By Andy Patrizio,
Just a week after a hacker group posted a utility that could give anyone on a TCP/IP network complete access to another Windows 95 PC, a security firm has come out with an evaluation of the software and its potential threat, and a method to detect and remove it from the system.
The group, Cult of the Dead Cow, released Back Orifice at its annual Las Vegas gathering, called DefCon, last week. Back Orifice, programmed by a young programmer who would only identify himself as Sir Dystic, promised to give users access to another computer's file system, network information, registry, and processes.
More ominously, it could sniff network traffic and save all keyboard keystrokes, including passwords.
The advisory comes from Internet Security Systems (ISS), of Atlanta, which develops network security software and has a R&D team, called X-Force, which searches for security holes like the ones Back Orifice exploits.
The X-Force team examined Back Orifice and found it provides "an easy method for intruders to install a back door on a compromised machine." It also said Back Orifice's authentication and encryption is weak, and therefore easy to detect and determine what has been transmitted.
Back Orifice promised so much, there was some speculation it was a hoax, but ISS said it does everything it claims to do. "We wouldn't have gone out with an advisory if it wasn't real," said Chris Klaus, chief technology officer and founder of ISS.
ISS found how Back Orifice installs itself on the computer, setting up files and burying itself in the Registry, and posted details on how to remove it. The company is developing a Back Orifice detector and remover, but couldn't say when it would be released.
Forrester Research analyst Ted Jullian said Back Orifice illustrates how easily systems can be compromised, and how important effective security is. "If there's a lesson to be learned, it's simply the importance of having intrusion detection in place, and also putting in mechanisms to control what users bring in," he said.
Try TechWeb's RSS Feed!Lowes seeking Information Security Analyst II in North Wilkesboro, NC
United Nations Foundation seeking Systems Administrator in Washington, DC
World Book seeking Java Technical Lead in Chicago, IL
Advanced Workstations in Education seeking Software Developer in Chester, PA
Silicon Labs seeking Automotive Market Segment Director in Austin, TX
For more great jobs, career-related news, features and services, please visit our Career Center.
TechWeb's FREE e-mail newsletters deliver the news you need to come out on top.
Get definitions for more than 20,000 IT terms.
Editorial and vendor perspectives
