Buffer Overflows: Problem Multiplies | eWeek

Buffer Overflows: Problem Multiplies

Écrit par
eWEEK EDITORS
eWEEK EDITORS
Aug 6, 2001
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

It used to be that buffer overflows were just a nagging 40-year-old glitch in the software development process. Today, as illustrated by Code Red, they are the No. 1 reason hackers can slice through corporate networks like Swiss cheese.

A buffer overflow occurs when someone inputs more data into a field than that field expects. The text that spills over can then be executed on the computer. “In laymens terms, it means your toilets stopped up and theres stuff everywhere,” explained Fred Stangl, an independent software developer in Langhorne, Pa.

According to the Computer Emergency Response Team, more than 50 percent of the vulnerabilities found in operating systems are due to buffer overflows, and many are attributable to Microsoft technology.

Microsofts software was developed for desktops, where buffer overflows are a minor problem. But with the same desktops now attached to the Internet, the problems can leave a gaping hole for hackers to climb through, critics say.

The problem has been so epidemic that a frustrated Microsoft President Steve Ballmer recently stormed into a customer meeting and complained about buffer overflows, which the company is attacking through its Secure Windows Initiative.

But scanning millions of lines of code to fix the problems is not an easy task, said Mike Corby, vice president of Netigy. “The code is so large and so complicated and written by so many different people, its impossible to prevent these things.”

“Software is still written by people, and buffer overflows is an issue that affects the [entire] industry,” explained Christopher Budd, a Microsoft program manager.

David Harrah, group manager of Java, a product of Microsoft rival Sun Microsystems, blamed Microsofts programming languages.

“The fundamental difference is that Java was developed as a network application platform and language,” Harrah said.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.