_   _
       BACK ORIFICE 2000           ((___))          BACK ORIFICE 2000
       show some control           [ x x ]          show some control
                                    \   /
                                    (' ')
   ________________________ http://www.bo2k.com/ ________________________

Press Contact:
        The Deth Vegetable
        cDc Minister of Propaganda

[July 19th, San Francisco] The CULT OF THE DEAD COW (cDc) publicly challenges
Microsoft Corporation to voluntarily recall all copies of its Systems
Management Server network software.  In addition, cDc calls for the antivirus
industry to respond with signature scanning for SMS files.

"Hypocrisy" is such an ugly word.  So instead, why don't we just chalk this
one up to Do-What-We-Say-Not-What-We-Do?

Microsoft evidently dislikes our new tool so much that they've taken to
complaining about one of its key features.  We're talking about Back Orifice
2000, and the feature in question is its stealth mode.

Microsoft has claimed that BO2K is a malicious tool with no legitimate use. 
Their primary evidence is BO2K's stealth feature, which gives you the option
to run the server on the remote machine without it being evident to anybody
sitting at that machine.

In fact, here's what they're saying right now on the Microsoft Security
Advisor website:

        BO2K is a program that, when installed on a Windows computer,
        allows the computer to be remotely controlled by another user.
        Remote control software is not malicious in and of itself; in
        fact, legitimate remote control software packages are available
        for use by system administrators.  What is different about BO2K
        is that it is intended to be used for malicious purposes, and
        includes stealth behavior that has no purpose other than to make
        it difficult to detect.

Now, we concede that on its face, this sounds like a valid criticism.  Being
able to operate a remote admin tool without the person at the other end
knowing that it's running on the machine seems downright devious.  (Keep in
mind that BO2K's stealth feature is an OPTION, which is in fact disabled by

Maybe Microsoft is right; perhaps this stealth feature in and of itself is
enough to brand it a hacker tool with no redeeming social value.  But then,
what are we to make of Systems Management Server (SMS)?  SMS is Microsoft's
remote admin tool for Windows.  As it happens, SMS has a nearly identical
stealth feature.  As a matter of fact, they explain this feature in a Word
document available from the Microsoft website:

        Of all the operations that Systems Management Server
        allows you to do on a client, remote control is possibly
        the most "dangerous" in terms of security. Once an
        administrator is remote controlling a client, he has as
        many rights and access to that machine as if he were
        sitting at it. Added to this, there is also the possibility of
        carrying out a remote control session without the user          
        at the client being aware of it. Thus, it is important to          
        understand the different security options available and          
        also to understand the legal implications of using some          
        of them in certain jurisdictions."          
        Visible and Audible Indicators
        It is possible to configure a remote control from a state
        where there is never any visible or audible indication that a
        remote control session is under way.  It has been made this
        flexible due to customer demands ranging from one end of this
        spectrum to the other.  When configuring the options
        available in the Remote Tools Client Agent properties, due
        notice must also be taken of company policy and local laws
        about what level of unannounced and unacknowledged intrusion is
Notice that?  Microsoft's own tool has the same evil capability as BO2K.  Now,
Microsoft did not invent surreptitious desktop surveillance; there are other
products on the market that perform these functions.  Microsoft is just the
largest supplier of the technology, as SMS comes bundled with each copy of
Back Office.  Why is it that Microsoft can offer a tool having this
illegitimate functionality without any moral qualms, but when WE do it, they
throw a hissy fit?  Well... we have a hunch.

"Microsoft wants to keep everybody talking about the evil software from us
crazy computer hackers.  So they paint BO2K as a dangerous application with no
constructive uses," says Reid Fleming (cDc).  "We beg to differ."

BO2K doesn't exploit any bugs in the Windows operating system that Microsoft
is willing to categorize as such.  So in order to convince the public that
BO2K is a solely destructive tool, Microsoft is forced to criticize the tool's
feature set.  Evidently whoever dreamed up this press strategy was unaware of
Systems Management Server and its stealth feature.

Of course, there's another possibility.   Microsoft sells SMS for cash money.
Meanwhile, BO2K is free.  (It's also open source, and better constructed any
way you measure it:  size, efficiency, functionality, security.)  Maybe this
is just another example of Microsoft's alleged anticompetitiveness?

"BO2K, like SMS, is a powerful software tool.  Like any powerful tool, it can
be used either responsibly or irresponsibly," says Count Zero (cDc).  "For
Microsoft to claim that BO2K has no legitimate purpose is ridiculous.  Their
own SMS tool has nearly the same functionality as BO2K, and Microsoft is happy
to let you pay $1,000+ for it."

Regardless of their motivations, Microsoft is selling software which does many
of same things as Back Orifice 2000, including the pernicious ability to run
hidden from the user.  And if stealth mode is what makes BO2K a malicious
program, then Microsoft's Systems Management Server is a malicious program too.

Consequently, we challenge Microsoft to recall all copies of the SMS
administration tool, because its featureset contains stealth capability.  This
feature clearly illustrates that their software has no legitimate use.
Furthermore, we urge all antivirus vendors to include signatures for SMS in
their scanner utilities.

Back Orifice 2000 is available for download free of charge from 



Equally hypocritical quotes from Microsoft about Back Orifice:

        "Users who are tricked into getting this thing installed on their
        system arevulnerable to the attacker, who can then do anything
        that the victim can do -- move the mouse, open files, run
        programs, etc. -- which is little different from what legitimate
        remote-control software can do.  Back Orifice, however, is
        designed to be stealthy and evade detection by the user."
        "In fact, it really ends up doing bad things -- that's what a
        Trojan horse does.  Back Orifice falls into that category
        because it is intentionally designed to hide itself from
        detection.  The creators claim that this is a useful
        administration tool, but it doesn't even prompt people when it
        installs itself on the system.  It doesn't warn them that it's
        getting installed.  And, once it's installed, it makes the system
        available to other people on the Internet.  That is a malicious
        "It's incomprehensible why a tool like this would be created.
        [...]  [T]here's no purpose for this tool other than harming
        actual users of software products."
        -- Jason Garms, lead product manager for Windows NT security
        Microsoft's prefabricated interview, 8-July-1999

The CULT OF THE DEAD COW (cDc) is the most influential group of hackers in the
world.  Formed in 1984, the cDc has published the longest running e-zine on
the Internet, swallowed swords, made waffles, and so on.

For more background information, journalists are invited to check out our
Medialist at http://www.cultdeadcow.com/news/medialist.htm.


"Microsoft", "Windows", "Systems Management Server", "Word", and "Back Office" are all trademarks of the
Microsoft Corporation.  Blah blah blah, this is giving me a headache.

                    "cDc. It's alla'bout style, jackass."