Skip to content or view screen version

M$ Windows XP Professional Bugging Device?

Mark McCarron | 07.10.2004 04:33 | Anti-militarism | Globalisation | Technology | World

A hypothesis that Microsoft's Windows XP is a complex variation of a bugging device.

M$ Windows XP Professional Bugging Device?
By Mark McCarron

( MarkMcCarron_ITT@hotmail.com,  angelofd7@icqmail.com)


Introduction

Context, context, context. I was sick hearing that phrase from Egyptologists in regards to my research on the Great Pyramid. They never could grasp that context is irrelevant to the scientific process or methodology, science examines facts, not interpretation. In saying that, they taught me a lot, it is funny how the entire aspect of a thing or situation can change, just by applying a different context to it.

In this article, I intend to do just that, with Microsoft's Windows Operating System.

If you have ever wondered, if;

1. Microsoft, was secretly spying on end-user machines?
2. Big Brother deployment scenarios were real?
3. M$ Windows was a type of bugging device?

Then this, is for you my friend, the 'Top-47 Windows bugging functions', and then some. There is also an appendix on forensic methodology and Magnetic Force Microscopy (MFM).

All sing...'There may be trouble ahead...' :)


If You Could See, What I Can See, Reinstalling Windows...

In general, to people in the western hemisphere; bugging devices, parabolic microphones, signal tracing, satellite tracking and secret government agencies, performing highly illegal activities, on a covert basis, are the source of inspiration for novels, movies and theater, rather than any real event.

These devices and activities have been part-and-parcel of my life (and almost anyone else in Northern Ireland), from the moment of birth and conspiracy theories are simply facts of daily life that, could put, any of my friends, or myself, into an early grave. Therefore, it is only natural for me to see things in a military context and this provides a very interesting picture of odd behavior, at Redmond and various other big names, throughout the US.

Microsoft is of the 'opinion' that its software is an operating system with a wide range of 'features'. As I am about to demonstrate, that is simply a matter of 'how you see things' and the context in which they are highlighted in. This is a very subjective experience and different people tend to see different things, simply because their own personal context is automatically applied, a 'bias', if you will.

The point to hold, in the front of your mind, throughout reading this article, is the fact that the 'features' and their descriptions, presented here, are accurate representations of Window functions, in their own right, however, any suggestion as to motivation would be speculation.

More clearly, Microsoft has presented it own 'opinion' on the various features within Windows, other 'opinions' do exist and this article presents one of them, in a hypothetical scenario. For this analysis to hold, the hypothetical scenario must be demonstrated to be consistent throughout the design of the OS, not just its usage.

The style and tone throughout, is based upon the working hypothesis, that Microsoft has altered the Windows OS, to reflect US military requirements and that its primary role is that of a modern variation of a 'bugging device'. It is simply taken as a given fact throughout.

This clarification allows for a more direct style of writing and legal protection for publishers. In addition to this, the views expressed in this report are the authors and have nothing whatsoever to do with anyone else.

There are no accusations being made, this is presented only as a 'working hypothesis', at all times, to allow for the fullest exploration of this particular train of thought. If the hypothesis holds, then we will expand it a little, to place it in proper context and draw the conclusion from the entire investigation.



Report On Analysis of Microsoft Windows XP

1. Start -> Search :)

Each and every time a search is conducted using the search option under the start button on Windows XP, the system automatically checks if your online and transmits information directly to Microsoft.

This is done, without informing the end-user in any fashion, nor providing a clear method to disable. It has been hidden by design. In technical terms, a form of Trojan.

A good application level, stateful firewall, will catch this communication attempt.

Done by design.


2. Help System, F1

When accessing Microsoft Help systems, through the F1 key. A communication attempt to Microsoft's ActiveX site is made.

Done by design.


3. Microsoft Backup

Designed to bypass all security, even ownership rights of a drive. Try it.

Done by design.


4. Process Viewer (Task Manager)

No mapping to executable file, nor will it show all running processes. Designed to hide important information required for determining system infections and sources of network data transmission.

Done by design.


5. Dr Watson

This used to loadup with information on dlls that had been hooked. Hooked DLLs are used to intercept keystroke, etc. Microsoft removed end-users capability to see this. It now generates a simple messagebox.

Done by design.


6. The Windows Registry

Now, on the face of it, this may seem like a good idea, however, as any developer will tell you, they only use it because the commands are quick, simple and, when it comes down to it, security is mainly the end-users responsibility.

It would be much faster, simpler and provide greater system security to use an ini file. Linux uses this approach with config files. An entire database must be examined each time request is made. This is why Windows slows down after you begin installing applications. The registry grows and more cycles must be dedicated to completing each query.

When you multiply this, by the wide range of systems accessing the registry, it is clear to see, that as a design architecture, it is completely moronic.

That is, until it is examined from another perspective, try the following perspectives as examples:

a. HKEY_CURRENT_USER - psychological profile of logged on user, real-time usage focus.

b. HKEY_LOCAL_MACHINE - Detailed reporting of hardware and a wide range of traceable unique identifiers

c. HKEY_USERS - psychological profiling of all users, post-forensic usage focus.

d. HKEY_CURRENT_CONFIG - Advanced psychological profiling based on a ranking system of 'psychologically-based options' embedded throughout the system. This could include things like favorite colour, pictures, sounds, etc.

Throughout the registry are an extensive amount of MRUs. These areas store your recently accessed documents each application and other information. Now instead of having a single area were these are stored, for both rapid access and cleaning purposes, Windows was designed to fragment these throughout the registry database.

Firstly, this makes cleaning the registry a specialized job, as a mistake can corrupt Windows. Secondly, and most importantly, this is what we call 'fragmentation'.

Now 'fragmentation' is a well known source of problems when accessing information. Many will point out, that the registry is a hierarchy and that that this eliminates fragmentation. I must point out that I am referring to the 'entire structure of recorded information' and not the technical definition of fragments of data.

By fragmenting the various forms of 'recorded information' throughout the registry, it can take upwards of a week to list every key that should be cleaned. The entire process must be repeated each time a new application is installed, to determine what exactly was placed into the registry. Windows also uses an extensive amount of MRUs that have been altered to an 'unreadable' format. This would leave 95% of users completely unaware of Microsoft was recording.

There is no need or requirement for a registry, other than to provide central access to 'private information'. As a programming architecture model, the design borders on the moronic and is directly opposing every known, best practice, in programming.

The true motivations behind the registry design are quite clear and highly specific.

Done by design.


7. Temporary Files

Temporary files are retained under 'Document and Settings' for a prolonged period of time and in most case require manual clearance.

Done by design.


8. Recycle Bin

Even when told to not use deleted item to the recycle bin, it is used anyway, only with out the prompt. This generates a ghost copy on your hard disk of any deleted files.

Two copies are better than one for recovery purposes, especially were Magnetic Force Microscopy is concerned. The two copies can be referenced with each other for rapid recovery procedures, its an attempt to eliminate bit errors in overwritten files.

The more ghosts images, the better the chances are for fast and complete recovery of during post-forensic examination.

Done by design.


9. Recent Files

Only a small portion/subset of the recent files accessed is displayed in 'Documents' section under the start button. The folder that contains the shortcuts has a far longer list hidden from general view.

For example, 11 files are listed under the Start buttons 'My Documents', however, 'My Recent Files' contains 17 entries. The other 6 came from my last list of files which I deleted using the 'Clear' button.

Done by design.


10. NotePad

Windows XP versions cannot word wrap properly and have been redesigned to make their usage as frustrating as possible. For example, when saving text only file, the screen resets the position of the text to the line where the cursor is at.

This takes specific coding and not something that happens by accident. The idea is to push people towards Microsoft Office, were all security can be breached and copies written, at will, across your drive.

Done by design.


11. Swap Space/Virtual Memory/Page File

Regardless of how much memory is in your system the page file can not be disabled. Its main function is too swap memory to disk and allow memory to be freed for running applications. With a large amount of RAM, this function becomes redundant, except under exceptional circumstances.

What is the useful purpose of a 2MB page file? Other than writing data, across the drive, in 2MB chunks, none.

Its designed to flush encryption keys and sensitive information to disk. This also generates ghost images which can be retrieved.

Done by design.


12. Firewall

Incoming firewall only. This allows spyware to transmit information without any problems or detection. 90% of spyware information is transmitted to and shared throughout the US.

Done by design.


13. Memory Usage

Designed to use large amounts of memory to drive the hardware industry sales of components. For Windows XP to function correctly, it requires at least 1GB RAM and at two physical drives on separate IDE channels or SCSI interface I/O.

Even then, it hogs everything and leaves random fragments in memory. These fragments or 'memory leaks' are then flushed to disk, in an effort to capture some information from running applications, encrypted viewers, etc.

The ever expanding registry is designed to keep up, with ever expanding hardware and slow the system. End users think programs have gotten more powerful and they must upgrade. Its simply that more and more cycles are dedicated to various expanding databases, each and every boot.

Done by design.


14. Automatic Updates

Can allow remote installation of any form of software at Microsoft's whim.

Done by design.


15. Raw Sockets

Microsoft prevents new protocols being developed on Windows to prevent usage of nonstandard protocols. This allows for easy access to information. It also prevents the disabling of Microsoft's TCP/IP stack, which for all we know, could have 30,000 extra 'ports' coded into it.

Windows 2000 was actually programmed to reject any driver, that would allow custom protocols to be developed, without Microsoft certification. Microsoft claimed this was a 'mistake'.

Now lets all try to picture the conversation at Microsoft on this one, shall we?

{In an office at Redmond...}

Executive 1: '...my hand slipped and wrote 10 pages of code..., no wait...,
Executive 2: the dog coded it, ah nuts..., erm...,
Executive 1: Can we blame Bin Laden?'

Raw socket access also bypasses every known firewall, from Sygate to Zone Alarm. The reason being that these applications, rely on the Windows message/event handling and Microsoft designed Raw Sockets not to report to this layer.

Komodia produce a TCP/IP Packet Crafter, install that and Sygate's Personal Firewall on WinXP service pack one. Craft a few packets to see this in action. Nice trojan tool M$.

Reverse psychology was employed, although not a very good example of it, in Microsoft's deployment decision to support raw sockets. It was to get people to focus on a 'hoax' alert, rather than the high level of security such a system would provide.

The truth is, raw sockets is not required, however, it just makes life simpler. For real time software, the overhead presented by TCP, is too great and the effects can be seen on excessive lag during online gaming, or media playback. A streamlined custom stack, allows for faster processing of the IP packet and over a 1000% improvement to connectivity management than TCP encapsulation.

Many developers do not realize that TCP is not required and that custom packets can be encapsulated within IP alone. IP routes the packet, from A to B, and TCP provides a data path encapsulated with the IP packet. This allows Internet routing to change, without effecting application support. Custom stack creation is a 'walk in the park', all it involves is parsing a binary stream and executing functions based on flags or value, it also, automatically, supports the OSI/DoD model.

By breaking support for raw sockets on Windows 2000, Microsoft manipulated the entire global market, as no developer could be assured their applications would function after 12-24 months. It also provided a way for Microsoft to eliminate tools such as 'Ethereal' that could inspect the communications of a Windows system.

An active attempt at blocking end-users knowing what information a Windows system was transmitting, as Microsoft is aware, that over 80% of end users only have a single PC.

Done by design.


16. Remote Access Bugs

This is a good example of 'context and highlighting' (perspective). I want you to consider this statement:

Is a remote access bug, not the same thing as a backdoor access code?

Write a detailed essay on your conclusion, no less than 30,000 words. You should consider statements such as 'buffer overflow executes code', 'invalid datagram shuts down PC', etc. :)

OpenBSD has no such remote exploits and no money.

Done by design.


17. Music Tasks

A nice big link to 'Shop for Music Online'. This is a direction to US based enterprises and also a violation of the Microsoft EULA, as it mentions nothing whatsoever in regards to Microsoft Windows being an advertising supported platform.

No matter how small the feature, that is still what it represents. If Microsoft is in breach of its EULA, does that invalidate it?

Done by design.


18. Windows Media Player

No way to disable automatic check for updates. This allows any form code Microsoft chooses to be used as an upgrade. Defaults to uniquely identifying an end user and stored media.

Certain websites warn their visitors that using Windows Media Player version 7 on their websites will reveal your 'personal information' t Microsoft. An example can be located here:

 http://ekel.com/audio

Have you ever wondered how p2p information on end users is gathered? Think about it the next time you connect to a commercial Internet radio, video or media service.

Done by design.


19. Alternate Data Streams

This 'feature' of Microsoft Windows relates to how information is stored on your harddrive. Under NTFS, not only is there the file, but there is a second, hidden aspect to each file. This hidden aspect is stored separately on your hard drive and not as part of the file.

I suppose the term, 'Alternate Data Streams' make better business sense, than 'hidden information gathering process combined with standard file functions'. :)

All additional information to a file, such as date/time stamps, file name, size, etc. is stored in this layer. Not only this, but so is the thumbnail cache of all images viewed by the system. This 'feature' is hidden by design and requires either a 1 month long 'disk nuke' (for average 80GB HD) or physical destruction of the disk platters to remove.

Physical destruction is recommended, as it requires specific manufacturers codes to access bad blocks, internal scratch areas and internal swap/cache areas of the drive. Even with the codes, certain problems can arise from unreadable sectors which may contain copies of sensitive information.

Nothing beats an nice afternoon with a screwdriver and grinder. :)

The caching can be disabled, however, Microsoft has made this as 'obscure' as possible. Microsoft Windows also does not explain the function of 'Do not cache Thumbnails'.

It is aware 90% of end-users have the technical aptitude of 'a banana with a with a drink problem' and would never grasp the implications, let alone, understand.

Done by design.


20. Stability

Microsoft Windows is designed to collapse upon extensive number crunching, of large arrays, of floating point calculations. This would prevent; nuclear modelling, physics modelling, and genetic modeling. These three aspects can produce Nuclear, alternative and biological weapons.

I don't know about you, but this 'feature', I can live with, or couldn't live without, for very long. :)

Done by design.


21. Internet Explorer 'Features'


MSN Search

When Internet Explorer fails to locate a web address it initiates a search through Microsoft. Therefore, every failed access attempt is sent to Microsoft, with all your system information in the X header structure. to Microsoft, cleverly disguised as 'assistance'.

Done by design.


22. Temporary Internet Files

Without extensive reconfiguration of Windows end users will not see the real files. Instead they see a database generated representation drawn from a file called index.dat.

Even the controls to access the drive are hidden with an obscure setting called 'Simple File Sharing (Recommended)'. Windows XP does not always delete the actual files from your hard disk. Even the emulated DOS reports the database, unless windows is substantially reconfigured.

Windows goes to great lengths to prevent this reconfiguration. Also, many do not know there is no need for this cache, other than to go back to pages. Its main role is to maintain a record of users activities and generate ghost images throughout the drive.

Done by design.


23. Index.dat

A database file of the contents of an area of the drive, including deleted files. In the 'Temporary Internet Files' it records date, time, Internet location and file name information of downloaded graphics/images and sites accessed, with user IDs in a nice big list.

There are various 'index.dat' files throughout Windows, a dat file is generally a database. A users activities can be recorded for several weeks and user names (etc) recovered. The index.dat file retains information about recently deleted files and Microsoft has failed to provide any reasonable explanation.

You cannot provide, what does not exist, there is no genuine reason to retain deleted files information other than deliberately recording an end users activities for forensic analysis.

This is used for rapid identification, file recovery and time-plotting of a users activities. A small application produces a timetable of a user's usage, referenced against the recorded information for each second of activity.

On large networks, this can be used to verify each member of staff location and movement across an entire infrastructure, this type of output in normally rendered in a full 3D layout of the target building.

Done by design.


24. Cookies

The official explanation for cookies is to offload information from the server, to the client. This can be authentication, preferences, etc. As you can see, its just a cheap solution, designed to cut costs.

When costs are cut, so are corners and in this case a corner that presents a major threat to information security. Cookies retain a lot of information such as logon IDs. In fact, the first cookie I look for, is generally, passport.com. This cookie will have the last recorded hotmail address stored within it. Combined with index.dat information, I can tell the following;

1. Windows logon ID of the person involved
2. The hotmail email address
3. The Date and time the account was accessed
4. External graphics viewed and the sources of those graphics
5. The machine from which it was accessed.
6. The duration of viewing.
7. And generally, the individuals sexual, political, social, personal and religious preferences based upon the information accessed.

That's with only two file sections.

Cookies can also be accessed remotely and are used to track the movements of end users as they move from site to site. Passport, Microsoft's common logon system, relates itself against the Windows account by default.

There is no need for this, it is these 'subtle functional intrusions' that Microsoft prefers. I honestly do not know what is going on in these people's heads, to think for one second, that the world would spot this a million miles off. It really does show the level of intelligence these people have; my dog demonstrates more social engineering skills when looking for food.

Done by design (very poorly executed).


25. Auto-Complete

Designed to record search terms, web addresses, and anything else it can get its grubby little digital hands on, for rapid post-forensic retrieval.

Done by design.


26. MSN Messenger

Microsoft has been retaining each persons deleted contacts from messenger. M$ has been monitored in this area and is known to retain everyone's deleted contacts for 3 years, at least.

This could be seen using a console-based version of MSN Messenger under Linux. Microsoft has since changed the protocols, so I am unaware if you can still see some of the information, M$ retains, on over 150 million people.

Messenger is also activated on accessing Hotmail. Microsoft claims to be using the 'features' provided by Messenger and will not allow it to be disabled. Now, as millions access M$ Hotmail without messenger, I must seriously question this behavior.

The 'features' provided by MSN Messenger are the transmission and reception of typed text and files. So, Microsoft has stated that it is, 'transmitting typed text and files', to and from, end users machines, when hotmail is being accessed.

Just cleverly worded.

Done by design.


27. Web-Cams and Microphones

These devices can be remotely activated providing visual and audio feedback from the target subject. There is also no way of telling if your devices have been remotely activated. These features are demonstrated in 'proof of concept' applications such as NetBus, etc.

With raw sockets (or driver) this information can bypass your firewall without any problems.


Microsoft Windows XP Services


1. Application Layer Gateway Service

Microsoft's Description:
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Internet Connection Firewall,,Manual,Local Service

Alternative Description:
This thing just loves making remote connections and accepting them. Set this up in your firewall to ask each time using ADSL or higher.

Have fun. :)

Done by design.


2. Automatic Updates

Microsoft's Description:
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.,,Disabled,Local System

Alternative Description:
Enabled by default. Enables Microsoft to distribute and incorporate any 'feature', at will. Not the greatest thing in the Universe to be allowing.

Done by design.


3. Computer Browser

Microsoft's Description:
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local System

Alternative Description:
This stupid design will breach security. The only computer a client needs to know, is the server and it should coordinate everything.

Why does Microsoft Windows identify and map every computer on the network?

The design principal is based upon 'remote orientation' requirements, using insecure clients as targets. Servers would be difficult to compromise and arouse to much suspicion.

The flow of information on any network is about 'the need to know'. Clients do not need to know any other computer, other than the server. The server acts as a 'proxy' to the entire network, data transfers may, optionally, be proxied too.

Done by design.


4. Fast User Switching Compatibility

Microsoft's Description:
Provides management for applications that require assistance in a multiple user environment.,,Disabled,Local System

Alternative Description:
Switches to every account, but the Administrator account. In fact, unless you know exactly what your doing, an end user cannot access the administrator account.

Post-Forensics can, that includes your Windows Encrypting Filesystem. Cheers M$.

Done by design.


5. IMAPI CD-Burning COM Service

Microsoft's Description:
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.,,Manual,Local System


Alternative Description:
Part of CD Burning and this thing is a nightmare. Any CD you make, it first makes a copy to the system drive, then only to use a scratch drive after that. Why?

That action is a waste of time. This is designed to generate 'ghost images' that can be recovered by Magnetic Force Microscopy. It is unlikely that the target subject will destroy their boot drive. Also, pointing the scratch to another drive, just makes more ghost copies.

Not only that, but I have caught Windows XP, pointing me to the CD burning directory when viewing CDs. That would suggest a cached image of some form.

Done by design.


6. Indexing Service

Microsoft's Description:
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language. ,,Manual,Local System

Alternative Description:
A search using the DOS emulator will run like a bullet. Windows search, however, will take its time unless the indexing service is activated. This provides quick post-forensic and real-time access to files remote files.

This behavior is by design. :)


7. Internet Connection Firewall(ICF)/Internet Connection Sharing(ICS)

Microsoft's Description:
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.,,Manual,Local System

Alternative Description:
First off information is sent to both Microsoft and to a range identified as belonging to ARIN whenever a PC connects to the Internet. Random connection attempts are made by Explorer, NT Kernel, Internet Explorer, Windows Help, svchost.exe, csrss.exe and numerous others. I have even caught calc.exe (The calculator) attempting to initiate a remote connection, now and again. Without reverse engineering, I was unable to tell if it really was the applications, or a subsystem calling the applications. Very odd.

Microsoft Windows defaults to sharing your files using SAMBA across the Internet. This even bypasses most domestic firewalls or security setups, unless specific options are set in the firewall. This allows for remote access to files, documents, etc. without breaching any known legal regulations.

Try entering random IP addresses into your 'My Network Places' window when online, preceded by the '\\' network identifier.

i.e. '\\91.111.2.80', or '\\222.54.88.100'

Within about 30 attempts (of a good netblock), you should get a remote machine to share files with you, in the same manner as a LAN setup. Expect your machine to freeze when performing any remote operations for up to 4 minutes at a time (i.e. such as right-clicking a file).

The reason for behavior is that native SAMBA is designed for 10Mbit networks (at least) and is therefore a very bulky protocol. Also, the remote host may be using their Internet connection, have a low bandwidth connection or performing processor intensive tasks.

A quick examination of Sygate's instruction on how to use their firewall with ICS, reveal that your kernel cannot be blocked, nor can several other systems. These systems are not required on a LAN, so Microsoft has designed these systems to breach security.

There is no difference between TCP/IP over a LAN and the Internet, other than settings. As a programmer I know Network Address Translation is simply a case of storage and substitution of IP addresses, with a few whistles and bells. There is no excuse for these systems to be exposed to the network.

Done by design.


8. Messenger

Microsoft's Description:
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.,,Disabled,Local System

Alternative Description:
Messages should only be broadcast, by and to, the main server. Having this on every machine provides a method of transmitting real-time keystroke intercept across the Internet. This service is also enabled by default, even with the known Internet abuse of the function. This only indicates design manipulation.

Done by design.


9. Network Connections

Microsoft's Description:
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.,Started,Manual,Local System

Alternative Description:
Only weakens security by providing a central reporting mechanisms. These aspects have been combined by design, with no logical requirement for the function. Again, a single-point of failure is introduced into the system.

Done by design.


10. Protected Storage

Microsoft's Description:
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.,Started,Automatic,Local System

Alternative Description:
Also provides quick access to this information. Swift breaking of security. Sweet. :)

Done by design.


11. Remote Procedure Call (RPC)

Microsoft's Description:
Provides the endpoint mapper and other miscellaneous RPC services.,Started,Automatic,Local System

Alternative Description:
May the saints preserve us from RPC. RPC provides remote computers with the ability to operate your PC and listens for these connections on the network/Internet.

What sort of idiotic decision making was behind an RPC service that cannot be disabled? Why not just come into my livingroom M$? You're practically there anyway!

(I'm just losing my head now! This is disgraceful.)

Done by design.


12. Remote Registry

Microsoft's Description:
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.,,Disabled,Local Service

Alternative Description:
This nifty service is enabled by default. It provides remote access to the windows registry, allowing run-time modifications to be made to your PC. Hmmm....what an excellent idea! Just what I always needed, a way to 'tweak' my running spy applications remotely.

I knew M$ was thinking about me, I'm touched, or at least they're close enough to reach out and touch me. :)

Done by design.


13. Server

Microsoft's Description:
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.,Started,Automatic,Local System

Alternative Description:
This is not required, it provides a central management for open files and printing operations. It also provides a method of remotely monitoring a users activities.

This 'service' (ha!) provides a single-point of failure for an entire network. It is linked to the authentication, so if the server collapses, so does the entire network, as this is managed by the server. Again, security and functionality have been manipulated to focus on information retrieval and access.

Done by design.


14. SSDP Discovery Service

Microsoft's Description:
Enables discovery of UPnP devices on your home network.,,Disabled,Local Service

Alternative Description:
What in Gods name for? This is part of the 'remote orientation' facilities encoded into Windows, allowing remote hackers the ability to explore the network swiftly, reducing chances of alarm and excessive activity through exploration.

Done by design.


15. System Event Notification

Microsoft's Description:
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.,Started,Automatic,Local System

Alternative Description:
No way of knowing, without full reverse engineering, how many undocumentented events exist throughout Windows. Windows could have an entire additional level of event reporting.

Event and thread management in Windows is very suspicious due to its sluggish and sometimes unpredictable behavior. Compensation for this is normally done by 'peeking' into the message cue, however, sometimes it simply refuses to work. This would tend to suggest the interaction of an unknown component (or several component) with the event system producing conflicts.

Done by design.


16. System Restore Service

Microsoft's Description:
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties,,Automatic,Local System

Alternative Description:
Keeps ghost copies of various forms of cached information in a nice quick accessible format. We can't let our hard earned information go down the pan now. :)

Done by design.


17. Terminal Services

Microsoft's Description:
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.,, Disabled,Local System

Alternative Description:
I just bet its interactive and highly 'functional' too. This is enabled by default, providing a remote desktop for any hacker. Wow, what a service M$.

I'll agree with you on this one, that is a 'service and a half'!

Done by design.


18. Windows Time

Microsoft's Description:
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
,,Disabled,Local System

Alternative Description:
Sends information to Microsoft and keeps your date and time stamps nice and fresh for post-forensic analysis. At least they're tidy when they invade your privacy. :)

Done by design.


19. Wireless Zero Configuration

Microsoft's Description:
Provides automatic configuration for the 802.11 adapters,,Disabled,Local System

Alternative Description:
Zero configuration means zero security and that's exactly what you get. The entire network is exposed to anyone within reception range. Therefore, if you are using this in your home environment, that can mean remote monitoring from up to 3Km using proper equipment, or someone else using your Internet connection from a range of around 50-80m radius.

Even with security, the IEEE specification for WEP was clearly manipulated and weakened by interested parties. There is no other acceptable excuse for that level of incompetence.

Done by design.


20. Microsoft Works

Breach of trade descriptions act? Microsoft 'probably' Works. :)

Really, it is an 'implied' suggestion based on the play of words. It can be described as 'psychologically misleading', human psychology is extremely complex, even if most humans are not.

This implied statement is registered at a deeper level of the brain and assigned its true meaning. Otherwise, you would have never considered the relationship in the first place.

One way of describing this is, 'marketing', the accurate description is 'subliminal programming', it does not matter how slight the incident.

This is very, similar in style, to the 'French Fries' and 'Freedom Fries' incident in the US, used to blind the US citizens from war opposition, through manipulation of patriotic beliefs.

Shameful.

Done by design.




Windows Security, Not What You Think

Since all security products that operate on the Microsoft Platform are both designed from, and encapsulated by the OS, then it is ultimately Microsoft Windows that is providing your security and not your firewall, etc.

So, any product that claims to provide security FOR windows, is simply reflecting the limited understanding the company has of what it is doing.

I bet that will inspire confidence in computer security. :)

The accurate description is that M$ Windows, secures itself, through execution of a 3rd party application, which M$ Windows must inform, to provide security. As we seen in 'Raw Sockets', this does not always happen. Linux does not have this problem, as the systems is a mosaic rather than a full encapsulation, or sandbox environment.

Therefore, even with all the security, in the known Universe, installed on a Microsoft Windows Platform, it is still the responsibility of Windows to inform the security products of each event happening. If Microsoft Windows fails to report, or hides certain messages/events, then your security software becomes 100% completely redundant.

This is a source of great concern with Microsoft's plans to encrypt the system area of new versions of Microsoft Windows. Somehow, I don't think this system, nor any variation of it, will ever see the light of day.

