How Bad Is Back Orifice?

Hacker tool is only as malicious as the hands it falls in--but Windows users beware.

Ann Harrison, Computerworld

• Email
• RSS
• 0 Comments

Computerworld reporter Ann Harrison spoke with him recently about the free open source tool, which he insists has gotten an undeservedly bad reputation.

Q: How does BO2K work?

A: There are two parts: a client and a server. The server is installed on the target machine. The client, residing on another machine anywhere on the Internet, can now take control of the server.

Perfectly respectable programs, like pcAnywhere or Microsoft's Systems Management Server [SMS], do the same thing. They allow a network administrator to remotely troubleshoot a computer. If the server is installed on a computer without the knowledge or consent of its owner, the client can effectively "own" the victim's PC.

Q: Why has BO2K acquired a reputation as only a hacker's tool?

A: Back Orifice's difference is primarily marketing spin. Since it was written by hackers, it is evil. That's wrong; pcAnywhere is just as much an evil hacking tool as Back Orifice. Not only can the client perform normal administration functions on the server's computer, but it can also do more subversive things: reboot the computer, turn the microphone or camera on and off, capture passwords.

Q: How does BO2K run in stealth mode?

A: Unless the server's owner is knowledgeable, and suspicious, he will never know that Back Orifice is running on his computer. Other remote administration tools, even SMS, also have stealth modes. Back Orifice is just better at it. Back Orifice will be used by lots of unethical people to do all sorts of unethical things.

Q: Back Orifice can't do anything until the server portion is installed on some victim's computer, right?

A: Yes. This means that the victim has to commit a security faux pas before anything else can happen. Not that this is very hard; lots of people network their computers to the Internet without adequate protection. Still, if the victim is sufficiently vigilant, he can never be attacked by Back Orifice.

Q: What about Microsoft?

A: One of the reasons Back Orifice is so nasty is that Microsoft doesn't design its operating systems to be secure. It never has. You have to make 300-plus security checks and modifications to Windows NT to make it secure. Microsoft refuses to ship the [operating system] in that condition.

Malicious remote administration tools are a major security risk. What Back Orifice has done is made mainstream computer users aware of the danger. There are certainly other similar tools in the hacker world, some developed with much more sinister purposes in mind.

Microsoft responds to security threats only if they are demonstrated. Explain the threat in an academic paper and Microsoft denies it; release a hacking tool like Back Orifice and suddenly they take the vulnerability seriously.

For more enterprise computing news, visit Computerworld. Story copyright © 2007 Computerworld Inc. All rights reserved.

• Email
• Print
• RSS