Slashdot Mirror

Let me see if I can do my best to google up some of the news artcles and links that recommended against installing SP1 so perhaps you can understand the reasons why...

Windows XP SP1 problems
Windows XP Update crashes some PCs
XPdlite (contains an SP1 caution)
Forums

Hopefully that gives a general idea on the subject. I would have liked to have stuck to news sites only... but ancient articles of the web aren't as easy to find as one might expect.

Actually since Thursday, June 28th, 2001, or before... Windows XP Raw Socket Controversy It's not even that they didn't know how stupid they are.

GRC - Shields Up: If you aren't stealthed, the evil boogeyman will get you... and your children!

I recall the controversary over Raw sockets when they first appeared in XP - many people said they would be a security risk, and it sounds like they were right.

So now MS removes this feature that shouldn;t have been there in the first place, and everyone is up in arms about it. Maybe that's a little exaggerated..

Remember this?

actually i do wonder what he's gonna say, as he did predict way back when xp wasn't even released yet that the raw sockets ability in xp was a bad idea, and no one really listened to what he had to say. now years later, MS realized it, dissables it, and breaks a bunch of legit programs that depended on it. had the functionality never been there in the first place, this part of sp 2 wouldn't even be an issue.

so yea, i think i'll go on over to grc.com and wait for him to post an "i told you so" on his front page.

As another poster mentioned, MS themselves confirm this support being removed. I've been chuckling about this all week, because I've been waiting for this day for 3+ years now. Steve Gibson may be a blowhard, but he was 100% dead-on correct on this one.

As to why ping and tracert still work - well, they work for the same reason they worked in Windows pre-2000. Check out that link, it has nice pretty pictures, but here's the dirt (and everyone can correct me on the technical details I get wrong):

Raw sockets allow you to write data directly to the network layer. You can bypass the TCP and IP layers this way, and put whatever the heck you want into your packets. This gives you the ability to do fun things like forge your source address (good for UDP flooding or TCP SYN floods), and pretty much send anything you want. A lot of older attacks used to send malformed packets (bad TCP or IP headers) which would cause the receiving machine to choke on them (see: WinNuke).

Now, if you're forced to go through the appropriate layers (TCP and/or IP), the protocol stack handles the headers for you. Things like your source IP address, for instance, are assigned for you. You cannot change this, and therefore cannot spoof this. In the Win9x (and NT4) days, Windows only allowed you to write to the TCP layer. To accomodate "raw" sockets for use in ICMP, you could write to the IP layer (because ICMP doesn't use the concept of ports or sequencing or any of the TCP goodness).

In 2000 and XP, Microsoft inexplicably allowed FULL raw socket access, something which had only been seen in the Unix world before - hence why most DoS attacks came from *nix boxes. This is one reason shell accounts used to be a BIG DEAL for script kiddies to get (the other reason of course is that anyone can install Linux or a BSD these days). Folks like Gibson warned them that Windows would now become zombie heaven, and hey! they were right.

Microsoft has finally admitted to the mistake, realized that almost nothing other than attack tools use full raw sockets, and has closed this up. I suspect they're allowing only IP layer access again (for TCP), and transport layer access (one above this) for UDP, to prevent IP spoofing. Notice that this still allows you to spoof your source IP address on a TCP connection - this is why outbound un-ACK'd TCP connections are being limited. We don't want SYN flooding :)

ICMP works because you still have IP layer access. It's sort of like a pseudo-raw socket. This makes me wonder: has anyone seen any limitation on ICMP traffic? Because a ping flood with spoofed source IP addresses should still be possible from what I can tell.

Steve Gibson at GRC (Gibson Research), the SpinRite guy, has warned about the exploitability of raw sockets for YEARS!

Here's a link to his article on the topic of raw sockets: Raw Sockets Article.

So check that out, and see why Winders finally locked it down.

Joe Griego
Bishop, CA

Steve Gibson at GRC (Gibson Research), the SpinRite guy, has warned about the exploitability of raw sockets for YEARS!

Here's a link to his article on the topic of raw sockets: Raw Sockets Article.

So check that out, and see why Winders finally locked it down.

Joe Griego
Bishop, CA

What versions of windows supported raw sockets, anyways? Anyone know? I thought it was introduced in 2000, but I'm not sure.

I believe that 2K had raw sockets support only for applications running as administrator. XP runs everything with administrator privileges, so everything has access to full raw sockets.

Full Disclosure: I'm taking this info from GRC.


--LordPixie

Apparently the dangers of allowing applications to access the raw sockets have been addressed to Microsoft in that past.

According to Steve Gibson (Gibson Research Corporation), he had pleaded with Microsoft in the past and was completely blown off.

Read about it

I think he deserves to say, "I f***ing told you so!\n"

What new functionality is added to this feature in Windows XP Service Pack 2?

Restricted traffic over raw sockets

A very small number of Windows applications make use of raw IP sockets, which provide an industry- standard way for applications to create TCP/IP packets with fewer integrity and security checks by the TCP/IP stack. The Windows implementation of TCP/IP still supports receiving traffic on raw IP sockets. However, the ability to send traffic over raw sockets has been restricted in two ways:

TCP data cannot be sent over raw sockets.

UDP datagrams with invalid source addresses cannot be sent over raw sockets. The IP source address for any outgoing UDP datagram must exist on a network interface or the datagram is dropped.

I bet his "I told you so" rant will be entertaining.

BlackICE is worse than no protection at all. It doesn't even attempt to stop the activities of spyware/malware while leading you to believe that you are invincible. http://www.grc.com/lt/leaktest.htm

Use AVG and Spybot S&D along with TPFW(Tiny Personal Firewall).

Try this. This little program will disable the messenger service.

My problem with this is that it didn't ask me to autheticate IE, or other MSFT services. While I agree that this is better for Joe User, and does indeed make the average computer *somewhat* less vulnerable to becoming zombies I actually think that overall it compromises security, because it has the idea of "pre-trusted" programs. So now all a malware has to do to succeed is become trusted, and then it's BEYOND reproof? I'm not sure that that is exactly how this new system works, but more than anything I'm disputing the notion that this is a panacea.

I'm also concerned about companies that make firewall type products. Are they done? Is MSFT going to claim to have all that functionality in the OS? A FALSE sense of security is worse than being unsure. I'd rather people lock down their machines themselves rather than assuming that MSFT has done it for them.

Still, I do think that this is better than nothing.

If there's one program that I have used continuiously over the years to diagnose hard drive problems is Spinrite. I was especially pleased with Steve Gibson's commitment to keeping the program DOS-based. There were alot of diagnostic utilities that ran off DOS that I wish were still updated to support modern hardware. Hopefully others will follow Gibson's lead :)

Why on earth would anyone want to use a DOS clone?

Here's one example -- Steve Gibson released a new version of his SpinRite hard disk test/recovery tool. grc.com It uses FreeDOS so you can boot from a floppy and test every sector.

[I haven't tried the product, just noting one relevant modern use of DOS.]

Is there any particular reason why some Slashdot users (usually those with low UID's) don't make links clickable? Is it laziness? Or perhaps I'm the lazy one for moaning about having to copy a link and paste it into my address bar (then take out the extraneous space) to reach it?

Anyway, thanks for the link to that article, Mr. Neutron ;)

To keep this post on topic, I believe the rabidly Informative Anonymous Coward missed the point that the previous poster was referring to services like DCOM.

The first thing I did when Blaster started doing the rounds was put DCOMbobulator in the login script -- bought me more than enough time to get patches in place.

Go to grc.com and get DCOMbobulate, click DCOMbobulate me! and you are safe from those worms.

While you are at it, get also the UPNP disabler and Shoot the Messenger! to avoid getting popups offering U N I V E R S I T Y D I P L O M A S (yuck)

There's a guide called "Surviving the First Day of Windows XP". Google it; I'll abstain. You should do this:

Basically, do this:
1. Install your hardware firewall. Configure it using the guidelines at Gibson Research. If your time's not worth the $30 for an on-sale router, don't bother installing anything and stop reading, since you're not worth my time.
2. Get your fresh install completed. Bring a book.
3. Disable messenger, server, and enable the XP firewall. Check with black viper to see what's safe to disable. (Hint: almost everything!)
4. Install an antivirus program.
5. Update your virus program.
6. Download your critical patches. DO NOT INSTALL ANYTHING BUT CRITICAL PATCHES.
7. Update your hosts file using Mike Skalla's ad blocking file. (Google for Mike's ad blocking)
8. Download Spybot-search and destroy. It has an immunize feature to stop a lot of processes from running.
9. Now you can update your non-critical files. This includes thing like driver updates, DirectX, etc. If you're keen, Spybot will check for registry changes so you can keep your eye out for spyware.
10. Check with Gibson Research again, and see if you've got a full green spread on the scan.

That's it. You can now enjoy a year or so of XP use before you have to go through this again.

Tell that to Steve Gibson, who recently released SpinRite 6, $89/copy, without any documentation.
He writes, SpinRite v6.0 documentation is playing catch-up.

This program is his main source of income, so it seems to work in the proprietary world!

For more on the joys of Assembly programming, you should go see Gibson Research.

If you want to see someone who writes incredibly useful Windows GUI programs in assembler, some in less than 20Kb, check out Gibson Research

I'm always amazed when I go to download one of his programs and it takes less than a second, and that's an uncompressed EXE, not a zip file!

I'd love to see a return to applications that were under 100K

No kidding. I'm not a programmer, but this guy writes little helpful applications in assembly that are like 20K. In this day and age, I'm impressed when anyone writes anything that can just fit on one CD-ROM.

Because IE is a big security hole, a lousy browser, and easily infected with all kinds of spyware.

Remember Netscape Smart Download phoning home with all your download traffic? Don't bother with Netscape's latest version, stick with Mozilla or Firefox.

Spoken like somebody who doesn't remember programming in less than 16kb of memory.

Hint: speed and size are INVERSELY porportional. You can create fast code, or you can create small code- but small fast code requires Steve Gibson

Would that be the dreaded Raw Sockets support that Steve Gibson got himself so apoplectic over a while back?

If so, then yes, it would seem Windows can do that now.

And apparently Mr. Gibson doesn't think that's such a great idea, or something.

Gibson has been very helpful to the Windows and novice computing community. All the magazines have been taken over by the do-anything-for-money people; they cannot be trusted. Where does a Windows novice get information?

When you are new to computing it is difficult to believe that Windows is as vulnerable as it is. A novice keeps saying, "Microsoft is a big, successful company, why would they be so self-destructive?"

It's true that Gibson is amazingly overblown at times.

Is this from our pal Steve Gibson? This smells very doom-and-gloom like it came from his campsite.

The funny thing is that it appears to be contagious: once the disk is unreadable, it'll cause any other drive to make the same clicking.

This site has a bunch of info about click death. I was very happy i'd read this when it happened to me. Posted below is what can also happen with zip drives. NOTE that this is not the original click of death (which is caused by the heads being unable to read a disk due to it being written to badly), this is more like Click Death II - Badder Than Ever.

The media inside a Zip cartridge is completely flexible like that of a floppy diskette. Jaz cartridges use a rigid media similar to a hard disk drive, but Zip drives use thin and flexible mylar-based magnetic disks.

In rare cases, when a Zip drive's heads are being loaded into the cartridge, they snag upon the outer edge of the mylar disk which is spinning at 2,941 revolutions per minute. The result is nothing short of a total catastrophe:

Either one or both of the drive's read/write heads are usually ripped from their mountings and left dangling by their electrical interconnection wires. But while this is happening the outer edge of the rapidly spinning mylar Zip disk is significantly torn and shredded.

The drive's built-in on-board brain doesn't know what has happened, so it unloads and reloads the heads many times as it's been instructed to do when it is unable to locate, read, or write the data inside a cartridge. And the user hears a repeating "Click ... Click ... Click" sound, followed by an error report from whatever software was trying to perform the data transfer.

Now Hold Onto Your Seats, Because Here Comes an Even More Horrible Catastrophe!

The unwitting user, who is now naturally quite concerned about the cartridge's irretrievable data, finds some other Zip drive, perhaps another one that they own, or maybe one belonging to a friend or co-worker. And they innocently insert their cartridge which now contains a mangled, torn, and shredded mylar disk!

This INSTANTLY kills the second Zip drive as its heads are snagged and ripped off their mountings by the torn and frayed edge of the KILLER CARTRIDGE!! This really happens, and has happened to a number of Zip drive owners with whom we have been in contact.

Contagious indeed.

Windows 98SE did not come with ClearType fonts, jerk. Nor did Windows ME or 2k.

ClearType brand subpixel rendering technology is a feature of your font renderer, not of the fonts themselves. Here's how it works. (Summary: stretch outline horizontally, rasterize, blur horizontally, and gamma correct.) Even if you take old Win95-era TrueType fonts and drop them into Windows XP set to display on an LCD, they'll probably show up with sub-pixel AA.

As always Wikipedia comes to the rescue (and since it's released under the GNU Free Documentation License I can legally present the whole article to you nice people of Slashdot) :).

http://en.wikipedia.org/wiki/Click_of_death

Click of death

From Wikipedia, the free encyclopedia.

[edit]

The click of death is a failure mode typical of Iomega Zip drives. The term is also used more broadly to refer to failures of several other kinds of disk storage systems. In all cases, the click of death is characterized by a noticeable clicking or buzzing sound and is usually caused by a head crash.

The term became common in the late 1990s, describing a problem particular to Iomega's Zip drives. Zip disks, although popular, were not particularly sturdy (being exposed to the dust and grime of an unfiltered environment), and the drives were prone to developing misaligned heads. These damaged and dirty heads would try to read a disk, only get a marginal signal, then the controller would quickly snap the head arm back into the drive and out again, producing the click and (in many cases) tearing up the edge of the disk and even the heads themselves. Compounding the problem, the damaged disks would often go on to damage the heads of any other drive they were used in.

Iomega received thousands of complaints about the click of death, but denied all responsibility: often, to the fury of Zip drive owners, claiming that the problems were caused by the use of (functionally identical) third-party media. A class action suit was filed against them in September 1998. The case was settled in March 2001 and Zip drive owners were given a rebate, but Iomega's reputation has yet to fully recover.

On non-Zip systems (usually a hard disk), the click of death refers to a similar phenomenon; when a hard disk has a hard error or servo failure, the head actuator will buzz and click as the drive tries to recover from the error. Since the media is not removable on these drives, the defect is almost always due to physical abuse or a manufacturing error. IBM's storage division had their own click of death problems in 2001 with the mass failure of their popular Deskstar 75GXP hard disks.

External links

• Comprehensive account of the click of death at grc.com
• News article on the Zip click of death, from 1998
• Information on the Iomega class action and settlement
• 75GXP FAQ at anandtech.com

All text is available under the terms of the GNU Free Documentation License (see Copyrights for

Nope, I mean exactly what I wrote. It's funny how I started to get modded to Offtopic by those less geeky than me.

I dunno. Removable storage devices are kind of inherently heterosexual, don't ya think?

The Iomega kind even have "sexually transmitted" contagious diseases if you put your "disk" (wink) in someone else's infected "slot" (nudge) and then return home to your partner. At least according to this authoritative and not at all clueless, loony or hysterical source.

My friends tell me that anthro-gyno-pomorphising computer equipment is silly, but I know they're wrong. (warning: link not work-safe!)

that show what's necessary--and the default Windoze install.

Cringely touched on a related subject when XP was being prep'd.
Note: The very top of that page (Google cache--some key stuff highlighted) is trashed by Moz 1.4,
but the link at the top is the original page.

gewg_

I recall there being a lot of discussion when ms introed Cleartype about Steve Wozniak having developed a virtually identical font smoothing algorithm for the Apple II. Has this been rebutted? Do a google search for wozniak and cleartype. Here's one article.

these

or this shit

Perhaps this summary would do, you tools.

But who cares, I don't need this crap, I use better OS.

Need proof?

Consider C, the weapon of choice for commercial-grade programming. It only has a handfull of control structures to 'hold' the rest of the program together. In the hands of an experienced programmer, C can be used to create programs that are almost as fast (yet readable), as an equivalent program coded in 100% hand written assembly language.

I could do this but I chose not to. I'd rather write lots of different programs in C and learn new stuff along the way rather than pampering the CPU with all the mind-numbing detail and preplanning a large-scale assembly language program would require.

I had a bit of experience with COBOL years and years ago. At the time I had several years of experience with Pascal (after making the radical pardigm shift from line numbered, GOTO-driven BASIC beforehand). Since Pascal and COBOL are both procedural languages, all I had to learn to get up to speed fast was the syntax and 'positioning' requirements of COBOL.

In a matter of days, I was writing somewhat sophisticated, nontrivial COBOL programs that did what they were supposed to do.

Gripe: Boy is COBOL verbose!!! (which fufills the self-documenting requirement of the language).

Why write

add 1 to x giving x

when you can use C and say

x++;

?

Might be a good transitional tool for Windows users looking not wanting to give up their eye-candy interface initially.
I'm not sure that's the salient issue. Windows user who are savvy to Linux know about the great eye candy that is available for Linux. Frankly, if it came down to eye candy, projects like Enlightenment offer no advantage over ObjectDesktop, WindowsBlinds, and StyleXP. And so far, Microsoft's ClearType anti-aliasing technology is subjectively better than anything I've seen on MacOS or Linux. Note, this is an admittedly subjective evaluation. I found a Q&A that speaks to the technical quality of ClearType that is beyond my comprehension. The fact is, my eyes have never been happier! I work heavily with numbers and text. Show me how to anti-alias old Linux apps like xv and rxvt, and I'm yours!

As a longtime Windows user who does appreciate Linux, what keeps me from making the switch are three common issues that I and the thousands of Linux advocates and zealots still haven't resolved:

1. I, like most Windows users, spend a lot on Windows software. Windows software typically costs about $40-80 online or in stores. That's quite an investment. In order to let go of Windows I would have to write off my investment in software as a sunk cost. But what if I want to keep using that software? What do I do, toss it out? Maybe I should sell it all off on eBay? This is why Linux is an easier sell to first time computer users; there isn't an established dependency. There is a good amount of good software that doesn't run on WINE or any of the WINE spinoffs. Testing to see if my apps will work under Linux can require that I pay good money for Win4Lin or VMWare. WINEX is a gamble since I have to pay before I can try it out, and according to the site, none of what I run works!

2. I like my a Windows apps. I don't abandon my apps just because there's a new operating system in town. I still use a few DOS and Windows 3.1 apps. I also have MacOS and Amiga apps sitting around. Why should I abandon my favorite apps like MS Office XP or The Sims (I've bought all the expansions) just because there are shiny new alternatives available on Linux? At the end of the day, I bought my computer in order to compute, not so that I can fight a revolution. Being a Stallmanista is kinda cool too, but I want to use what I want to use... ultimately isn't Linux and open-source about freedom of choice?

3. I need to use specialized proprietary applications like SPSS, and I happen to use some hardware that isn't support under anything but Windows. For some apps, I just can't use an alternative. And for the hardware, I'm not talking about winmodems, I''m talking about video capture devices and software that rely on the current DirectX and DirectShow. It doesn't matter whether an alternative exists, I won't use it for reasons other than stubborness.

So far, the only solution has been dual-booting, which has its own problems, and purchasing a second computer.

-Lock down the registry with permissions -Change hard drive permissions to authenticated users instead of everyone -Do NOT use administrator all the time -Use the run as service to run as administrator when needed -Use Steve Gibson's Socket Lock to prevent the berkely sockets form being abused -Subscribe to Microsoft's Security Bulletins -Turn off all unnecessary services -Use Group Policy editor to clear swap file on shut down and do not enumerate SAM for anonymous users -Enable Full security auditting -Disable NetBIOS of TCP/IP (DNS will handle names for you) -Unbind file and printer sharing if it's enabled -Disable IP forwarding (Let a physical router handle the routing) -Use double NIC cards if the server is also on a LAN -Use N-tiering if the server is on a LAN -Change the name of the Administrator account -Turn of the DCOM interface so it's not listening on TCP port 135 -If you plan on using Internet Explorer, set security settings to maximum if possible -Use a restricted user account (NOT power user) -Use a packet sniffer and monitor to check performance and traffic -Disable ActiveX controls and plugins if possible -Lock the server up and administer it remotely if possible -Set password complexity requirements and force password changes and require a different password for at least the next two password changes -Close any mail relays you might have open -Avoid using programs that use mail relays -Have a regular backup plan -Have a disaster recovery plan -If the server cannot be secured, put a camera in the room if possible -Clear the last user name of the last logged in user (Group policy editor) -Use fault tolerant equipment -Make sure the guest account is disable (disabled by default) -Develop a patching schedule -Enable the recovery console option for emergency recovery [cd rom drive letter]:\i386\winnt32 /cmdcons -Make sure that unused ports on your router are closed -Implement ACLs if applicable

It is simple. Steve Gibsom's FIX CIH will clean up after that damage. If the machine has NTFS, too bad for you.

He wasn't being careful in what he said, probably. There is nothing wrong with ShieldsUp! at GRC.com. (Scroll down to ShieldsUp, which cannot be linked directly.)

However, ShieldsUp doesn't go far enough in testing for vulnerabilities. ShieldsUp is perfect for testing systems or LANs that have no servers, because you are only trying to verify that there is no response at a particular port. However, if there is a server, other attacks than those of ShieldsUp should be tried.

Actually most home cable/DSL routers run a small embedded Linux distro, though I've found most are less robust than my old Pentium. My friend has to restart his Linksys almost daily, while my machine (Red Hat 8.0 minimal install) has 200+ days uptime. I've never tested the Linksys, but my setup gets a thumbs up from Shields Up.

I stopped using Real products after reading this

I'm sure most people on slashdot have already been here...in fact I'm quite confident it was posted on slashdot itself when it first went up, but for anyone who didn't read it then, here is the report that went up on Gibson Research Corporation after they got ddos'ed http://grc.com/dos/grcdos.htm enjoy

That poor admin can call his ISP... but there's really not much the ISP can do from their side of the line.

Sniff the garbage, analyze it, block IPs somewhere upstream. Worst case, if the zombies are randomly spoofing IP addresses you could still trace them back hop by hop. A giant pain in the ass, but possible. Steve Gibson has a great article about dealing with a DDoSing script kiddie.

Did he learn from GRC?

The relation of Lisa and Mac development to Xerox boils down to two (count them 2) trips that Apple engineers made to Xerox PARC in 1979 for Smalltalk technology demonstration (a common practice) by Xerox after Apple signed an agreement with them that allowed Xerox to buy $1 million worth of Apple stock at throw-away pre-IPO price (their investment was up almost 1800% just a year later on IPO). The two visits by Apple including nothing more than a technology demonstration. There was no code provided or stolen. Yes Apple was inspired by Xerox's Alto, you will never find any Apple employee who does not give Xerox due credit for their technology and vision. However having said that both Lisa and the Mac were far cry the technology demo that Smalltalk was. Xerox's Smalltalk did not have a file finder, drag and drop file manipulation, file types, imaging and windowing model, clipboard, pull-down menus, self redrawing windows, control panels, and a zillion other things that made the commerically viable operating System that embodied the Lisa and the Mac.

The Xerox PARC director at the time had this to say, "Just like the Russians and the A-bomb, they developed it very quickly once they knew it was doable." Apple independently developed the first GUI operating system and also invented most (some by Xerox) of the underlying concept and technologies. Yes they were inspired by the Xerox's Smalltalk but an inspiration does take away from all the hard-work and brilliance of the Apple Engineers who poured their hearts and souls into Lisa and the Mac. If you have doubts about that just ask the father of modern physics.

Now in contrast Microsoft being a future developer for the Lisa/Mac had the actual source code from Apple which they blatantly STOLE. You should read up on a subject before posting sweet nothings. These might help:

Apple and Xerox

Apple history Books

Microsoft's founding principle, "Steal first, ask questions later". There are probably thousands of examples of this principle at work, but here is a sampler or two:

The real origins of ClearType

Virtual Desktop manager "invented" at Microsoft

Apple is like a guy who, saw someone else who built a wooden raft for the first time but never actually tried it on water, and said, hey this is a good idea let me build my own version. Only they built a proper boat with a sail that could and for the first time did carry many people on water. Microsoft is like another guy who saw Apple's Sail boat and said hey this is a good idea, let me steal one. They stole it repainted it and sold it as their own.

BIG DIFFERENCE!

I use Zone Alarm and also utilize Steve Gibson's Shields Up! to check my ports.

What is the "click of death"?

IBM don't need to get a free ride on Iomega's notoriously bad reputation, they have passed that mark on their own without any help.

Maybe there ougth to be a catchy name for the IBM deskstar experience, preferrably something that can follow their HD's reputation with them to Hitachi ;)