in development and
is planned for release with the next version of Windows, known as
"Longhorn." Monad will allow developers or administrators to
configure Windows systems using text commands or scripts containing
multiple commands. But the flexibility of the new platform and its support
for remote execution of commands could spawn a whole new generation of
"script viruses," like the "Melissa" script virus of
1999; e-mail worms; and remote attacks, said Eric Chien, a Symantec
Corporation researcher.

Chien was speaking at the Virus Bulletin 2004 International Conference and
issued a warning about the new component to antivirus researchers and
corporate antivirus experts. He said that the new Windows component is
similar to existing Windows components for interpreting text commands, such
as cmd.exe, but much more powerful.

Early Days?

Microsoft contends that the new component is in an early stage of
development and that its features have not been finalized. When released,
Monad will not allow malicious users to circumvent Windows security
features, and it will have features that prevent hackers from exploiting
its powerful administrative capabilities, said Greg Sullivan, lead product
manager in the Windows client division at Microsoft.

Early copies of Monad were distributed at Microsoft's Professional
Developers Conference to independent software vendors and corporate
developers in October 2003. The company released an updated version of the
code at its Windows Hardware Engineering Conference in May, Sullivan said.

As currently designed, Monad allows administrators to use commands to list
and shut down any process running on a Windows system, send e-mail
messages, or list shared network drives. None of those features are
available using cmd.exe. Beyond that, Monad supports its own scripting
syntax, which allows administrators to combine commands into powerful
statements that can search hard drives for specific information or
manipulate data and files stored on a Windows hard drive, Chien said.

As with Visual Basic script, which spawned scripting viruses such as
Melissa, Monad will be attractive to those who write malicious code,
because it allows them to consolidate many commands into a few lines of
code, creating small, efficient programs that are very powerful, he said.

Scripting viruses such as Melissa are also easy to read and modify once
they are released, spawning countless variants and copycat creations.
"It's like open source for malicious code writers," Chien said.

Possibilities

In his presentation, Chien discussed ways that Microsoft Shell and the new
scripting language that goes along with it could be used to shut down
antivirus software running on a Windows systems by killing system processes
associated with those programs. Malicious hackers could also use Monad to
navigate and modify the Windows Registry, where program-specific
configuration settings are stored, send e-mail messages with attachments,
and even download content files from the Internet.

Microsoft documentation and presentations on Monad claim that Microsoft
will support remote execution of Microsoft shell scripts, for authorized
users, via telnet, secure HTTP (HTTPS), or other Internet-based protocols,
Chien said.

But execution of scripts will be carefully controlled by security features
in the finished version of Monad, which will be released in beta in the
middle of 2005 and may or may not be included with Longhorn in 2006,
Sullivan said.

For example, Microsoft will disable remote script execution by default and
will require administrators to digitally sign scripts so that they can be
authenticated before being executed. The company will also run Monad
scripts so as to ensure that any input from the script is not automatically
trusted and sent to a command without first being validated, Sullivan said.

Antivirus experts at the show expressed concern about the possibilities of
the new component, but acknowledged that they had been unaware of its
existence.

"I didn't know anything about it, but it seems very powerful. It's
just like the Unix shell," said Mikko Hypp”nen, of Helsinki-based
antivirus company F-Secure, referring to a similar scripting platform used
by Unix operating systems.

The new scripting platform was created in response to requests from network
administrators, who wanted a fast and efficient way to control multiple
machines across a Windows network. However, making Windows networks easier
to manage for network administrators doesn't necessarily mean making the
operating system less secure, Sullivan said. In addition, even without
additional security features, the ability of malicious hackers to use Monad
would depend on their getting administrative access to Windows machines,
and will be tempered by security features already in Windows XP SP2, and
others planned for Longhorn, that are designed to prevent remote access and
code execution, Chien acknowledged. "(Microsoft Shell) doesn't skirt
or bypass any SP2 security features. That security model will still be in
place," he said.

Corporation Worries

Corporations with well-managed security policies may also be able to lock
down Monad on Windows machines so that it can be used only by approved
network administrators. However, the presence of Monad on millions of
loosely managed home computers, whose owners would have little use for the
advanced scripting and remote-management capabilities of the new shell
platform, could make it a powerful platform for launching future worms and
viruses, Chien said.

Microsoft "appreciates" Symantec raising security concerns about
Monad, Sullivan said.

"The concerns that Symantec raises are the kinds of things we look at
in making sure we do things in a secure way," he said. Still, he
believes it is "not meaningful to go into the technology feature by
feature at this stage of development," given the likelihood that it
will change significantly before it is released, he said.

"We're going to work with all our partners to deliver a secure
platform. Whatever we do deliver will take (security concerns) into
account."

--- BBBS/NT v4.01 Flag-5