Windows Easy Hacker Target

The renowned user-friendliness - and popularity - of Windows software will continue to make the platform a prime target for hackers, warned users and analysts in the aftermath of the "I Love You" virus and its variants last week.

In addition, they said, Windows' evolution from a stand-alone desktop environment gives it features that can be exploited relatively easily by hackers in a networked world.

In fact, the speed and ferocity with which the so-called Love Bug propagated itself across millions of Windows computers worldwide - while leaving users of Unix, Linux and Macintosh operating systems untouched - underscores that fact.

"Creating viruses to attack Microsoft Windows is not rocket science," said Dave Stringer-Calvert, a senior project manager at Stanford Research Institute International in Menlo Park, California. "There is no doubt that we will see another virus targeted at Windows users very shortly, and it could be far more damaging than the ‘I Love You' [virus]."

Repeated calls to Microsoft Corp. late last week for comment weren't returned.

Making Windows applications a particularly attractive target is their huge installed base and the relative ease with which crackers can turn several of Windows' useful features into weapons against users, said Josh Turiel, network services manager at Holyoke Mutual Insurance Co. in Salem, Massachusetts.

For instance, Turiel said, "the good thing is, Microsoft provides some very nice tools for integrating applications," such as Outlook, Internet Explorer and Exchange. The downside is that viruses are able to spread that much more quickly precisely because of such integration, he said.

The current virus outbreak, for example, exploited an "exceedingly useful" feature called Windows scripting host, which lets administrators automate certain tasks by writing a script. But it interacts in "unanticipated ways with the mail-reading program," Stringer-Calvert said.

Another crucial fact is that platforms such as Windows 95 and Windows 98 grew out of a stand-alone desktop system environment that wasn't really designed for internetworked use, analysts and users said.

Several of the key usability features, such as the ability for users to install software or configure a system, pose a security risk in a networked environment, because what one user does can affect all the others, said Laura DiDio, an analyst at Giga Information Group Inc. in Cambridge, Massachusetts.

"It brings us to the basic question of usability vs. security," DiDio said.

Reasons such as those make Windows users more vulnerable to virus attacks than users of Linux, Unix or Macintosh operating systems, where security is more of an architectural consideration. Therefore, it's crucial to protect yourself, said Tina M. Hynes, a software systems analyst at Directec Inc., a computer parts wholesaler in Louisville, Kentucky.

Though the company was hit by the "I Love You" virus and two similar Visual Basic script viruses recently, damage was minimal. "One thing that saved us a lot of grief was that all of our workstations and servers run Windows NT, where scripting just does not run out of the box like it does on Windows 95 and Windows 98," she said. Also key was the company's use of antivirus software.

Essential to minimizing exposure to such attacks is keeping virus protection software constantly updated, agreed Hugh Hale, manager of MIS at BlueCross/Blue Shield of Tennessee in Chattanooga.

The company had to shut down all external e-mail for two days while the virus was weeded out of its systems. "About the only thing you can do is pick the best antivirus vendor out there and do the best to stop attachments of any kind being sent from inside or outside your systems," Hale said.

Also needed are restrictive policies that block out all executable files sent via e-mail, Turiel said. Holyoke has a formal policy prohibiting transmission of executable files in addition to technology for filtering out all e-mails with executable attachments.

Staff writer Kathleen Ohlson contributed to this story.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Giga Information GroupMicrosoft

Show Comments