Well, who knows... worth a shot to give my own $.02 about it. However, I seriously do commend the Jane's editor for deciding to do this- using replies from a whole community and putting it into a magazine. Good idea; I personally was thinking of doing the same with the article yesterday about ethical/moral repercussions of euthanizing disabled infants. There was plenty of good discussion and if I was the editor of any magazine (HINT HINT) I would place all of the 2-level comments (or 3, if you're pressed for space) in an article of my mag. Just personal taste though. There was a lot of good discussion yesterday...
About CT, though- the main problem is that the general public at large uses Windows, and by it's nature Windows is insecure. For example, (and I konw that this was cited in the original, after reading the comments) Back Orifice. Yes, most of us here wouldn't touch it (at least, I doubt that most of you would) but the idea behind BO (and BO2K) is that it was written using STANDARD API's in Windows. Under UNIX, without any kind of user access, it is (AFAIK) exremely difficult to have a program installed in user-space (the BOserver) and through that program, remotely control the system without having any user access. If you can dupe the user into running any kind of trojan or the server itself (come on, imagination- if an email came from "techsupport@microsoft.com" with a heading "Security update for " and an attachment (the BOserver), how many clueless windows users would download and run it without thinking?
The idea that it was implemented with standard API's and from user space (giving the remote user even more control than the local user has) scares me. Good thing I don't run Windows... lots of lamers at school use BO for fun. But imagine MS's plan in full execution- WinNT or Win2000 (whatever they're calling it now) on EVERY DESKTOP IN EVERY ORGANIZATION. There are ways of remotely executing code, you know. And this tool (BO2K) is one of the reasons that governments worldwide don't use Windows. Period.
Oooops.... missed out the first time around (Score:3)
About CT, though- the main problem is that the general public at large uses Windows, and by it's nature Windows is insecure. For example, (and I konw that this was cited in the original, after reading the comments) Back Orifice. Yes, most of us here wouldn't touch it (at least, I doubt that most of you would) but the idea behind BO (and BO2K) is that it was written using STANDARD API's in Windows. Under UNIX, without any kind of user access, it is (AFAIK) exremely difficult to have a program installed in user-space (the BOserver) and through that program, remotely control the system without having any user access. If you can dupe the user into running any kind of trojan or the server itself (come on, imagination- if an email came from "techsupport@microsoft.com" with a heading "Security update for " and an attachment (the BOserver), how many clueless windows users would download and run it without thinking?
The idea that it was implemented with standard API's and from user space (giving the remote user even more control than the local user has) scares me. Good thing I don't run Windows... lots of lamers at school use BO for fun. But imagine MS's plan in full execution- WinNT or Win2000 (whatever they're calling it now) on EVERY DESKTOP IN EVERY ORGANIZATION. There are ways of remotely executing code, you know. And this tool (BO2K) is one of the reasons that governments worldwide don't use Windows. Period.