Re: [Fsfe-uk] Windows WMF exploit intentional?

[Chris Croughton]

On Sat, Jan 14, 2006 at 04:09:07PM +0000, Kevin Donnelly wrote:

> Steve Gibson is speculating that the recent Microsoft Windows WMF bug was 
> intentionally put in the code by someone at Microsoft as a back-door:
> http://www.grc.com/sn/SN-022.htm
> I have no idea how well-founded his speculation is,

Not at all from what I've heard, it was put in as a way to close down
printing in the middle of a job because MSDOS (and Windows on top of it)
weren't intelligent enough.  Yes, it was a "back door" of a sort, but so
was almost everything in those days.

> but it has him saying that an operating system whose source is open
> would allow users to check that there is nothing untoward in the code
> ....

Users?  No chance at all.  Users wouldn't know a back door if it shut in
their face.  Other programmers?  Possibly, if they bothered to search it
that far, but you only have to look at how many vunerabilities are still
slipping through open software to see that merely being open doesn't
mean that programmers will find the holes.

The big problem with Windows has always been backwards compatibility,
the sheer size of their userbase means that they have to continue to
support loads of obsolete (and many dangerous) interfaces just beacuse
someone is still using them.  If they break compatibility too much
they'll lose users (or they just won't upgrade, there are still a lot of
people using Win9x and even Win3  for exactly that reason).  Come to
that, it's partly the reason that my main machine is still running
Debian 'woody' with a 2.2 kernel...

Yes, being open has some advantages, and more people /can/ look at it,
but who has the time?  How many Linux users have looked at any of the
kernel source code at all, let alone the applications?

Chris C