If this was to happen (the encrypted system), instead of an EULA, I think Microsoft Windows should be required to read end-users their rights. Microsoft is not the Law, nor is it above it, in any way.

You have the right to be bugged, click OK to continue! :)


Bugs Of The Third Kind

How long as Microsoft been programming Windows for?

Ten, maybe fifteen years, and we are seriously asked to believe that a company with the financial resources of Microsoft cannot a create a bug-free Operating System?

Companies with lesser resources than Microsoft provide such systems for Air-Traffic control and medical purposes (Heart Monitors, etc). A perfect example here is OpenBSD. OpenBSD is a free Operating System and with very little funding (nowhere near what Microsoft has, in a million years) the only remote exploits you will find, anywhere in the world, will be at least 12 months old.

Most of Microsoft's problems are at least that old before anyone decides to analyze them, let alone, fix them.

This is a very clear example, honestly, there is no acceptable excuse here. If Microsoft claims 'compatibility', then I simply refer them to the current deployment of service packs that destroy 'compatibility'.

Also, the important thing to business is their data and data cannot have 'compatibility' issues. Its simply a binary stream that can be used on any known operating system.


Wild Speculation On Codenaming Strategy

Microsoft has had a consistent naming policy for its operating systems, in the form of city names. Code names for various releases have included; Chicago, Memphis, etc.

Now all this changed with the arrival of Windows XP. Its codename was 'whistler' and the next version of Windows is codenamed 'LongHorn'. I was interested in the reasoning behind the switch. I was thinking that these codenames could be based on one, or more, of the following points:

1. A play on the term 'whistleblower'?
2. A play on a reference to 'pinocheo'? (tells stories, reference to Long (Nose) and Horn (Whistle Blower) )
3. Horn, as in a form of 'early warning system' and Long because of its distributed nature?


Can Windows Be Secured?

Yes, with FDisk. (Recommended) :) Otherwise, due to its encapsulated nature, the answer is a pointblank, no.


Additional Observations

All we need now is Intel's 'processing and storage' layer to the Internet and we have a, full-scale, 100% genuine, deployment of a Big Brother scenario. Thanks Intel, but, we'll pass on that one, nice to see you are thinking of everybody for a change. :)

If anyone is wondering what on Earth is going on, well Congress went a little nuts passing resolutions, without its normal due caution. Looking down the barrel of a gun 24/7, does not provide the ideal circumstances for making these decisions, nor the environment for full, open debate, for security reasons. As such, mistakes can only be expected, congress is still only human, despite the rumors.

I am just worried that this is the entire intention, due to Microsoft's modifications, its software predates 9/11, so it could not use 9/11 as an excuse. I wouldn't like to consider the implications of that statement 'being inaccurate'.

I know many readers would be enjoy this analysis taken further, however, it is well beyond the scope of this report. It is also an area I feel is best left to the authorities.

Alterations to M$ Windows also coincides with antitrust cases and the reversal of the ruling to split Microsoft into two companies. This leads to three important questions:

1. Was Microsoft hijacked by the US government, CIA or NSA?
2. Is this why M$ Windows was altered?
3. What would the suggested reason be for military adaptations to M$ Windows prior to 9/11?
4. Why 3 Operating Systems (ME, 2000 and XP) between 1999-2001?

I only mention this to be fair, rather than shoot first, ask questions later. I'm a Zen Buddhist and politics, ain't my bag baby. :)

Google's ranking methods have come under question recently and in the context of this report, I think the follow will speak volumes for itself:

Search for the term 'Book'. Conducted September 11th, 2004.

Top 10 results from Google.com

1. US
Barnes & Noble.com, 6000 Freeport Ave - Suite 101, Memphis, TN 38141.
2. US
onlinebooks.library.upenn.edu, University of Pennsylvania
3. US
www.cia.gov, CIA - Factbook.
4. US
BookFinder.com - Berkley California
5. US
www.kbb.com - Orange County
6. US
www.worldbookonline.com - Country Wide, with world-wide divisions
7. US
www.superpages.com - 651 Canyon Drive. Coppell, TX 75019.
8. US
www.amazon.com
9. US
www.abebooks.com - Victoria B.C.with offices in Canada and Germany.
10. US
www.bookwire.com - 630 Central Ave. New Providence. New Jersey.

May I remind everyone that Google is behind nearly every major search engine in the World. Is this what they describe as 'free enterprise' in action?

I wouldn't like to see systematic manipulation of the global economy, if that's the case. :)


A Small Bit of Advice

Linux...Open Source...Free...No worries.


Conclusion

Is America awake? Remember a small concept called Liberty? (Its French, by the way.) I wonder how M$ is going to explain this one?

This one, I really must hear. :)

'...let's face the music and dance.'



Appendix Contents

Appendix 1. Symbiotic Duality
Appendix 2. Magnetic Force Microscopy (MFM)



Appendix 1. Symbiotic Duality

The first thing you must accept is that a product does not have to be limited to a single purpose. The second thing to be accepted is that you may not be aware of any other purpose, even to the extent of being unaware of its primary purpose. Purpose comes from design, not usage.

Therefore, a product, such as Microsoft Windows can give the impression of being an Operating System, whilst having been designed for an entirely different purposes. This is the concept of 'Symbiotic Duality', it is the basis of all manifestations of depth.

We'll look at a few quick examples:

a. When you fight with someone you love, you can hate them, yet still love them.

This form 'Symbiotic Duality' is experienced as a 'depth' of emotion, it stems from the observed contrast, or gulf, between opposing emotions. The greater the gulf between the conflicting emotions, the more intense the experience.

It is from this understanding that the, very accurate phrase, 'Fighting is a sign of love', is drawn from. One cannot exist without the other and 'Symbiotic Duality' is a fundamental step in every emotional response.

'Love thy Enemy'. Its not like I much choice in the matter :)

b. To produce the effect of Depth in a scene.

An image contrasting near and far (large and small) produces the illusion of depth. This is another form of 'Symbiotic Duality', the contrast between near and far (large and small) produces an optical illusion, both aspects function as one, from opposing sides.

c. A depth of character can be expressed in apparently conflicting viewpoints. You may both agree and disagree with a situation, for various reasons. For example, you may not agree with war, but you recognize a time comes when it must occur, or, you may not agree with a situation, but since it is happening, you may as well make the best of it.

The greater the depth of character, the greater the gulf will be between these conflicting thoughts there will be. A person who repeats the same 'statements or rhetoric' time and time again, has very little intelligence and certainly lacks any depth of character, as they lack the opposing viewpoint.

d. The gulf between the people and government leads to increased anxiety, fear, paranoia and rejection.

The more 'stark' a contrast between government and the people, the greater the 'perceived gulf' will become. This concept is explored in George Orwell's book 'Animal Farm', it examines the 'US and Them' principle, and unknowingly, touches on the 'Symbiotic Duality' of the scenario.

That is, the common source of conflict between the two groups, the 'perceived gulf' that exist between them. By bridging that gulf, the situation may have been avoided.


Why is 'Symbiotic Duality' important to understand?

'Symbiotic Duality', as you notice from each of the examples, ends up, in one form or another, relating to the human biological make-up. The simple reason for this is that, 'depth', is a perception. If a 'Symbotic Duality' appears in an investigation, a human was involved in planning.

'Symbiotic Duality' can prove useful in forensics. By clearly identifying the contrasting behaviors of any system, the design choices made by humans and those dictated to by system requirements, can be distinguished with repeatable methodology.

This separation allows for both reliable, rapid identification of human design choices that fall outside compliance with system specifications, or other known base references (i.e. another OS design) and for complete focus to be given to only 'odd' human generated code.

Scientific investigators must operate by rigid procedures and methods, the concept of 'Symbiotic Duality' provides such a structure, this allows for repetition of the investigative procedure, rather than solely relying on expert testimony and Police accounts.

This can be vital in cases were an officer/jury needs to follow the scientific investigator at a technical level, collaborate on an investigation in a distributed environment, or work through vast amounts of information.

It provides a roadmap for the investigation, with one point naturally flowing to another, or any amount of other points.

Let's say for example we were investigating an email application. Firstly, we remove from the equation the basic technical functions of the application. This leave us with what can be described as a 'human-defined design'. That is, all the fluff added to an application to make it 'user friendly' and operational.

From here, we list each of the 'features' and a description of their functions. Next, we begin the 'Symbiotic Duality' analysis, by contrasting the basic technical requirement to implement a 'feature' against the actual implementation.

There are various sub-aspects to this procedure, such as contrasts from different 'perspectives'. This would include examining ease of information retrieval, information storage, information movement, information processing, network communication attempts, etc.

By contrasting what would be 'expected', under reasonable circumstances, against what is actually there, the 'gulf' (form of perceived depth) between the two states is revealed (Symbiotic Duality).

The procedure uses the 'Russian Doll' and Henry Ford Conveyor Belt principles, to break down the application into smaller and smaller units in a systematic exploration of the target system.

The method is highly flexible, in that, it does not require a linear approach to investigation, but rather, a completely random approach is recommended. This can match budgets and resources of investigative departments.

The results are composited in a cross-referenced mosaic that can be expanded upon from any point, providing the investigator a model of his/her complete investigation. This gels beautifully with the 'chain of custody' model.

What we are left with, is a combination of fluff and 'Interest Motivated' sections of the application. Its simply a matter of contrasting the expected characteristics of fluff against the remaining sections of code.

So, staring you in the face, in glorious black & white, will be a very clear list and description of each identified 'odd' behavior. As many investigators will have realized by now, adaptations of this can be applied to any form of of investigative procedure.

If you are interested in 'Symbiotic Duality', I'm afraid you will not find it in any texts, it was something I developed as part of my work to assist me. An in-depth understanding human psychology is a basic requirement in this field, as you must always think, what would this person do? 'Symbiotic Duality', let's you understand more clearly, what they were thinking as it exclusively relates to human perceptions.

I don't claim that this is any form of great new method, I just use it to assist my own work and it also has no form of recognition as an accepted method. Its simply another tool, in a long list, of analytical procedures and, in my line of work, every assistance is a bonus.

I like to think of this procedure as a:

'Random access investigative procedure, which uses the horizontal nature of emotional and perceptive responses, to clearly identify the various ranges of possible motivations behind an incident.

Cross-referencing and statistical analysis, provide a mechanism of ranking motivations, across an entire case framework, allowing for 'Computer Assisted Real Motive Analysis' (CARMA).'

That'll mess with your noodle for a while. Sorry. :)

The best visual representations would most likely be in the form of a 'tree' structure, expressed in 3D. Each 'Symbiotic Duality' identified can be provided a 'score' (ranking), and numerous sub-scores (sub-rankings) if required. The ranking system, has an unlimited user-defined scale. This allows for statistical analysis and cross-referencing, with stark contrasts. The scale can also be categorized.

I only mention it here, as it was employed in this analysis, however, I am still developing the theory behind this. The report does not rely on this theoretical work, but rather, standard procedures in high level analysis.

Well, that's enough 'Psychology and Forensic Analysis 101' for today.

Have you not got a life or something? :)


Appendix 2. Magnetic Force Microscopy (MFM)

I had the chance to see this process first hand, a good friend of mine demonstrated the following technique using an Open-Mosix cluster. The process was mainly based on the statistical recomposition of data sectors. The usage of highly discreet array-based statistical recomposition can uncover data.

Its based on the fact that a harddisk has certain known read/write characteristics that effect the position of molecules on a disk platter. Its important to note, we are not trying to uncover previous data directly, but rather explore variations in memory.

An MFM series of images of the disk platter is produced and converted to 3D. Then each sector's dimensional values are offset against the values provided by the known characteristics of the read/write heads. Each binary bit is treated independently.

As most can see, this method bypasses encryption by focusing on physical position. After this, it is simply a matter of computing variations and attempting to match patterns. Not one bit of cipher breaking, makes you wonder about the advice security companies provide and who exactly qualified them in 'IT Security'?

Most people do not realize they are self-appointed and even wrote the texts for 'security classes'.

The technique came from the "The Catch 22 Guide To Business" and a chapter entitled "Recursive Algorithms& Global Expansion", with cross-references to the Ferengi 'Rules of Acquisition'. :)

Mark McCarron
- e-mail: angelofd7@icqmail.com
- Homepage: http://gieis.esmartguy.com

Comments

Hide the following 55 comments

Rebuttal

28.12.2004 15:35

I'm posting this as a rebuttal to the article:
 http://www.indymedia.org.uk/en/2004/10/298702.html

I have worked as a computer technician and network administrator for the past nine years. Every point made in this article is complete and utter crap, which I will be happy to prove in detail when I have further time.

The author obviously has no knowledge of network architechture or the way in which programs run inside of Microsoft Windows XP. His "alternate descriptions" of the services in Windows XP are laughable at best, straying wildly from their actual functions.

If you value your credibility as a paper, I'd suggest actually researching his claims before you publish them. Thanks for the laugh!

Anonymous


It Comes as no surprise...

28.12.2004 16:14

No doubt this explains why Windows XP needs to be reinstalled on a RANDOM basis.Obviously with all these security breaches it is recieving different kinds of information which affect the operating system in a different manner ( more so than the other Microsoft operating systems.) I suppose that Microsoft is so preoccupied with what they themselves are up to that what we are up to escapes their notice.

Valentine Parisen
mail e-mail: provis@myway.com


Re: "It comes as no surprise..."

28.12.2004 19:29

Re: "It comes as no surprise..."

I oversee a medium sized business network of nearly 200 employees, all of whom are running Windows XP Professional. I keep my network locked down tight, not allowing employees to install software, and preventing spyware from websites from infiltrating their machines.

I have not had to reformat a machine in over a year, and all of them are running in tip-top shape, simply from good administration practices. A competant user should not have to reformat their Windows XP-based machine unless they install a conflicting piece of hardware, change their motherboard, or otherwise corrupt system files that are critical to its operation (such as with a virus, spyware, or simply blind ignorance).

As far as "having" to reinstall Windows XP on a seemingly random basis, I assure you it's not random; It's something you're doing to continually screw up your system, such as heeding ill-informed advice from articles such as these. If you really think the author of this article knows what he/she is talking about, try and disable some of the services they claim act as "bugging devices" for your computer. I guarantee your system will cease to function, because of two reasons:

1: The original author of the article has entirely mis-represented the functions of the services in question, and,

2: The services they mention are critical to proper system operation. Without them, your system will *not* function correctly.

