Worst Windows flaws of the past decade

The exploits and oversights that left Redmond with egg on its face

June 25, 1998, and June 30, 2008, marked two important milestones in Microsoft's evolution of the Windows OS -- the passing of the torch from Windows 95 to Windows 98, and the less seemly transition from XP to Vista.

In the 3,659 days between, users of Windows have been forced to bear witness to another evolution of sorts: bugs that left Windows open to exploits that appeared almost as fast as you could say, "On the Origin of Species."


For some fun of the hacker and admin variety, see "Stupid hacker tricks: The folly of youth" and "Stupid user tricks: IT admin follies."

Uncovering -- and exploiting -- Windows vulnerabilities has made sport for many and careers for many more. Entire industries have sprung up to protect Windows users from previously unknown flaws, while malware authors have matured their practices from juvenile pranks to moneymaking criminal enterprises.

Caught in the middle of this never-ending onslaught is the innocent PC user and the besieged IT admin -- you. And though Microsoft and the entire software industry have labored tirelessly to handle zero-day exploits and to develop protocols for reporting potential security problems, we've seen and experienced several colossal security meltdowns thanks to the humble Windows bug.

These errors, buried in millions of lines of code, have steered great corporations and turned the tide of fortunes. It's high time they got the credit they deserve. Here are the worst Windows flaws we've endured since the introduction of Windows 98.

Password "password" would have been more secure

Bug identifier: VCE-2000-0979, MS00-072

Description: Share Level Password vulnerability

Alias: Windows 9x share password bypass

Date published: October 10, 2000

Windows 9x introduced a nifty little concept wherein users could host a password-protected mini file server, aka a share, on their PCs. The idea was simple: Allow users of networked computers to host and share files securely. Only the padlock Microsoft used to lock the door came equipped with a gaping hole that rendered it useless.

"When processing authentication requests for a NetBIOS share, Windows 95/98 would look at the length of the password sent by the attacker and then only compare that number of bytes to the real password," writes vulnerability expert H.D. Moore, who manages the Metasploit Framework project.

Oops. "This let the attack specify a password of zero bytes and gain access to the share," without actually knowing the password at all, Moore explains.

"The real damage," he continues, "was that by trying all characters of incrementing lengths, they could literally obtain the password for share from the server."

Upshot: Rather than functioning as a lock on a door, the password authentication scheme for Windows 95/98's File and Print Sharing acted more like a nail through a hasp -- to open the door you only needed to pull out the nail, with hardly any effort.

Tags Windows Vistawindows xpWindows 2000windows 98

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Andrew Brandt

InfoWorld

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?