Back Orifice 2000 Release Information A Note on Product Legitimacy and Security One of the major concerns regarding the Back Orifice 2000 program is whether or not the program is a secure and legitimate alternative to other commercially available remote administration suites. We have designed Back Orifice 2000 to meet user demands and to provide the most powerful remote administration available for the Microsoft Windows platform. Many people don’t like to see free software like Back Orifice being used in replacement for expensive commercial products. So, they throw around statements like ‘the program is only a malicious tool’, and ‘It has no legitimate purpose’. We’d like you to know exactly how legit Back Orifice really is. In the past, Back Orifice has been used as a trojan horse by script-kiddie crackers to annoy and sometimes harm Internet connected Windows 95 machines. This is a fact of life with a tool that has the ability to be silently installed, and can perform administration without end-user intervention. This, however, is not unique to Back Orifice. There are many trojan horse programs out there, and many legitimate remote administration tools that have the capability to perform quiet remote installations, should the user download the software and execute it without realizing what it is. Carbon Copy 32 from Compaq is a popular competing tool that has this ability. Being vulnerable to trojan horse programs is an inherent flaw in the Windows architecture (by no means unique to it, of course), that software can be executed on a system without any form of user intervention, approval, or feedback. The features of Windows that keep the user from being overwhelmed with information regarding the workings of their computer, are the same features that allow Back Orifice 2000 to keep itself hidden from view. Microsoft has ways to keep trojan horse programs from affecting users, via code signing, but the method is not well accepted, due to the inconvenience on developers. Microsoft is fully aware of the problems associated with powerful remote control. Their SMS administration system has similar problems, by their own admission. From their page describing SMS: (see http://www.microsoft.com/smsmgmt/techdetails/remote.asp for the full text) “Security Of all the operations that Systems Management Server allows you to do on a client, remote control is possibly the most "dangerous" in terms of security. Once an administrator is remote controlling a client, he has as many rights and access to that machine as if he were sitting at it. Added to this, there is also the possibility of carrying out a remote control session without the user at the client being aware of it. Thus, it is important to understand the different security options available and also to understand the legal implications of using some of them in certain jurisdictions.” All products mentioned in this document are trademarks of their respective authors. This document is Copyright © 1999, Cult of the Dead Cow. Redistribute freely. “Visible and Audible Indicators It is possible to configure a remote control from a state where there is never any visible or audible indication that a remote control session is under way. It has been made this flexible due to customer demands ranging from one end of this spectrum to the other. When configuring the options available in the Remote Tools Client Agent properties, due notice must also be taken of company policy and local laws about what level of unannounced and unacknowledged intrusion is permitted.” Back Orifice 2000 also utilizes strong encryption to perform all communications. Everything from file transfers to command channels to streaming video are all encrypted using high-grade 168-bit DES encryption. While other software products, such as pcAnywhere 32 from Symantec, and CoSession Remote 32 from Artisoft claim to use strong encryption, they do not implement it themselves; rather they rely on the encryption provided by the Microsoft Crypto API. The Microsoft Crypto API claims to provide ‘strong encryption’, but since it’s not open-source, once can not truly verify the validity of the cryptography. Many U.S. corporations have been asked by the U.S. Department Of Defense, informally, to reduce the strength of their cryptography to levels where they can be easily cracked in order to aid ‘law enforcement’ (spying on the people). Of course, if you don’t have source code, you can’t verify that this actually happened. We don’t take that chance. Back Orifice 2000 encryption is proven strong, and we’re not afraid to show you exactly how it’s implemented. The open-source/GPL model has provided Back Orifice 2000 with a more than legitimate position in the industry of remote operating system control. Back Orifice 2000 will grow to encompass all of the features of currently existing commercial remote administration tools, and eventually will be available on other operating systems and platforms. We’re dedicated to empowering people with their technology, not dumbing it down. All products mentioned in this document are trademarks of their respective authors. This document is Copyright © 1999, Cult of the Dead Cow. Redistribute freely.