For example, the author mentions the Computer Browser service, and states that it should be un-needed since individual computers should only be talking to the server. This statement is laughable at best to any person who knows the function of the Computer Browser service.

The Computer Browser service is a program that runs in the background, and populates the list of computers on a Microsoft Windows-based computer network that is *not* controlled by what is known as a Domain Controller or a WINS (Windows Intranet Name Service). Without a domain controller or WINS server, the individual computers have no server to talk to, to be able to populate the list of other computers on the network. This is where the Computer Browser service comes into play; Every few minutes, the Computer Browser service sends out a series of packets (pieces of data) to all other computers on its subnet (common local area network addresses). Computers running Windows 98/ME/2000/XP on this network will respond to the computer that sent them out, and also send out their own packets, populating the list of the computers running on the same network, so that users may interact with each other. Without this, you will not be able to see any computers when you double-click the icon labeled "My Network Places" on your desktop.

This is just one of the many fallacies in the original article. The author knows only enough about Windows XP computer systems to be dangerous to himself and others.

Anonymous


commenton a typical American rip-off

28.12.2004 19:50

Your article was really interesting and i believe every word of it.
Most computer tecs and sytem administrators i have met didn't know
their ass from a hole in the ground when it comes to 'Windows xxx',
or anything whatsoever about programming.

andy innes


infected

28.12.2004 19:59

I recently installed a new full version of windows xp. The first thing i did was install AntiVir the free version, and to my surprise it found two or three backdoor trojans in windows system files. I deleted them and have had no trouble with windows.

Robert


Comments from a PC tech

28.12.2004 20:18

At best 3/4 the article is factually correct. At face value my advice to the author is to actually do some research before spouting off and sounding like an idiot. Otherwise, I appreciate humor present throughout. I got a good laugh!

The moral of the story is that Windows is not a trustworthy computing platform. It is great for playing games, but for serious and sensitive work, use an open Unix based platform such as Linux or *BSD. Strike that. Game on a console, run a real OS. Your chance of being spied upon by Microsoft and the US govt, or being infected by viruses or trojans will diminish exponentially.

My suggestion to all reading this article:  http://www.ubuntulinux.org/




GirTheRobot


Another Comment

28.12.2004 20:24

My apologies to the author. I merely skimmed the article the first time. Anyone with a decent computer background (and reding in entirety) can see this as geek humor.

GirTheRobot


Interesting idea, but filled with misinformation

28.12.2004 21:15

Just some reflections from someone who doesn't use Windows any more than he has to, but has been familiar with it in the past.

Yes, Windows NT (and its administration) is a mess from a security point of view. But I would suggest that it's more due to lack of concern and perceived market pressure (as well as the segmentation of efforts inside Microsoft) than any overarching desire to provide access into people's computers.

There is a considerable amount of misinformation mixed in with the provocative speculation in this article. Perhaps I can offer some more insight into some of it.

I was involved in the design of item 3 (NT Backup). Our thinking, as I recall, (this was when Conner Software were developing the backup app for Microsoft before Windows NT 3.1 came out) was coming from a more system administrator-centric world where it was accepted that you would physically secure machines and of course backup media. Then we also had to deal with Microsoft's (then) default of setting up the initial user on installation as an administrator, with full rights anyway.

Item 5 isn't exactly accurate; I believe that the DLL information is still recorded in the drwatson.log file.

Item 10 mentions Notepad, however, NT/XP also comes with Wordpad which doesn't have the mentioned limits, and that most people have learned to use instead of Notepad.

Item 12 ignores the new firewall policy that is implemented by default in XP SP2 (which notifies you when a program tries to do outgoing access to the net).

Item 13 is just inaccurate. XP will work fine on 256Mb, and will sometimes swap a bit on 128Mb. And it's quite acceptable to have a single drive (which after all is the usual way such systems are set up).

Item 18 is talking about WMP7. However, version 9 is the current version, and if you go to install it you will see clearly something like "This is not just the same old EULA; read it carefully" when the license is presented. It was reading these terms (and the related potential privacy breaches that came with some of these) that kept me from installing it. At least it does ask you up front after installation to make privacy choices. Their description of potential privacy issues with WMP9 is quite clear, I think. Not that their choices are particularly attractive, but given a half-hour or so you can turn off its desire to chat behind your back.

There is a detailed description (in online help, as I recall) as to the privacy consequences of various settings in WMP. Basically, you *can* disable checking for updates by choosing to "work offline".

Unfortunately, you have to visit about 10 different settings in WMP9 to make sure that you've disabled its desire to phone home.

Item 19 suggests that NTFS file metadata is generally stored in the alternate data streams; this is not the case. Instead, each stream has its own metadata (which is stored at the filesystem level). The alternate data streams were added to provide for NT Server support of Macintosh HFS and HFS+ data files, which have two data "forks". Unfortunately, the Win32 API for access to the alternate data streams is not too consistent. You can add selected alternate data streams (like for instance document summary information) via Windows Explorer; certain operations from the Windows Explorer (like copying to a FAT volume) on files with alternate data streams raise a dialog identifying the streams that might be damaged by such an operation.

Item 20, "designed to collapse" is not particularly accurate. Instead, I'd say "not designed to support"; there is a distinction between these two terms. There are VM limits under NT that can get in the way with allocation of really huge arrays (of floating point or other data), but these mostly reflect hardware limits (of the i486 architecture) at the time NT was designed ("no one will ever need more than 4Gb of memory space"); newer versions including their 64-bit work should remove this limitation for modern hardware.

Item 24 talks about cookies in general; these of course were not a Microsoft creation and instead were part of the W3C's HTTP spec. Of course, they could be managed more securely (like for instance by storing them encrypted). Is there *any* browser, on *any* platform that does so using hard crypto? There is some control over cookie acceptance in IE; the default for the version I'm looking at (6.0.something) is to block third-party cookies without a compact privacy policy, or ones that do but use personally identifiable information without implicit consent. It also restricts first-party cookies that have a privacy policy but say that they use personally identifiable information without implicit consent. Which I think is a rather weak policy, but at least it can be changed somewhat.

Ned Konz


Anonymous must be right !

28.12.2004 23:19

Anonymous, you are probably a real expert man!! You have worked as a computer technician and network administrator, wow man really impressive, you must be an EXPERT hahahhahahahahahah.

Longhorn John


re: Rubuttal

28.12.2004 23:33

I'm also a longtime sysadmin and have worked with MS software and operating systems for several years. The author of the first "rebuttal" post may or may not be right. I don't know. The person who wrote the Windows spy article knows more than the poster gives hime credit for knowing.
What I think is more important is the fact that there is EVEN an article about Microsoft ANYTHING on this site. While the security issues are important, the more important issue is the ability to even have a site like Indymedia in the first place. Were Microsoft allowed to have its way THEY and their corporate media friends would be controlling the entire Internet with their locked down closed source products and there would not even be the chance to see an article like this nor a place to post one on the Internet to read.
Its about time the Indymedia/Progressive movement began to realize how very important this issue is.
Were "Open Source" and "Free Software" the norm this article wouldn't be needed as anyone could simply "open the hood" (bonnet?) and LOOK!
Support "Open Source, "Free Software" and "Linux"! The very ability to have sites like this, and read news from sources other than mainstream media outlets depend upon its continued existance.

lpbbear


Need to Learn

28.12.2004 23:53

I guess, author needs to learn about Windows. I wonder did he ever went to school?

gund_appa


Anonymous is a real expert

29.12.2004 00:21

Anonymous you should have had a visit of a brand-independent security-officer and you would have known those guys are busy EVERY day making companies save who use microsoft exactly because the above mentioned problems. Use Apple and linux and you're at least far more secure.

LongJohn


Thanks

29.12.2004 01:12


I always wondered why certain obvious tasks are made so difficult or not done at all,
for example clearing all the temp files. Additionally the amount of resources required
to run XP is ridiculous. Your article explains a lot.

XP user


Clearly the Author Does Not Understand the Windows Architecture

29.12.2004 01:20

I am a software developer and I understand the architecture of Windows very well (registry, DLLs, ActiveX, Dr. Watson (which no one but some developers liked) and all the other items he mentions. It is clear that the author of this article has made far reaching hypothesis based on a lack of technical expertise in these areas. This article is, in fact, extremely laughable.

Of course, someone will just accuse me of working for Microsoft :-)

Anon


Reply to Anonymous

29.12.2004 02:17

Anonymous says that "every point" made in Mark McCarron's article "M$ Windows XP Professional Bugging Device?" is "complete and utter crap, which I will be happy to prove in detail when I have further time." He also says he's worked as a computer technician for nine years.

If that last is true, then he doesn't know very much about the Windows systems. If, for instance, the bit about the index.dat file is "utter crap", then why is it that forensics programs aimed at police go out of their way to mention that the proggie can read and copy the index.dat file? What would the point be if it didn't contain a record of what your computer has done? If you doubt this, do a google search under index.dat; you'll find lovely ads for the forensics software.

In Win98, for instance, there are three different index.dat files. Two of them you can manually access, open and delete--though they'll be recreated as new files, all ready to load with more data.

The third one is a hidden file, which you can't touch without special software, because Windows locks it on bootup and you need a proggie that grabs it before Windows. The only way you can find it is to do a find file search for index.dat.....that will show you the file exists and how large it is. Except for that one means, it's totally hidden. And it records EVERYTHING your machine does, especially online. It lists those cute kiddie porn sites you visit in the dead of night, for instance, and what you dl there.

Don't believe me? Okay......open your Windows Explorer and access one of the backups.....then open it. Part of the file is in symbolic code, but part of it you can read......compare that part with your online doings. See if you notice any correlation.

Methinks Anonymous has some ulterior motive for his shucking and jiving. Either that or he doesn't know diddly about Windows.

Rob


Reply to Anonymous

29.12.2004 02:17

Anonymous says that "every point" made in Mark McCarron's article "M$ Windows XP Professional Bugging Device?" is "complete and utter crap, which I will be happy to prove in detail when I have further time." He also says he's worked as a computer technician for nine years.

If that last is true, then he doesn't know very much about the Windows systems. If, for instance, the bit about the index.dat file is "utter crap", then why is it that forensics programs aimed at police go out of their way to mention that the proggie can read and copy the index.dat file? What would the point be if it didn't contain a record of what your computer has done? If you doubt this, do a google search under index.dat; you'll find lovely ads for the forensics software.

In Win98, for instance, there are three different index.dat files. Two of them you can manually access, open and delete--though they'll be recreated as new files, all ready to load with more data.

The third one is a hidden file, which you can't touch without special software, because Windows locks it on bootup and you need a proggie that grabs it before Windows. The only way you can find it is to do a find file search for index.dat.....that will show you the file exists and how large it is. Except for that one means, it's totally hidden. And it records EVERYTHING your machine does, especially online. It lists those cute kiddie porn sites you visit in the dead of night, for instance, and what you dl there.

Don't believe me? Okay......open your Windows Explorer and access one of the backups.....then open it. Part of the file is in symbolic code, but part of it you can read......compare that part with your online doings. See if you notice any correlation.

Methinks Anonymous has some ulterior motive for his shucking and jiving. Either that or he doesn't know diddly about Windows.

Rob


rebuttal to rebuttal

29.12.2004 04:25

RE:

"Rebuttal

28.12.2004 15:35
I'm posting this as a rebuttal to the article:
 http://www.indymedia.org.uk/en/2004/10/298702.html"

Methinks you may not have caught the opening statement about CONTEXT!

Les

Les


Nice Work

29.12.2004 06:13

nice work.

x windoze user


still without an actual rebuttal

29.12.2004 07:02

A rebuttal addresses aforementioned informative points. The above comment of course is not a "rebuttal," and thus the post still stands.

Main Entry: re·but·tal
Pronunciation: ri-'b&t-&l
Function: noun
: the act or procedure of rebutting; also : evidence or argument that rebuts

Source: Merriam-Webster Dictionary of Law, © 1996 Merriam-Webster, Inc.

rebuttal

n 1: the speech act of refuting by offering a contrary contention or argument 2: (law) a pleading by the defendant in reply to a plaintiff's surrejoinder [syn: rebutter]

Source: WordNet ® 2.0, © 2003 Princeton University


I suppose the above so called rebuttal could be classed as an "argument," though it would hardly do well in court--someplace I hope to see Microsoft someday answering these questions, preferrably, with the prosecuting attorney at the ready with a huge stack of insider whistleblower information.



me


the criticisms are uneducated but sensible

29.12.2004 07:06

The anonymous computer tech who claims the article is just bull does not specify why it is bull.

I am a M.S. holder and I say the criticisms are sensible, but obviously written by someone without much technical education.

The simple solution is to use Linux or OS X.

I *would* put an XP box behind a Linux firewall and log its numerous pathetic attempts to phone home, but I'm not willing to pay money for XP, and if I use pirated software for the test, Windows supporters can say it wouldn't fail if it weren't pirated.

XP is a giant pile of manure. Linux, OS X, BeOS -- run whatever you like, just not a Microsoft OS.

Computer Scientist
mail e-mail: riprock@adres.nl


Rebuttal to Rebuttal

29.12.2004 07:32

I'm also a network administrator.

Mr. Anonymous seems more like a PR for Microsoft.

He provides shrill insults, derision, an NO FACTS to support his positions.

The article is quite accurate.

Microsoft has a well-deserved shady reputation.

Also Anonymous


SOME FORGOTTEN (?) FACTS !!!

29.12.2004 17:30

Consider the following facts :-

1. 3-4 years ago, M$ has a breakin by hackers who reportedly roamed around (digitally) for 3 months. (reportedly russian hackers out of st. petersburg!)

2. Early 2003, M$ announces a GSP plan (Government Support Plan) and 1st signatory to this plan becomes Russia and the second signatory China, both have access to 30 million lines of M$ code.

