Linux Today: Linux News On Internet Time.

LinuxWorld: Weenies at the back door - Nick sets the record straight on Microsoft and Red Hat bugs

May 07, 2000, 20:15 (3 Talkback[s])
(Other stories by Nicholas Petreley)

"To begin with, the Red Hat software in question is its Web clustering product, called Piranha, which ships with Red Hat Linux 6.2. Piranha itself is a version 0.4.12 product. In other words, the developers are unashamedly communicating the fact that this product is less than half finished. In contrast, the alleged Microsoft back door was found in Windows NT 4.0's Internet Information Server version 4.0 with FrontPage 98 extensions...."

"Now let us turn our attention to the timeliness with which the problems were solved or workarounds were supplied. On the one hand, Red Hat discovered and corrected its problem almost immediately after the product in question was released. Linux fanatics naturally want to attribute this quick response time to the benefits of open source. However, I suggest to you that Red Hat was simply the accidental beneficiary of an unexpected side effect of the malicious back door -- the fact that you can't actually use Piranha until you discover and fix the problem."

"Microsoft also isolated and fixed its problem soon after it was reported. According to CNet, a Microsoft spokeswoman said, "After a pretty thorough evaluation, it was clear that it was a security issue with FrontPage 98 and FrontPage 98 extensions, and we figured out at the same time there was a very simple fix: removing the single file [DVWSSR.DLL]."

"After an even more thorough examination, Microsoft said there was never a back door problem to begin with. Unfortunately, since the Microsoft software is closed source code, we have no way to independently verify which thorough examination yielded the correct results. (This, if I recall correctly, was the point of my original column on this topic.)"

Complete Story

Related Stories: