The Back Orifice 2000 Controversy
By: Eric Ruppenthal
Symantec, producers of Norton Anti-virus, along with many other
anti-virus producing companies announced recently that it was
classifying Back Orifice 2000 as a Trojan and or virus. This is a
concerted effort to bar the competition of Cult of the Dead Cow in the
network administration tool field. By using their anti-virus programs
to keep computer users from using BO2K, these companies are engaging in
unfair business tactics to keep a legitimate program from stealing the
profits of their network administration tool programs. This creates a
serious anti-trust problem.
Back Orifice 2000 was produced by Cult of the Dead Cow (cDc) as an
actual legitimate tool to be used to remotely administer Microsoft OS
computer networks. It was introduced in Las Vegas on July 11, at DefCon
7. Since its official release to the public on July 14, every effort
has been made to define this program not as a evil tool, but as
something to be used in the real world of business. The program is free
to any U.S. citizen who plans no exportation of it because of the
encryption contained in the program.
Many of the companies that produce anti-virus programs also deal in the
network administration tool arena. The applications these companies
produce are similar in functionality to BO2K with the difference being
cDc offers their program free of charge. The companies see this factor
as having the potential to seriously undermine their profit margins. So
what do they do? They use a commonplace tool to remove this program as
a threat; knowing full well that millions of computer systems in this
country run anti-virus programs, including the networks this tool could
be used on. They use this to their advantage by having it detect and
label BO2K as a virus. This blatant attempt at monopolizing the network
admin field thus blocks most attempts by any network administrator from
using BO2K in a legitimate capacity without having to compromise virus
protection.
Symantec produces a program called PcAnywhere. Another company that is
a close ally of Symantec is Microsoft. Microsoft is currently involved
in a government anti-trust suit. Microsoft also makes a network
administration tool called Systems Management Server that is integrated
within the Microsoft BackOffice Suite. BO2K uses a little known hole
that Microsoft deliberately placed in its OS source code to run in a
stealth mode. Many of the enterprise management tools such as SMS from
Microsoft do stealth remote control. Read the comparison of BO2K,
Norton's PcAnywhere and Compaq's Carbon Copy 32 at http://www.bo2k.com/comparison.html
They all have a silent install option and they all have silent remote
control. SMS even has a configurator much like the BO2K wizard to
configure the agent before sending it to the target machine. The
technology of stealth monitoring and control was there way before BO2K.
But these companies would have you believe that BO2K is the only tool
inherently destructive towards computer systems because it is made by a
well-known group of non-commercial programmers. What cDc has done is
put it in everyones face and built a technologically superior solution
that is free and open source. Any program has the potential to be
misused. If there is a way for someone to exploit a hole in your
computers defenses, it will be found.
Microsoft is fully aware of the problems associated with powerful
remote administration. Their SMS administration software has similar
problems, by their own admission. From their page describing SMS; http://www.microsoft.com/smsmgmt/techdetails/remote.asp
"Security of all the operations that Systems Management Server allows
you to do on a client, remote control is possibly the most dangerous in
terms of security. Once an administrator is remote controlling a
client, he has as many rights and access to that machine as if he were
sitting at it. Added to this, there is also the possibility of carrying
out a remote control session without the user at the client being aware
of it." Microsoft's site goes on to say, "It is possible to configure
a remote control from a state where there is never any visible or
audible indication that a remote control session is under way. It has
been made this flexible due to customer demands ranging from one end of
the spectrum to the other. When configuring the options available in
the Remote Tools Client Agent properties, due notice must also be taken
of company policy and local laws about what level of unannounced and
unacknowledged intrusion is permitted."
According to a press release by cDc, "In the past, Back Orifice has
been used as a Trojan horse by script-kiddie crackers to annoy and
sometimes harm Internet connected Windows machines. This is a fact of
life with a tool that has the ability to be silently installed and can
perform administration without end-user intervention. This, however, is
not unique to Back Orifice. There are many Trojan horse programs out
there, and many legitimate remote administration tools, that have the
capability to perform quiet remote installations." Their statement goes
on to say, "We have designed Back Orifice 2000 to meet user demands and
to provide the most powerful remote administration available for the
Microsoft Windows platform. Many people don't like to see free software
like Back Orifice being used in replacement for expensive commercial
products. So, they throw around statements like 'the program is only a
malicious tool', and 'It has no legitimate purpose. The Microsoft
Crypto API claims to provide 'strong encryption'. Of course, if you
don't have the source code, you can't verify that this is true. We
aren't taking that chance. Back Orifice 2000 encryption is proven
strong, and we're not afraid to show you exactly how it's implemented."
cDc has produced a program that is to be used in a legitimate business
environment by a network administrator to aid in the administration of
the computers they manage. They want you to know exactly how legit Back
Orifice really is but these companies are trying to prevent this freely
available tool from being released by using one of their own product
line applications to suppress BO2K so that another of their products can
flourish. Both Symantec and Microsoftís products stand to lose a good
percentage of market shares if BO2K were allowed to be released free to
the public and become a commonly used tool. All of these programs, not
just BO2K, can be detrimental to any computer system if used in the
wrong hands. BO2K must be given a chance to prove itself a legitimate
tool and taken off the virus definitions lists. The open-source model
has provided Back Orifice 2000 with a more than legitimate position in
the industry and Back Orifice 2000 will grow to encompass all of the
features of currently existing commercial remote administration tools.
Says a member of cDc; "We're dedicated to empowering people with their
technology."
Submitted by: Eric
Ruppenthal
HFactorX International Organization