3. M$ sourcecode is not revealed to any US companies (maybe the company!)

4. Almost all governments (crazy ones!) use M$ for mission critical computing.

5. BTW Oracle was initially funded by US government.

funny stuff, is'nt it ?

abc
mail e-mail: def@geh.com
- Homepage: http://uvw.uvw.com


SOME FORGOTTEN (?) FACTS !!!

29.12.2004 17:32

Consider the following facts :-

1. 3-4 years ago, M$ has a breakin by hackers who reportedly roamed around (digitally) for 3 months. (reportedly russian hackers out of st. petersburg!)

2. Early 2003, M$ announces a GSP plan (Government Support Plan) and 1st signatory to this plan becomes Russia and the second signatory China, both have access to 30 million lines of M$ code.

3. M$ sourcecode is not revealed to any US companies (maybe the company!)

4. Almost all governments (crazy ones!) use M$ for mission critical computing.

5. BTW Oracle was initially funded by US government.

funny stuff, is'nt it ?

abc
mail e-mail: def@geh.com
- Homepage: http://uvw.uvw.com


SOME FORGOTTEN (?) FACTS !!!

29.12.2004 17:32

Consider the following facts :-

1. 3-4 years ago, M$ has a breakin by hackers who reportedly roamed around (digitally) for 3 months. (reportedly russian hackers out of st. petersburg!)

2. Early 2003, M$ announces a GSP plan (Government Support Plan) and 1st signatory to this plan becomes Russia and the second signatory China, both have access to 30 million lines of M$ code.

3. M$ sourcecode is not revealed to any US companies (maybe the company!)

4. Almost all governments (crazy ones!) use M$ for mission critical computing.

5. BTW Oracle was initially funded by US government.

funny stuff, is'nt it ?

abc
mail e-mail: def@geh.com
- Homepage: http://uvw.uvw.com


SOME FORGOTTEN (?) FACTS !!!

29.12.2004 17:32

Consider the following facts :-

1. 3-4 years ago, M$ has a breakin by hackers who reportedly roamed around (digitally) for 3 months. (reportedly russian hackers out of st. petersburg!)

2. Early 2003, M$ announces a GSP plan (Government Support Plan) and 1st signatory to this plan becomes Russia and the second signatory China, both have access to 30 million lines of M$ code.

3. M$ sourcecode is not revealed to any US companies (maybe the company!)

4. Almost all governments (crazy ones!) use M$ for mission critical computing.

5. BTW Oracle was initially funded by US government.

funny stuff, is'nt it ?

abc
mail e-mail: def@geh.com
- Homepage: http://uvw.uvw.com


SOME FORGOTTEN (?) FACTS !!!

29.12.2004 17:32

Consider the following facts :-

1. 3-4 years ago, M$ has a breakin by hackers who reportedly roamed around (digitally) for 3 months. (reportedly russian hackers out of st. petersburg!)

2. Early 2003, M$ announces a GSP plan (Government Support Plan) and 1st signatory to this plan becomes Russia and the second signatory China, both have access to 30 million lines of M$ code.

3. M$ sourcecode is not revealed to any US companies (maybe the company!)

4. Almost all governments (crazy ones!) use M$ for mission critical computing.

5. BTW Oracle was initially funded by US government.

funny stuff, is'nt it ?

abc
mail e-mail: def@geh.com
- Homepage: http://uvw.uvw.com


Kill Yourself

29.12.2004 21:07

Hurry Up!!!! Put on your tinfoil hat!!!!! MiKro$opht is kumming to steal y0ur megahurtz!!!



Seriously, jerkoff, do the world a favor and kill yourself. The world will be a better place. :)

Hello Kitty
mail e-mail: pissoff@once.org


Microsoft doesn't have it all, it's own way!

30.12.2004 03:23

I've got to say, that someone who went to this much trouble for an article who, never by chance, came across a utility called XPlite from  http://www.litepc.com/xplite.html quite absolutely amazes me. Astute enough to spot dodgy M$ services, but not enough to cull them out somehow.

The litepc prog's have been used by myself for many years even going back to Win98SE. XPlite I use in a way that cuts out nearly 98% of the so called 'problems' identified by the rightfully paranoid author of the aricle above. Many articles in the past have shown illegitimate net connections that M$ makes secretely in the backround... far more than ideal or necessary.

If you have to use Windows, then use it with XPlite made by Shane Brooks, who was the first person to show during the Microsoft anti-trust trials; that IE was not embedded as part of the whole operating system by demonstrating to completely separate the browser from the OS!

John K.


Give credit where credit is due

30.12.2004 16:05


Perhaps this is a rebuttal to the rebuttal... Granted the author's grammar could be better. Granted he goes out on a limb with some of the points he makes. Other points, however are down to Earth and crystal clear. I am a Unix/Linux systems administrator and administrate Windows machines and LAN's as a matter of course on the job - I'm an insider to Operating System and Networking technology. It's my profession. I, personally, take very seriously what the author is saying here. Yes, there is some fuzzy logic is some parts. But there is also some clear thinking and extremely useful insights. That Microsoft is involved in gathering user information is a given. Just look at the far more then necessary packet traffic going OUT of a Windows box compared to Linux/Unix, routers and other network devices. Microsoft would, of course, claim it all necessary to the OS features (highly debatable), or that it is only for registration and marketing purposes, in the case of it's registered software. That is what they would claim. I take into consideration the general honesty of Microsoft in my many years of working with their products and company (and I say that sarcastically).

That Microsoft gathers information that can, or would, be use for investigative purposes, I have no doubt in my mind at all. The only thing I am not sure of is the extent to which this occurs. I also have no doubt that the gathering of such user information across the Internet (via MS Operating Systems) is increasing with each new version of their products. It is clear (and open knowledge) that such increase occurs for registration and support purposes. Why not for surveillence purposes as well???

I have no doubt about the gist of what the author says. He has opened my eyes about the extent to which this might be occurring. If only 20% of what he says is true (and I'd give him a higher percentage than based on my professional understanding of what goes on with Operating Systems and Packet Networks) we have great cause for concern.

(name withheld)

Concerned


Give credit where credit is due

30.12.2004 16:05


Perhaps this is a rebuttal to the rebuttal... Granted the author's grammar could be better. Granted he goes out on a limb with some of the points he makes. Other points, however are down to Earth and crystal clear. I am a Unix/Linux systems administrator and administrate Windows machines and LAN's as a matter of course on the job - I'm an insider to Operating System and Networking technology. It's my profession. I, personally, take very seriously what the author is saying here. Yes, there is some fuzzy logic is some parts. But there is also some clear thinking and extremely useful insights. That Microsoft is involved in gathering user information is a given. Just look at the far more then necessary packet traffic going OUT of a Windows box compared to Linux/Unix, routers and other network devices. Microsoft would, of course, claim it all necessary to the OS features (highly debatable), or that it is only for registration and marketing purposes, in the case of it's registered software. That is what they would claim. I take into consideration the general honesty of Microsoft in my many years of working with their products and company (and I say that sarcastically).

That Microsoft gathers information that can, or would, be use for investigative purposes, I have no doubt in my mind at all. The only thing I am not sure of is the extent to which this occurs. I also have no doubt that the gathering of such user information across the Internet (via MS Operating Systems) is increasing with each new version of their products. It is clear (and open knowledge) that such increase occurs for registration and support purposes. Why not for surveillence purposes as well???

I have no doubt about the gist of what the author says. He has opened my eyes about the extent to which this might be occurring. If only 20% of what he says is true (and I'd give him a higher percentage than based on my professional understanding of what goes on with Operating Systems and Packet Networks) we have great cause for concern.

(name withheld)

Concerned


OS Codenames...

30.12.2004 16:09

regarding the codename "Whistler" for windows XP, i also notice that the build number is 2600... possibly a reference to John Draper (Captain Crunch) and his 2600hz whistle, or just "hacking" in general?

Greg


Taken seriously by a professional forum

30.12.2004 18:36

A link was posted at Tek Tips, which is a site where computer professionals ask each other for advice. One of the three highest-rated tipsters posted it, a second agreed it was technically possibly but felt Microsoft would not abuse such power. The third has some criticisms. See  http://www.tek-tips.com/viewthread.cfm?qid=974855&page=1

I don't know much about the technical issues. But Bill Gates comes from the USA's stratum of rich business people. Why shouldn't he favour methods that would give the USA extra global power if they ever felt they needed it?

Gwydion Williams
mail e-mail: GwydionMW@aol.com


yep

30.12.2004 19:33

Yeah, as a computer geek, the author is right on at least one thing...Its the "dual use" technologies you have to watch out for. Take a Win XP feature like keyhook.exe, which binds to and recieves input from keyboard events. Its useful because it makes the command prompt usage more Linux like, and adds a lot of features. But when does it let go? Why does it run all the time instead of just when a command.exe window is open? What keyboard events does it monitor?
Its hard to say for sure. My analysis of this process didn't show anything suspicious, but if somebody like MS wanted something to not be seen, there is a good chance it would not be seen. I for one use XP, but I wouldn't trust it with anything I don't want the gub'mint to see.

lulu


Reply to comment posted at 15:35

31.12.2004 19:00

"I have worked as a computer technician and network administrator for the past nine years. Every point made in this article is complete and utter crap, which I will be happy to prove in detail when I have further time."

I can't wait for this. Obviously you didn't bother to verify the claim but use the zealotry



"The author obviously has no knowledge of network architechture or the way in which programs run inside of Microsoft Windows XP. His "alternate descriptions" of the services in Windows XP are laughable at best, straying wildly from their actual functions."

I have made the test to verify the claims which turned out to be true at the end. The fact that the firewall detected that the simple search engine for local files needs to log in the Internet without approval questions the purpose of Windows XP.



"If you value your credibility as a paper, I'd suggest actually researching his claims before you publish them. Thanks for the laugh!"

The author of the article will have the last laugh.

nada


wawadave

01.01.2005 07:15

Mmicrosuks and the art of deception!!!

d g


Interesting article & comment

02.01.2005 15:31

Several years ago, one of the brightest computer techs I know found that MS applications can track (and did/do) information from an end user's computer. They then sent this information over the Internet to their databases; if I remember correctly, during court hearings in the U.S., they called this accidental. However, my friend had found that function hidden in coding several years ago.

The fact of the matter is that anybody that uses MS software relies on a closed-system. You get what they give you, end of story. Some of the design features in Windows make no sense, whatsoever. After having lived all over the world and witnessing some of the finest corruption governments and businesses have to offer, I tend to regard the ability to intrude upon my life with a heavy dose of paranoia. What government or business has done anything o prove I should do otherwise? Like the Irish living in Northern Ireland my people have had a very raw deal from the government that conquered us, I am Native American (and Irish, hehe). Our history with this entity is a trail of broken promises and treaties. Why should I place my trust in them, again?

Microsoft, whether explicitly or implicitly, has provided a tool to access your system at any point in time. Even if you use their tools, or 3rd party software, how do you know that it is closing every open port of communication? Without reverse engineering (which isn't always 100% accurate), you don't.

Steve


Some info not correct

03.01.2005 07:00

I noticed that some of the items you have listed, are WRONG!....For example,
when explaining about the microsoft search, if there is no search parameter listed, it automatically goes to the MS Search page. I know for a fact that you can delete the MS Auto Search page in the registry and replace it with your own. Also, you CAN DELETE the PAGEFILE. This is virtual memory, and most computers don't have enough RAM to run without it, however you can turn it off and run extremely well if you have more than 500mb of RAM onboard. Try researching some of your items before you blast off. Also, you can turn off any and all ports that you want to leaving MS dead in the water for getting info from you computer.

beavis2005


Conspiracy or poor design?

03.01.2005 17:17

Like others who have already commented here, I find almost all of this article baseless. You can elimnate the swap entirely, you do not need more than 512MB (which is reasonable and common for a heavily graphical user interface), you do not need more than one hard drive...and anyone who knows anything about networking can easily block/filter/review packets on the wire (XPSP2 is a start, but you should really use a 3rd party firewall, and even the common consumer-grade DSL/Cable firewalls have detailed filtering now).

I get the sense that this article was written by a person with very limited OS experience, or research skills, who is therefore full of fear. To a trained IT security professional, this article sounds a bit like "Planes crashing: Are the plane manufacturers trying to kill us? Shocking News at 11!"

I have been working with Windows since it's first beta, and I am not a big fan of the OS, but this article does nothing to convince me it is a "bugging device". Quite the contrary, the article shows that if you look hard enough for something, you might be able to convince yourself of just about anything. Rather than throw up our arms and declare a huge conspiracy, however, I think we would all be better served by working on improving the situation by creating tools/answers that help meet our values (e.g. privacy). That is exactly what Linus Tolvalds did when he created Linux.

Linux was originally designed and written by people who do not have to answer to a marketing department. They were not looking for a way to make their code profitable, or serve a "hot market". The point here is that if you run a huge company and you hire a bunch of smart commercially motivated people and give them deadlines, you might end up with a stinking pile of dung. But if people are foolish enough to buy dung, then you keep tacking on more and more of the stuff (firing and hiring generations of consultants) always with the aim of making money. Does spying on customers help make money? No, especially if/when you get caught. Do large groups of constantly revolving developers, driven my zealous marketing departments, make a lot of wacky and sometimes stupid decisions about how an OS should function. You bet.

The big question is not whether there are risks in an OS, but what you are doing about it as an informed consumer. Reading this article is a waste of time, due to all its inaccuracies, except for the fact that it raises a question about whether you should buy the Windows OS that is so poorly written you have to pay someone to maintain it, when other options are available for free.

Cheers and good luck.

MetaMan


Point no 1 definitely TRUE

04.01.2005 15:02

After reading this article I tried the search command then checked the sessions that were initiated on my router - sure enough an IP address owned by microsoft was contacted. What a sneaky system!

Milo


You are way overdue a serious mental evaluation.

05.01.2005 03:23

Mr. Mark McCarron,
This paper is truly an excellent work. It is quite clear that you have achived your inital aim. Bravo! Your intellect has pirced the dull psyche of common sheep that graze about the net, blind to all but face value.

Props to: GirTheRobot, Les, nada

Everyone else: You need your head checked
~woden~

PS I really hope Hello Kitty is a friend of yours.









USA BoB


You are way overdue a serious mental evaluation.

