With the release this week of Windows NT hacking tool "BackOrifice 2000," Microsoft has launched an informational campaign of its own, designed to derail myths about the malicious program. According to a report on Microsoft's Security Advisor Web site, BackOrifice 2000 is a remote control application that must be stealthily installed so that attackers can take over a Windows NT-based network. The program enables remote hackers to do anything they could do were they to be logged onto the machine locally: Run programs, delete files, and the like.
"BackOrifice 2000 is a remote-access tool that was developed with the intent of harming users," says Jason Garms, the lead product manager for Windows NT security at Microsoft. "It is a tool that has no legitimate purpose other than exposing users' machines to people on the Internet. Users who are tricked into getting this thing installed on their system are vulnerable to the attacker, who can then do anything that the victim can do--move the mouse, open files, run programs, etc.--which is little different from what legitimate remote-control software can do. Back Orifice, however, is designed to be stealthy and evade detection by the user."
For BackOrifice to find its way onto your system the hacker must have physical access to the machine with a valid login or you must be tricked into installing it; typically this is accomplished by sending users the program as an email attachment that must be executed. To prevent this program from taking over your system, just use common sense: Always run an anti-virus program with up-to-date virus definitions and don't let anyone gain unauthorized physical access to your machine. Perhaps most importantly, don't execute email attachments from unknown people.
One of the biggest myths perpetrated by the makers of BackOrifice is that program takes advantage of security inadequacies that are inherent in Windows and Windows NT. This is simply not true: BackOrifice could have been written to attack *any* kind of computer system. The hackers that wrote it simply decided to attack Windows, which is the most popular computing platform by far. In fact, as Microsoft notes, BackOrifice doesn't actually target Windows per se at all: It targets users, who often don't understand security issues well enough to not execute email attachments from unknown sources.
Another common myth centers on the goal for BackOrifice: In an attempt to protect themselves from legal problems, the creators of BackOrifice are pretending that it is a legitimate remote control application. However, this is not the case: BackOrifice is designed to escape detection and exceeds the needs of remote control software. And it doesn't prompt the user when it installs on the system.
"The creators \[of BackOrifice\] claim that this is a useful administration tool, but it doesn't even prompt people when it installs itself on the system. It doesn't warn them that it's getting installed. And, once it's installed, it makes the system available to other people on the Internet. That is a malicious act," says Garms. "I am personally unaware of any major customers of ours who consider this to be a remote administration tool as the folks who created it claim. Quite the contrary, they consider it a piece of malicious code. Unfortunately, there are some users who were duped by the press releases from the organization that released the software, and did install it on their systems."
For more information about Microsoft's response to BackOrifice 2000, please visit the Microsoft Security Advisor Web site