Window Manager

SAN MATEO (04/10/2000) - The File and Print Sharing weakness in Microsoft Corp.'s Windows, about which I warned readers several months ago, has become a true online nightmare. A new virus now on the Internet systematically searches for PCs with File and Print Sharing security holes, according to the National Infrastructure Protection Center of the U.S. Federal Bureau of Investigation (www.nipc.gov/nipc/advis00-038.htm).

If your PC is connected to the Internet and you have a share that is unprotected, the virus silently installs itself on your computer. After passing itself via the Net to several other victims, the virus erases your Windows folder and root folder on the 19th of the month and -- here's a sick twist -- uses your modem, in certain cases, to dial 911, possibly causing a bogus call for police or fire services.

This so-called 911 virus (technically, it's a worm) is noteworthy only for its stupid, mindless viciousness -- and the fact that victims don't even have to open a file or view an e-mail message for it to infect their PCs.

I want to use this news to emphasize the seriousness of the holes that Microsoft and some other software vendors leave in their default Windows configurations.

I wrote about the weakness of File and Print Sharing in my Nov. 1 column (see "Software solutions can provide remedies for Windows security risks on the Internet," www.info world.com/printlinks). In brief, installing Internet Explorer and some other products binds the Net's TCP/IP protocol to File and Print Sharing by default. If a user then enables File and Print Sharing without setting passwords on every share -- likely in a small workgroup -- the machine is wide open to be logged on to by anyone else on the Net.

The 911 virus exploits this situation in a self-replicating way by scanning the Internet for IP addresses that have wide-open shares. Anti-virus companies have quickly developed updates to eliminate the threat. The worm, made up of batch files and Visual Basic scripts by inexperienced "script kiddies," is easy to detect and delete. Network Associates' description of the problem and remedies is at vil.nai.com/vil/wm98557.asp. For Symantec's take, go to www.symantec.com/avcenter/venc/data/bat.choad.worm.html.

Eliminating the File and Print Sharing hole so you're not as vulnerable to malicious port scans while you're on the Internet is simple. There's no logical reason why TCP/IP should be used for sharing within a local-area network. You can disable this flaw and enable the safe, nonroutable NetBEUI protocol for local sharing.

The procedure is explained at grc.com/subondage.htm. Read about the problem and its solution, then click the "Shields Up! Home" link at the bottom of the page.

This leads to a test routine that shows whether or not your PC is vulnerable -- a program developed by site author Steve Gibson.

Of course, no one should connect to the Internet without a firewall. If Windows didn't default to the weakest possible security settings, we wouldn't have to worry so much about morons with crude VB scripts.

Eliminate personal info from Windows

I've written a lot lately about hackers logging on to PCs remotely and "Trojan horses" sending out your info via the Net. Because you never know when you might catch one of these bugs, now might be a good time to eliminate some personal information that Windows blithely gives out about you.

You may recall that, when you installed Windows, you were asked to type in your name and company name. Windows stores this information in plain text in the Registry at Hkey_Local_Machine\Software\Microsoft\"OS"\CurrentVersion, where "OS" is "Windows" in Windows 9x or "Windows NT" in Win NT or Win 2000. Any Windows program can read this information. And any Trojan horse can link it to your IP address, your Web surfing history, and so forth.

So I'm very choosy when I'm presented with a dialog box that requests this type of information. If the question is, "Where do you want your lottery winnings sent?" they get my correct name and address. If they're just building up a marketing database, they get "Joe User." I have to manually retype a few "pre-filled-in" forms this way, but if there's no real need for the information, I don't give it.

Brian Livingston's latest book is Windows 2000 Secrets (IDG Books). Send tips to brian_livingston@infoworld.com. He regrets he cannot answer individual questions.

Join the newsletter!

Error: Please check your email address.

More about Federal Bureau of InvestigationLivingstonLogicalMicrosoftNAINIPCSymantec

Show Comments