05.01.2005 03:24

Mr. Mark McCarron,
This paper is truly an excellent work. It is quite clear that you have achived your inital aim. Bravo! Your intellect has pirced the dull psyche of common sheep that graze about the net, blind to all but face value.

Props to: GirTheRobot, Les, nada

Everyone else: You need your head checked
~woden~

PS I really hope Hello Kitty is a friend of yours.



USA BoB


Is Windows XP a bugging device?

11.01.2005 03:36

The posting on XP being a bugging device is accurate as it applies to a home-based single PC type of environment. Microsoft packages the software assuming that it will be used in a business LAN type of environment, hence many features are activated by default.
I am of the opinion that the person/company selling a PC to a consumer, should be aware (i.e. ask the consumer rather the PC will be used in a home or business, stand-alone or part of a LAN) of how a computer will be used and then configure it accordingly.A stand-alone home PC does not need all that LAN type of software activated, it only poses a security risk, hence the rapid proliferation of worms over the internet.

As far as the bugging and index.dat files, etc, it's primary purpose is most likely for a corporation to track its employees, on how the computer is being used ie how productive an employee is being and if porno is being accessed, etc. The law enforcement/spying side of it is most likely secondary. Microsoft is giving business what business wants, remember a corporation is not a democratic system but a "dictatorship" from the top down.

Night Hawk


Win98 Kernel32 tries to connect to the net

05.02.2005 03:04

My firewall detects attempts of kernel32 to connect to the net. As far as I understand, such thing shouldn't connect to the net.

So my bet is that WinXP is just another extension of such practice.

Roughneck
mail e-mail: alpharomeo81@yahoo.com


Its laughable

15.03.2005 00:27

in reply to anyone who talked of being an IT proffessional and then proceeded to try and flush the article down the toilet, i cant beleive what kind of basis you have for saying the article was technically incorrect. Your being pedantic about details.

its not a technical dissertation, its an informative read, meaning to inform the reader of the possibility of occurence.

many of the comments about areas designed for the ease of forensic analysis are laughably quite correct, although this is based on my opinion i feel that staring at grey boxes dumped in my office for analysis on a regular basis qualifies me in definate way to voice this opnion loudly and expect to at least be considered before you recomment about this article.

i would vouch for the rest of the article being at least part accurate but of course seeing as we`re all pulling rank here i wouldnt dream of trying

:)
CESG - forensics (too numerous amount of years to be of concern)

laughing uncontrollably


stupid uneducated people

01.04.2005 01:10

to all the system admins who have 10 years exp and are writing this article off, if i knew where you worked i would contact your employer and tell them they have employed a half-wit.
you back to school and learn somthing you shits.
the servies explained in the article, (computer browser esp) can be turned off it makes, speeds up your network by 90%, microsoft no longer scan the whole network looking for shared folders to display in my network places but goes straight to work group and actaully shows "WHAT IS REALY THERE" because with comp browser service on it looks for shared folders, and lists them, but if it can not find a folder that is all ready listed it wont remove it but leave it in the list (cant figure why) also whatch your network traffic with the service on and off, it clogs the network with constant pings to all systems.

no tie to explain the rest of the article to you wayne kers but i suggest you get an education and stop wanking about you 10 years exp

GOD

god


stupid uneducated people

01.04.2005 01:10

to all the system admins and techs who have 10 years exp and are writing this article off, if i knew where you worked i would contact your employer and tell them they have employed a half-wit.
you back to school and learn somthing you shits.
the servies explained in the article, (computer browser esp) can be turned off it makes, speeds up your network by 90%, microsoft no longer scan the whole network looking for shared folders to display in my network places but goes straight to work group and actaully shows "WHAT IS REALY THERE" because with comp browser service on it looks for shared folders, and lists them, but if it can not find a folder that is all ready listed it wont remove it but leave it in the list (cant figure why) also whatch your network traffic with the service on and off, it clogs the network with constant pings to all systems.

no tie to explain the rest of the article to you wayne kers but i suggest you get an education and stop wanking about you 10 years exp

GOD

god


Of course Windows XP is spying on us as well

07.04.2005 01:08



i am a newby to the computer world. i am taking courses at a local technical college to learn computer service and networking specialist material. i would like to learn the material and take the a+ and networking certification tests and pass. I don't claim to have many computer skills or extensive computer knowlege. i have been interested in these things in only the last six years. previously i was a spray painter in a production enviornment for 25 years. the reason i told you these things about myself is to point out to you that i am an "average joe" who does "average things", and happens to be of "average intelligence". i think you "read me" now.

although i agree with echo on almost every point he makes, i don't think this revelation or awareness of XP
as a potential spy threat is really a surprise to anyone!
people are aware of the privacy rights they risk every single day. people have known about it for years. they have even discussed it flippantly. everyone knows about the potential of being tracked on their cellular phone.
they know about the potential to be listened to on a land line phone. they know the potential of being tracked by using a gps device, whether in their car via onstar or while hunting using their gps enabled compass. they see the ever-so-slow degradation of their privacy rights at every single level.

my question to them would be, where is your voice when precedents are being set to ensure these measures are passed as legal and utilized?

you may be one of the many that say... i don't have the time. i don't have anything to worry about if i'm not doing anything wrong. you may say it won't happen, but it does. you may even say it is nessasary. you may just not care.

if you are TRULEY interested in maintaining a free and open society, free from secret surveillence and big brother looking over your shoulder, a society where the
will of the PEOPLE is the law of the land instead of the will of a "few dictating" to the many how we construct ourselves and our lives...get out of here and use your knowlege and insight to safegaurd yours and future generations freedom, happiness, and free will.

can you honestly think of a better solution to this situation? if so let me and everyone else know. otherwise help me to refine objectives, acquire targets, and achive positive results, or at least start movement in that direction.

it may not be worth it for you or i, but we owe the future the the freedoms we were given from the past.

mark a w

 colorsand@excite.com

Mark
mail e-mail: colorsand@excite.com


xp security "issues"

15.07.2005 04:56

Great article. Anyone who is of the opinion this is a paranoid rant is woefully misinformed.

fs


To ones laughing this title

31.10.2005 20:43

You may call the author paranoic. And laugh calling him to disable windows services he considered unnecessary, as we all know it will crash the machine.
But you haven't got the main idea - why they will crash the machine if they are unnecessary. And wisely thinking they 95% are! Why they are so tightly tied toether? Why not you allowed to disable everything at your free will, leaving just a bare kernel running (and not crashing) afterwards. That's the thing you probably (I'm 95% shure, as I'm not so big spec in ..UX) could do under any ..UX with no worry!
What regards forensic "features" tied into windows so deeply! That's all completely 100% true! I have performed some research on the topic recently. And, trust me, I have found a whole bunch of forensic software (both commercial and freeware) relying on those "features" very havily.

And that's what makes us (me at least) very paranoic.

Nu


Just something I noticed.

13.01.2006 08:09

Just noticed that the ones that seem to be bashing this guys idea the most seem to either work for Microsoft or have worked there. Can anyone say PR? Or disinformation? Maybe Media control? You know Bill Gates has done something wrong,.......no one man can build an empire that big with shotty product and keep it so long against the daily onslaughts of every other computer software business in the world without some really powerful figures supporting him. I mean this guy actually got taken to court and sued for monopolizing (which there's no evidence of such a charge, of course lol) ..........and won against the government. So what IS he doing that is so important that allows him to accomplish this? (BTW, I am asking anyone except the Microsoft workers here, I already know your answer,....hes a clean cut nice guy who cares about us all and never oppresses or spies or does anything even "REMOTE"LY wrong and is thinking of running for jesus in the next election).

Anonymous
mail e-mail: noone@nothing.com


Really Interesting!! Spy on us offline as well!! ;)

05.05.2006 02:16

Found your article rather interesting, and now just as we are getting into the time when putting a grand of "rise" under our skin, it will be interesting to se if there will be a conection between the Mondex, and the Microsoft. - If they work togheter, thy'll have where we are, what we have on our account, and all the traces we put on a computer... what more could you ask for?

 http://www.greaterthings.com/News/Chip_Implants/index.html

 http://news.com.com/2010-1069-980325.html

Sunshine
mail e-mail: sunshine@comely.cjb.net


rebuttal to Rebuttal

22.06.2006 01:14

I have read the rebuttals to this article and for someone to say that; "this article is crap" makes the assumptions that they know how XP works. Yet these people post as anonymous which means they may have soemthing to hide. One comments talks about shutting down services in windows which will make windows stop working. This is true. But somehow without explaining this commentar suggests that writer of the article does not address or know about it this.

Though the writer does not inform the reader that shutitng down these services will shut down XP, does that mean he does not know this information or is more likely that he has forgot to include it or maybe even believes that you the end user already know.

So instead of using terms such as "crap" in regards to this author's article I would sugest that you look at this from an engineers point of view and not an end user. It is well known that most dumb AMericans regard Bill Gates as some sort of God in this day and age of computer usage but most people don't know is that he designed Windows to explooit you and your data.

Don't beleive me? Then check out the federal court documents of companies that have sued Microsoft because they(microsoft) grabbed data from company computers and then sent it for a nice fee to that companies competitors.

Microsoft has not done any of us favors but has ensnared us in an Orwellian nightmare of giant electronic porportions.

I would also suggest that anonymous commentors at least tell us what their level of expertise is and where they obtained it since saying, "I use windows in the corporate world" means little since I know many people who use windows and have for over fifteen years but still have to call programmers like me to help them deal with nasty hardware problems.

Here is another point of logic. Just because you shut down the services of windows and it shuts windows down does not imply that the service itself is a good design from a programmers stand point. In fact Microsoft created a trojan horse by doing this. These "Services" are an exploit. Obvoiusly those who post bad comments about this article do not know that the first rule of thumb is to create software that does what the user wants it to do not what Microsoft wants so that they can control your computer. NAytime you give a remote system that kind of access, they can disable either from within or without your security making you vulnerable to just waht exactly is happening right now in this country and around the world. Users are being exploited by M$ and now the Chinese who have access to M$ code can now bring down every computer ising windows worldwide with one script. This Bill traitor Gates did on purpose because he and the defense department want a cyber war between the United States and East Asia.

One last though, if windows is so good then why does the one agency that spies on you the most; the NSA recommend Linux over Windows?

william zabel
mail e-mail: birdman6616@msn.com
- Homepage: http://www.darkterritory.org


here's solutions to the problems presented

09.07.2006 07:37

PROBLEM

1. Start -> Search :)

Each and every time a search is conducted using the search option under the start button on Windows XP, the system automatically checks if your online and transmits information directly to Microsoft.


doesn't actually check whether your online, it simply sends the HTTP GET request blindly
and timesout


SOLUTION

1.) host file blackhole them;

127.0.0.1 sa.windows.com
127.0.0.1 wustat.windows.com


2.) block with 3'rd party firewall (I use 8-signs firewall)

3.) block upstream with firewall (router hardware firewall)

4.) block via local proxy (proxomitron - free)

5.) block using DNS spoofing (use BIND local or upstream - free)


PROBLEM

2. Help System, F1

When accessing Microsoft Help systems, through the F1 key. A communication attempt to Microsoft's ActiveX site is made.


SOLUTION


127.0.0.1 windows.microsoft.com

block with 3'rd party firewall

block upstream with firewall

block via local proxy

block using DNS spoofing



PROBLEM

3. Microsoft Backup

Designed to bypass all security, even ownership rights of a drive.


SOLUTION

1.) don't use it, use a 3'rd party backup like Norton Ghost (not free)
2.) don't backup system, re-install insted, only backup user data
3.) don't place trust in the NTFS anyway (encrypted or not)

4.) use a 3'rd party disk encryption system like truecrypt/scramdisk (free or not)




PROBLEM

4. Process Viewer (Task Manager)

No mapping to executable file, nor will it show all running processes. Designed to hide important information required for determining system infections and sources of network data transmission.

SOLUTION

Use a 3'rd party process viewer like Process Explorer which does show all (free)



PROBLEM

5. Dr Watson

This used to loadup with information on dlls that had been hooked. Hooked DLLs are used to intercept keystroke, etc. Microsoft removed end-users capability to see this. It now generates a simple messagebox.

SOLUTION

Use a 3'rd party rootkit scanner like RootKit Hook Analyzer (free)


PROBLEM

6. The Windows Registry

SOLUTION

use a 3'rd party registry cleaner like Registrar Registry Manager (trial/not free)



PROBLEM

7. Temporary Files


SOLUTION

1.) use a RAMDISK, point registry entry to it

2.) clean with a 3'rd party application like Killbox or Unlocker (free)



PROBLEM

8. Recycle Bin

SOLUTION


1.) empty recycle bin, then clear free & slackspace

2.) use 3'rd party encrypted filesystem (truecrypt/scramdisk)


PROBLEM

9. Recent Files

SOLUTION

clean registry, delete temp and index.dat files using above tools and/or CCleaner (free)



PROBLEM

10. NotePad (causing you to use Word/pad which leaves droppings)

SOLUTION

use 3'rd party notepad replacement or simply enable word-wrap in notepad



INACCURATE

11. Swap Space/Virtual Memory/Page File

Regardless of how much memory is in your system the page file can not be disabled.

you can disable -

START > SETTINGS > CONTROL PANEL > SYSTEM > ADVANCED TAB > PERFORMANCE > [SETTINGS] > ADVANCED > VIRTUAL MEMORY > [SETTINGS] > [x] no paging file


PROBLEM

12. Firewall (nearly worthless)

SOLUTION

1.) 3'rd party firewall
2.) filter upstream



INACCURATE

13. Memory Usage

Designed to use large amounts of memory to drive the hardware industry sales of components. For Windows XP to function correctly, it requires at least 1GB RAM and at two physical drives on separate IDE channels or SCSI interface I/O.


I've run XP with as little as 48.mb (with much HD trashing, slow)

testing with 64, 96, 128, 256, 384 512 and 640 mb I found

64 - quite slow
96 - a bit better
128 - fair but minimal
256 - great to good, bogs down sometimes
384 - pretty good, rarely bogs down
512 - almost never uses paging file - fast
640 - safely out of paging file range

256 - 512 seems best, more is overkill


PROBLEM

14. Automatic Updates


SOLUTION

turn off




INACCURATE

15. Raw Sockets

this entry is confusing - seems to both complain about raw sockets and not

the firewall issue is bit more complicated considering the LSP layer and serial ports

while its true writing directly to raw sockets would effectively bypass most firewalls, some work at the LSP layer and the only way to get around that is to talk directly to a serial port (assuming a PPP/dialup connection here) but its really clunkly to do (WinJect does this) and can still be detected/blocked upstream



Nice trojan tool M$.


Raw Sockets is part of nearly every OS, MS simply caught up with the times

it really has little impact when you consider both the actual raw socket access all along by hitting below the LSP layer and/or serial port injection

to hackers this is a non-issue..



INACCURATE

16. Remote Access Bugs


the whole OS is full of bugs - over 60,000 and counting

to single out specific bugs with the aim of furthering your conclusion without studing the
background and history of CP/M, QDOS/DOS-86, MS-DOS, win3x, win9x to NT isn't very realistic

many of the problems you've cited are old bugs left over from the DOS days when security was
very lax


PROBLEM ?

17. Music Tasks


SOLUTION

block the ad sites

1.) host file blackhole
2.) local firewall
3.) upstream firewall
4.) DNS spoofing
5.) registry - change URLs



PROBLEM


18. Windows Media Player

No way to disable automatic check for updates.



SOLUTION

block the update site

1.) host file blackhole
2.) local firewall
3.) upstream firewall
4.) DNS spoofing
5.) registry - change URLs




INACCURATE

19. Alternate Data Streams

This 'feature' of Microsoft Windows relates to how information is stored on your harddrive. Under NTFS, not only is there the file, but there is a second, hidden aspect to each file. This hidden aspect is stored separately on your hard drive and not as part of the file.

I suppose the term, 'Alternate Data Streams' make better business sense, than 'hidden information gathering process combined with standard file functions'. :)


unless your fooling around with MAC FS structures alternate data forks are never used and
contain nothing - just an empty unused function


ADSLocator.exe

...No files with streams found.


Physical destruction is recommended, as it requires specific manufacturers codes to access bad blocks, internal scratch areas and internal swap/cache areas of the drive.


SOLUTION

check for ADS, wipe free space, wipe slack space

if your really paranoid low level format, repartition, format



INACCURATE

20. Stability

Microsoft Windows is designed to collapse upon extensive number crunching, of large arrays, of floating point calculations. This would prevent; nuclear modelling, physics modelling, and genetic modeling. These three aspects can produce Nuclear, alternative and biological weapons


some benchmarks do exactly this as a stress test..



PROBLEM

21. Internet Explorer 'Features'


MSN Search

When Internet Explorer fails to locate a web address it initiates a search through Microsoft. Therefore, every failed access attempt is sent to Microsoft, with all your system information in the X header structure. to Microsoft, cleverly disguised as 'assistance'.


SOLUTION

block the search site

1.) host file blackhole
2.) local firewall
3.) upstream firewall
4.) DNS spoofing
5.) registry - change URLs
6.) suppress/filter HTTP headers





INACCURATE

22. Temporary Internet Files

Without extensive reconfiguration of Windows end users will not see the real files. Instead they see a database generated representation drawn from a file called index.dat.


all that stops explorer from displaying these files & folders are the desktop.ini file settings and a few CLSID shell entries in the registry referenced by them


SOLUTION

I replace the desktop.ini in these folders with a null (0 byte) file and make it read-only

CCleaner will take care of this automaticly on reboot (explorer holds the index.dat files
open so killing the explorer process is required to delete them

I figured out another way - move them to a removable drive (USB stick for example) then pull
the stick - when you reinsert it you can then access the files. Pulling it forces
windows to let go of the files whether it wants to or not.

set up a RAM disk and point the registry entries to it
change or delete the CLSID entries



PROBLEM

25. Auto-Complete


SOLUTION

registry entry - delete with CCleaner or manually.



PROBLEM

26. MSN Messenger

SOLUTION

don't use it



PROBLEM

27. Web-Cams and Microphones

These devices can be remotely activated providing visual and audio feedback from the target subject. There is also no way of telling if your devices have been remotely activated.


SOLUTION

1.) the camera light shows when its on - seems to be hardwired that way but might be controlled
by firmware

2.) draws much more power when on - can detect and sound alarm

3.) unplug when not needed

4.) point to nothing when not needed

5.) cover up / plug when not needed

6.) upstream firewall



PROBLEM

1. Application Layer Gateway Service

SOLUTION

disable, use manual gateway setting


PROBLEM

2. Automatic Updates

SOLUTION

block the search site

1.) host file blackhole
2.) local firewall
3.) upstream firewall
4.) DNS spoofing
5.) registry - change URLs



INACCURATE

3. Computer Browser


This stupid design will breach security. The only computer a client needs to know, is the server and it should coordinate everything.

this is not how NETBIOS works, however you can disable all this and use only TCP/IP
with FTP or other services - NETBIOS isn't very fast anyway

(the way its set up is normal BTW)



PROBLEM

4. Fast User Switching Compatibility


Switches to every account, but the Administrator account. In fact, unless you know exactly what your doing, an end user cannot access the administrator account.


SOLUTION

don't use accounts - you are automaticly the admin then



PROBLEM

5. IMAPI CD-Burning COM Service

This is designed to generate 'ghost images' that can be recovered

SOLUTION

1.) don't use it - use a 3'rd party burning application

2.) burn 3'rd party encrypted volumes (truecrypt/scramdisk)



INACCURATE

6. Indexing Service


A search using the DOS emulator will run like a bullet. Windows search, however, will take its time unless the indexing service is activated.


it takes as much time as the HD takes to move its heads and read - the HD is the limiting factor not windows, the index is faster still but a typical search takes only 20 seconds

SOLUTION

disable indexing




INACCURATE


7. Internet Connection Firewall(ICF)/Internet Connection Sharing(ICS)


First off information is sent to both Microsoft and to a range identified as belonging to ARIN whenever a PC connects to the Internet. Random connection attempts are made by Explorer, NT Kernel, Internet Explorer, Windows Help, svchost.exe, csrss.exe and numerous others. I have even caught calc.exe (The calculator) attempting to initiate a remote connection, now and again. Without reverse engineering, I was unable to tell if it really was the applications, or a subsystem calling the applications. Very odd.


block MS, block ARIN subnet traffic as above

use 3'rd party utilities to map the socket to the process, like inzider, TCPview etc

you can disable all those services and check using NETSTAT -an in a DOS box to make
sure the ports are closed

I use a local proxy - all other traffic stays in the intranet and goes nowhere

my machines have no public IPs to give out and I never put any personal info in them, I
only give the computers themselves names (like p500, k233)



PROBLEM

8. Messenger

SOLUTION

1.) disable - most people do anyway due to the annoyance
2.) block using local firewall
3.) block upstream



PROBLEM

10. Protected Storage

SOLUTION

use truecrypt



PROBLEM

11. Remote Procedure Call (RPC)

What sort of idiotic decision making was behind an RPC service that cannot be disabled?


SOLUTION

disable - yes you CAN disable RPC (disabling RPC services will slightly affect XP's functionality but nothing important)

use "NETSTAT -an" to check that ports are closed to confirm



PROBLEM


12. Remote Registry


SOLUTION

disable



INACCURATE

13. Server

This is not required, it provides a central management for open files and printing operations. It also provides a method of remotely monitoring a users activities.

This 'service' (ha!) provides a single-point of failure for an entire network. It is linked to the authentication, so if the server collapses, so does the entire network, as this is managed by the server.


no the workstations are mostly P2P, and some of these services overlap. The browsemaster
is a "pull server", while this service is a "push client"

again none of this is needed and can be disabled - you can just use TCP/IP file sharing
applications insted



INACCURATE

14. SSDP Discovery Service


What in Gods name for?

UPnP while buggy and not needed by everyone does come in handy sometimes

it allows new network devices to discover a place in the network automaticly rather than
you entering IP's, gateway and DNS/WINS info manually

DCHP just doesn't quite cut it assuming your even running that service

it also allows auto NAT port translation


SOLUTION

1.) disable
2.) block with local firewall
3.) block upstream




INACCURATE

15. System Event Notification


No way of knowing, without full reverse engineering, how many undocumentented events exist throughout Windows. Windows could have an entire additional level of event reporting.

SOLUTION

1.) track file system changes
2.) track registry changes
3.) track process changes
4.) track socket mappings

using above 3'rd party utilities


no "full reverse engineering" required..




PROBLEM

16. System Restore Service


SOLUTION

disable, delete files, wipe space


restore from your own backup or re-install




INACCURATE

17. Terminal Services

I just bet its interactive and highly 'functional' too. This is enabled by default, providing a remote desktop for any hacker. Wow, what a service M$.


carryover from the old DOS "CTTY" command - ties serial port to screen & keyboard hooks


SOLUTION

1.) disable
2.) block




INACCURATE

18. Windows Time


Sends information to Microsoft and keeps your date and time stamps nice and fresh for post-forensic analysis. At least they're tidy when they invade your privacy. :)


it doesn't "send" anything but a request for time, varify that using ethereal - upstream
if you think its being sneaky about it


SOLUTION

1.) disable
2.) block
3.) use alternate time server



INACCURATE

19. Wireless Zero Configuration


Zero configuration means zero security and that's exactly what you get. The entire network is exposed to anyone within reception range. Therefore, if you are using this in your home environment, that can mean remote monitoring from up to 3Km using proper equipment, or someone else using your Internet connection from a range of around 50-80m radius.


you don't have to use it - almost all wi-fi adaptors come with thier own utilities which
BTW don't do anything different/better

even when it claims it can't install in XP (not needed due to WZC) you can do it anyway using "compatibility mode" then with WZC disabled use it



> up to 3Km

and as little as 15 meters even with the best equipment depending on antenna, power and interference



> using your Internet connection from a range of around 50-80m radius.


up to a few Km depending - I specifically operate long haul links using special "stealth" antennas



SOLUTION

use encrypted tunnels - hamachi, zebedee etc. Remote monitoring of useless random bytes..




INACCURATE

Since all security products that operate on the Microsoft Platform are both designed from, and encapsulated by the OS, then it is ultimately Microsoft Windows that is providing your security and not your firewall, etc.


wrong, some appications can talk directly to the hardware totally bypassing windows or even
DOS

if a security/firewall company desired they could loopback through a serial port talking directly to it, and nothing windows or DOS can do would affect it so as long as the actual
application was secure it would give unstoppable security since this is even below raw sockets

below raw socket communication and kernel hook rootkits are the real threats we face

and most people don't even know about these dangers

the article gives people the wrong impression by focusing on the author's ignorance borne
fears while both ignoring the real issues and not supplying practical solutions

*nix isn't a cureall or safe - the newest worms are now targeting these OS's.

While these OS's are better than windows in some ways most people will not undergo the
steep learning ride required to master them

one person made a point about controlling your computer and not letting it control you

fear causing you to dump the OS your used to for a false sense of security would be an
example of your computer controlling you

these days the internet is pretty hostile and the main threats are from spammers/scammers/
malware pushers and big business



1.) close the open services, NETBIOS, RPC, UPnP - varify with netstat

2.) name the computer not yourself - avoid having any personal information in it

3.) have anti-virus, malware, rootkit and alternate data stream checking utilities

4.) use browser protection like proxomitron, hijack this!, spywareguard, ie-spyad

5.) use an utility like CCleaner to delete index.dat files, temp, etc

6.) use truecrypt and keep all your important data in encrypted volumes

7.) use the freespace and slackspace wiping utility included

8.) for wireless use a VPN/encrypted tunnel

9.) backup user data to encrypted volumes on DVD+R


optional ;

WEP/WPA on wi-fi, firewalls

I would rather do this than change to a new OS - I feel more secure knowing the OS's weaknesses
and taking steps above to secure it then an OS I know nothing about, and would depend on a
mere perception/projection of safety without anything concrete or directly from my knowledge
or efforts to back it up or varify it


for all spying/snooping problems your own strong encryption is the ultimate and last line
of defence - feel free to replace any/all part of your OS's functionality with whatever
3'rd party applications suit you

Hex
mail e-mail: keli1041fm@yahoo.com


here's practical solutions to the problems presented

09.07.2006 13:49

PROBLEM

1. Start -> Search :)

Each and every time a search is conducted using the search option under the start button on Windows XP, the system automatically checks if your online and transmits information directly to Microsoft.


doesn't actually check whether your online, it simply sends the HTTP GET request blindly
and timesout


SOLUTION

1.) host file blackhole them;

127.0.0.1 sa.windows.com
127.0.0.1 wustat.windows.com


2.) block with 3'rd party firewall (I use 8-signs firewall)

3.) block upstream with firewall (router hardware firewall)

4.) block via local proxy (proxomitron - free)

5.) block using DNS spoofing (use BIND local or upstream - free)


PROBLEM

2. Help System, F1

When accessing Microsoft Help systems, through the F1 key. A communication attempt to Microsoft's ActiveX site is made.


SOLUTION


127.0.0.1 windows.microsoft.com

block with 3'rd party firewall

block upstream with firewall

block via local proxy

block using DNS spoofing



PROBLEM

3. Microsoft Backup

Designed to bypass all security, even ownership rights of a drive.


SOLUTION

1.) don't use it, use a 3'rd party backup like Norton Ghost (not free)
2.) don't backup system, re-install insted, only backup user data
3.) don't place trust in the NTFS anyway (encrypted or not)

4.) use a 3'rd party disk encryption system like truecrypt/scramdisk (free or not)




PROBLEM

4. Process Viewer (Task Manager)

No mapping to executable file, nor will it show all running processes. Designed to hide important information required for determining system infections and sources of network data transmission.

SOLUTION

Use a 3'rd party process viewer like Process Explorer which does show all (free)



PROBLEM

5. Dr Watson

This used to loadup with information on dlls that had been hooked. Hooked DLLs are used to intercept keystroke, etc. Microsoft removed end-users capability to see this. It now generates a simple messagebox.

