Security Portal: How big of a chink in Microsoft's armor?Aug 02, 1999, 15:44 (12 Talkback[s])
(Other stories by BO2K Information Cen)
"This past week's news of yet another major security vulnerability with Microsoft's products, this time with the ODBC database driver in Excel 97, has lead SecurityPortal.com to take a look at the big picture, and attempt to understand how big of a security problem Microsoft has."
"This latest security vulnerability is one of the most frightening to date, as it allows shell commands to be executed by opening a spreadsheet, without any warning whatsoever. The ODBC database driver, installed with Excel 97, supports a wide variety of system calls as part of its middleware approach to integrating applications. Among these APIs is an ability to invoke shell commands. Because this is ODBC, and not a macro, there is no warning imparted to the user. A user could download a spreadsheet, only to find that it has deleted files, made registry entries, or a number of other malicious acts, completely in stealth."
"Do security problems plague Microsoft because of their size, or are there other reasons? There are plenty of reasons to love or hate Microsoft. If you have owned Microsoft stock for the past several years, you probably love them. If you have tried to compete with them on any front, you probably hate them. Their penchant for consuming any technology or application space is well known, from dominating the word processor market to eating away at Netscape's browser share to attempting to co-opt Java. Microsoft has shown no fear of getting into new businesses and has experienced mixed results, such as with WebTV, City Sidewalk and several others. No doubt, Microsoft plays the role of the 800 pound gorilla to perfection, and they are a magnet for publicity, both good and bad. As Microsoft aggressively pursues new markets and continued dominance in existing markets, are they adequately protecting the backdoor?"