SOLUTION

Use a 3'rd party rootkit scanner like RootKit Hook Analyzer (free)


PROBLEM

6. The Windows Registry

SOLUTION

use a 3'rd party registry cleaner like Registrar Registry Manager (trial/not free)



PROBLEM

7. Temporary Files


SOLUTION

1.) use a RAMDISK, point registry entry to it

2.) clean with a 3'rd party application like Killbox or Unlocker (free)



PROBLEM

8. Recycle Bin

SOLUTION


1.) empty recycle bin, then clear free & slackspace

2.) use 3'rd party encrypted filesystem (truecrypt/scramdisk)


PROBLEM

9. Recent Files

SOLUTION

clean registry, delete temp and index.dat files using above tools and/or CCleaner (free)



PROBLEM

10. NotePad (causing you to use Word/pad which leaves droppings)

SOLUTION

use 3'rd party notepad replacement or simply enable word-wrap in notepad



INACCURATE

11. Swap Space/Virtual Memory/Page File

Regardless of how much memory is in your system the page file can not be disabled.

you can disable -

START > SETTINGS > CONTROL PANEL > SYSTEM > ADVANCED TAB > PERFORMANCE > [SETTINGS] > ADVANCED > VIRTUAL MEMORY > [SETTINGS] > [x] no paging file


PROBLEM

12. Firewall (nearly worthless)

SOLUTION

1.) 3'rd party firewall
2.) filter upstream



INACCURATE

13. Memory Usage

Designed to use large amounts of memory to drive the hardware industry sales of components. For Windows XP to function correctly, it requires at least 1GB RAM and at two physical drives on separate IDE channels or SCSI interface I/O.


I've run XP with as little as 48.mb (with much HD trashing, slow)

testing with 64, 96, 128, 256, 384 512 and 640 mb I found

64 - quite slow
96 - a bit better
128 - fair but minimal
256 - great to good, bogs down sometimes
384 - pretty good, rarely bogs down
512 - almost never uses paging file - fast
640 - safely out of paging file range

256 - 512 seems best, more is overkill


PROBLEM

14. Automatic Updates


SOLUTION

turn off




INACCURATE

15. Raw Sockets

this entry is confusing - seems to both complain about raw sockets and not

the firewall issue is bit more complicated considering the LSP layer and serial ports

while its true writing directly to raw sockets would effectively bypass most firewalls, some work at the LSP layer and the only way to get around that is to talk directly to a serial port (assuming a PPP/dialup connection here) but its really clunkly to do (WinJect does this) and can still be detected/blocked upstream



Nice trojan tool M$.


Raw Sockets is part of nearly every OS, MS simply caught up with the times

it really has little impact when you consider both the actual raw socket access all along by hitting below the LSP layer and/or serial port injection

to hackers this is a non-issue..



INACCURATE

16. Remote Access Bugs


the whole OS is full of bugs - over 60,000 and counting

to single out specific bugs with the aim of furthering your conclusion without studing the
background and history of CP/M, QDOS/DOS-86, MS-DOS, win3x, win9x to NT isn't very realistic

many of the problems you've cited are old bugs left over from the DOS days when security was
very lax


PROBLEM ?

17. Music Tasks


SOLUTION

block the ad sites

1.) host file blackhole
2.) local firewall
3.) upstream firewall
4.) DNS spoofing
5.) registry - change URLs



PROBLEM


18. Windows Media Player

No way to disable automatic check for updates.



SOLUTION

block the update site

1.) host file blackhole
2.) local firewall
3.) upstream firewall
4.) DNS spoofing
5.) registry - change URLs




INACCURATE

19. Alternate Data Streams

This 'feature' of Microsoft Windows relates to how information is stored on your harddrive. Under NTFS, not only is there the file, but there is a second, hidden aspect to each file. This hidden aspect is stored separately on your hard drive and not as part of the file.

I suppose the term, 'Alternate Data Streams' make better business sense, than 'hidden information gathering process combined with standard file functions'. :)


unless your fooling around with MAC FS structures alternate data forks are never used and
contain nothing - just an empty unused function


ADSLocator.exe

...No files with streams found.


Physical destruction is recommended, as it requires specific manufacturers codes to access bad blocks, internal scratch areas and internal swap/cache areas of the drive.


SOLUTION

check for ADS, wipe free space, wipe slack space

if your really paranoid low level format, repartition, format



INACCURATE

20. Stability

Microsoft Windows is designed to collapse upon extensive number crunching, of large arrays, of floating point calculations. This would prevent; nuclear modelling, physics modelling, and genetic modeling. These three aspects can produce Nuclear, alternative and biological weapons


some benchmarks do exactly this as a stress test..



PROBLEM

21. Internet Explorer 'Features'


MSN Search

When Internet Explorer fails to locate a web address it initiates a search through Microsoft. Therefore, every failed access attempt is sent to Microsoft, with all your system information in the X header structure. to Microsoft, cleverly disguised as 'assistance'.


SOLUTION

block the search site

1.) host file blackhole
2.) local firewall
3.) upstream firewall
4.) DNS spoofing
5.) registry - change URLs
6.) suppress/filter HTTP headers





INACCURATE

22. Temporary Internet Files

Without extensive reconfiguration of Windows end users will not see the real files. Instead they see a database generated representation drawn from a file called index.dat.


all that stops explorer from displaying these files & folders are the desktop.ini file settings and a few CLSID shell entries in the registry referenced by them


SOLUTION

I replace the desktop.ini in these folders with a null (0 byte) file and make it read-only

CCleaner will take care of this automaticly on reboot (explorer holds the index.dat files
open so killing the explorer process is required to delete them

I figured out another way - move them to a removable drive (USB stick for example) then pull
the stick - when you reinsert it you can then access the files. Pulling it forces
windows to let go of the files whether it wants to or not.

set up a RAM disk and point the registry entries to it
change or delete the CLSID entries



PROBLEM

25. Auto-Complete


SOLUTION

registry entry - delete with CCleaner or manually.



PROBLEM

26. MSN Messenger

SOLUTION

don't use it



PROBLEM

27. Web-Cams and Microphones

These devices can be remotely activated providing visual and audio feedback from the target subject. There is also no way of telling if your devices have been remotely activated.


SOLUTION

1.) the camera light shows when its on - seems to be hardwired that way but might be controlled
by firmware

2.) draws much more power when on - can detect and sound alarm

3.) unplug when not needed

4.) point to nothing when not needed

5.) cover up / plug when not needed

6.) upstream firewall



PROBLEM

1. Application Layer Gateway Service

SOLUTION

disable, use manual gateway setting


PROBLEM

2. Automatic Updates

SOLUTION

block the search site

1.) host file blackhole
2.) local firewall
3.) upstream firewall
4.) DNS spoofing
5.) registry - change URLs



INACCURATE

3. Computer Browser


This stupid design will breach security. The only computer a client needs to know, is the server and it should coordinate everything.

this is not how NETBIOS works, however you can disable all this and use only TCP/IP
with FTP or other services - NETBIOS isn't very fast anyway

(the way its set up is normal BTW)



PROBLEM

4. Fast User Switching Compatibility


Switches to every account, but the Administrator account. In fact, unless you know exactly what your doing, an end user cannot access the administrator account.


SOLUTION

don't use accounts - you are automaticly the admin then



PROBLEM

5. IMAPI CD-Burning COM Service

This is designed to generate 'ghost images' that can be recovered

SOLUTION

1.) don't use it - use a 3'rd party burning application

2.) burn 3'rd party encrypted volumes (truecrypt/scramdisk)



INACCURATE

6. Indexing Service


A search using the DOS emulator will run like a bullet. Windows search, however, will take its time unless the indexing service is activated.


it takes as much time as the HD takes to move its heads and read - the HD is the limiting factor not windows, the index is faster still but a typical search takes only 20 seconds

SOLUTION

disable indexing




INACCURATE


7. Internet Connection Firewall(ICF)/Internet Connection Sharing(ICS)


First off information is sent to both Microsoft and to a range identified as belonging to ARIN whenever a PC connects to the Internet. Random connection attempts are made by Explorer, NT Kernel, Internet Explorer, Windows Help, svchost.exe, csrss.exe and numerous others. I have even caught calc.exe (The calculator) attempting to initiate a remote connection, now and again. Without reverse engineering, I was unable to tell if it really was the applications, or a subsystem calling the applications. Very odd.


block MS, block ARIN subnet traffic as above

use 3'rd party utilities to map the socket to the process, like inzider, TCPview etc

you can disable all those services and check using NETSTAT -an in a DOS box to make
sure the ports are closed

I use a local proxy - all other traffic stays in the intranet and goes nowhere

my machines have no public IPs to give out and I never put any personal info in them, I
only give the computers themselves names (like p500, k233)



PROBLEM

8. Messenger

SOLUTION

1.) disable - most people do anyway due to the annoyance
2.) block using local firewall
3.) block upstream



PROBLEM

10. Protected Storage

SOLUTION

use truecrypt



PROBLEM

11. Remote Procedure Call (RPC)

What sort of idiotic decision making was behind an RPC service that cannot be disabled?


SOLUTION

disable - yes you CAN disable RPC (disabling RPC services will slightly affect XP's functionality but nothing important)

use "NETSTAT -an" to check that ports are closed to confirm



PROBLEM


12. Remote Registry


SOLUTION

disable



INACCURATE

13. Server

This is not required, it provides a central management for open files and printing operations. It also provides a method of remotely monitoring a users activities.

This 'service' (ha!) provides a single-point of failure for an entire network. It is linked to the authentication, so if the server collapses, so does the entire network, as this is managed by the server.


no the workstations are mostly P2P, and some of these services overlap. The browsemaster
is a "pull server", while this service is a "push client"

again none of this is needed and can be disabled - you can just use TCP/IP file sharing
applications insted



INACCURATE

14. SSDP Discovery Service


What in Gods name for?

UPnP while buggy and not needed by everyone does come in handy sometimes

it allows new network devices to discover a place in the network automaticly rather than
you entering IP's, gateway and DNS/WINS info manually

DCHP just doesn't quite cut it assuming your even running that service

it also allows auto NAT port translation


SOLUTION

1.) disable
2.) block with local firewall
3.) block upstream




INACCURATE

15. System Event Notification


No way of knowing, without full reverse engineering, how many undocumentented events exist throughout Windows. Windows could have an entire additional level of event reporting.

SOLUTION

1.) track file system changes
2.) track registry changes
3.) track process changes
4.) track socket mappings

using above 3'rd party utilities


no "full reverse engineering" required..




PROBLEM

16. System Restore Service


SOLUTION

disable, delete files, wipe space


restore from your own backup or re-install




INACCURATE

17. Terminal Services

I just bet its interactive and highly 'functional' too. This is enabled by default, providing a remote desktop for any hacker. Wow, what a service M$.


carryover from the old DOS "CTTY" command - ties serial port to screen & keyboard hooks


SOLUTION

1.) disable
2.) block




INACCURATE

18. Windows Time


Sends information to Microsoft and keeps your date and time stamps nice and fresh for post-forensic analysis. At least they're tidy when they invade your privacy. :)


it doesn't "send" anything but a request for time, varify that using ethereal - upstream
if you think its being sneaky about it


SOLUTION

1.) disable
2.) block
3.) use alternate time server



INACCURATE

19. Wireless Zero Configuration


Zero configuration means zero security and that's exactly what you get. The entire network is exposed to anyone within reception range. Therefore, if you are using this in your home environment, that can mean remote monitoring from up to 3Km using proper equipment, or someone else using your Internet connection from a range of around 50-80m radius.


you don't have to use it - almost all wi-fi adaptors come with thier own utilities which
BTW don't do anything different/better

even when it claims it can't install in XP (not needed due to WZC) you can do it anyway using "compatibility mode" then with WZC disabled use it



> up to 3Km

and as little as 15 meters even with the best equipment depending on antenna, power and interference



> using your Internet connection from a range of around 50-80m radius.


up to a few Km depending - I specifically operate long haul links using special "stealth" antennas



SOLUTION

use encrypted tunnels - hamachi, zebedee etc. Remote monitoring of useless random bytes..




INACCURATE

Since all security products that operate on the Microsoft Platform are both designed from, and encapsulated by the OS, then it is ultimately Microsoft Windows that is providing your security and not your firewall, etc.


wrong, some appications can talk directly to the hardware totally bypassing windows or even
DOS

if a security/firewall company desired they could loopback through a serial port talking directly to it, and nothing windows or DOS can do would affect it so as long as the actual
application was secure it would give unstoppable security since this is even below raw sockets

below raw socket communication and kernel hook rootkits are the real threats we face

and most people don't even know about these dangers

the article gives people the wrong impression by focusing on the author's ignorance borne
fears while both ignoring the real issues and not supplying practical solutions

*nix isn't a cureall or safe - the newest worms are now targeting these OS's.

While these OS's are better than windows in some ways most people will not undergo the
steep learning ride required to master them

one person made a point about controlling your computer and not letting it control you

fear causing you to dump the OS your used to for a false sense of security would be an
example of your computer controlling you

these days the internet is pretty hostile and the main threats are from spammers/scammers/
malware pushers and big business



1.) close the open services, NETBIOS, RPC, UPnP - varify with netstat

2.) name the computer not yourself - avoid having any personal information in it

3.) have anti-virus, malware, rootkit and alternate data stream checking utilities

4.) use browser protection like proxomitron, hijack this!, spywareguard, ie-spyad

5.) use an utility like CCleaner to delete index.dat files, temp, etc

6.) use truecrypt and keep all your important data in encrypted volumes

7.) use the freespace and slackspace wiping utility included

8.) for wireless use a VPN/encrypted tunnel

9.) backup user data to encrypted volumes on DVD+R


optional ;

WEP/WPA on wi-fi, firewalls

I would rather do this than change to a new OS - I feel more secure knowing the OS's weaknesses
and taking steps above to secure it then an OS I know nothing about, and would depend on a
mere perception/projection of safety without anything concrete or directly from my knowledge
or efforts to back it up or varify it


for all spying/snooping problems your own strong encryption is the ultimate and last line
of defence - feel free to replace any/all part of your OS's functionality with whatever
3'rd party applications suit you

Hex


zen buddhist?

25.03.2007 22:25

I find it strange that a self-professed Zen Buddhist would structure what amounts to a conspiracy theory.

hmm