Slashdot Mirror

This security hole is really very sad. Microsoft has been saying that XP would be more secure than previous versions of NT and W2K. Yet it appears that this is a bigger hole than in any previous version OS, in that it allows total control of the machine without doing anything more than making a connection to the internet. (Someone please correct me if I've misunderstood the hole.)

Several months before XP was released, I found an article by Steve Gibson of Gibson Research Corporation discussing a denial of service attack he had suffered through, how he was able to stop it, and how a new feature in XP (raw sockets) would make unstoppable attacks possible. Even worse, when he tried to warn Microsoft of the problem, they basically said, "don't worry our security will be good enough to prevent this problem."

(You can find the article here: Denial of Service Investigation)

Now here we are, just a few short months after the release of XP and there's already a security hole big enough to drive the proverbial Mack truck through. And completely unprotected behind that hole is the capability to bring any portion of the internet to its knees.

It seems to me that this is certainly an instance where a lawsuit is a possibility. It's no wonder the government is looking into the security issues in XP.

All I can say is "Be afraid. Be very afraid."

Ed "What the" Heckman

Steve Gibson is a gibbering idiot.

from grc.com : "... my post-attack forensic analysis, and the results of my subsequent infiltration into the networks and technologies being used by some of the Internet's most active hackers."

Pffff, who is this guy, Ethan Hunt?

SG: WOW, I've just been hax0red by some L33t d00d. Fortunatly, my superior security knowledge enables me to find him, and address his irresponsible behaviour.
script kiddie: I d00 th15 ju5t f0r kix! U can't st0p m33!
SG: [pads the boy on the shoulder to comfort him for the obvious lack of parental guidance] Ok, I'm not a bad guy, see, I wrote hackers are cool once.
sk: You're right! Hey why don't you unleash your mad programming skills and write something to protect us all from further havoc caused by people like me?
SG: I just might do that

I think he was referring to raw TCP/IP sockets. On UNIX systems, only root can use them. Apparently on the WinXP home edition, every user has administrator privileges by default. Steve Gibson has been making a big deal out of it lately, even though Win9x isn't really more secure in this respect.

You can get a program from Steve Gibson that detects any spyware on your system.

grc.com/optout.htm

This guy has all types of great security and privacy software.

This is probably the most important thing any network professional can ask for.

Outlaw evil behavior, not the tools that enable that behavior. In many cases the tools have many, many more positive and educational uses than negative uses. In a lot of cases, the tools can be used to stop or examine criminal (cracking) behavior.
Say what you will about Steve Gibson, but the
guy knows a little about network security. He gives an extended discussion on how he used the tools of the IRC-based DDOS trade to help oust some script k1dd13's that were hammering his site.

Tools like L0pht-crack, the NT password cracker tool, I couldn't have convinced my execs that a company password policy was necessary and passwords like 'password01' were unnacceptable.
Just like we don't ban sledgehammers and bolt-cutters even though they can be used to break padlocks, we shouldn't ban network tools either.

This is probably the most important thing any network professional can ask for.

Outlaw evil behavior, not the tools that enable that behavior. In many cases the tools have many, many more positive and educational uses than negative uses. In a lot of cases, the tools can be used to stop or examine criminal (cracking) behavior.
Say what you will about Steve Gibson, but the
guy knows a little about network security. He gives an extended discussion on how he used the tools of the IRC-based DDOS trade to help oust some script k1dd13's that were hammering his site.

Tools like L0pht-crack, the NT password cracker tool, I couldn't have convinced my execs that a company password policy was necessary and passwords like 'password01' were unnacceptable.
Just like we don't ban sledgehammers and bolt-cutters even though they can be used to break padlocks, we shouldn't ban network tools either.

Funny, nothing you say makes any sense whatsoever. Perhaps you should team up with Steve Gibson and not make sense together.

Indeed they do.

...and can be affected in exactly the same way as those on an LCD screen

No they can't. I think your parent post is closer to the truth about the logical-physical-pixel-mapping. Without it cleartype becomes just a color-distorted form of anti-aliasing. As such it certainly looks better then the raw black/white-stuff (check this out: http://grc.com/ctwhat.htm ), but that is just an AA-effect, and not the same as on your laptop.
If you want cleartype on your CRT you at least have to consider the different (not R-G-B-in-a-row) positioning of the colors.I'm not sure if all CRTs are the same with regard to this. And even then it would be a lot less effective.

Actually ClearType depends on "subpixels" found in LCD displays.

See this page for a decent explanation of how it works...

I have two links to stories about the problem of raw socket access in windows XP :

http://grc.com/dos/winxp.htm
and
http://www.theregister.co.uk/content/4/19332.html

The first one is very detailed. An absolute must read.

The problem for the windows XP user is that his system may be used as a kind of relay for network attacks. Hence, slodowns and the possibility to be banned from the network.

Now we can start the backdoors that don't use real TCP connections established by the stack to start working. Raw sockets rule!

Real programmers use COPY CON PROG...er, wait.
Real programmers use Start, Programs, Accessories, click the ">>" button, Notepad, type in the raw bytes, go to File, Save As, type in PROGRAM.EXE, and wind up with a file named PROGRAM.EXE.txt on their hard drive.

My definition of "small" these days is probably around 400k or less, depending on the app. It's crazy that people are writing multi-megabyte programs to do something as simple as restart the computer. (Or maybe it's just that everyone packages things in multi-megabyte installers.)

A while ago, I ran across rix2k power tools... little prorgams that tend to be under 100k in size. Then there's the Mr. Gibson and his "everything in assembly" philosphy -- also under 100k. Those are the only kinds of things that deserve to be called "tiny."

If you're taking up 1.44MB and want to be called "tiny", you'd better be an entire OS, an office suite, or a 3D game. :-)

Yes you're right. Check this article by Steve Gibson about it.

I think the situation hasn't been altered for WinXP build 2600 (release build).

Ok, so they tell people to stop showing how to crack open gaping holes. It's not going to happen. You can tell me to run off the edge of the grand canyon, I just won't do it.

Some of these guys live by these exploits though. I mean, take the guy at grc.com, as far as I know, all he does is try to find holes in the Operating System, and tries to get them fixed.

The most pertinant hole related to *nix is the use of Raw Sockets in XP, which he is very vocal against. It seems it makes every user the admin, and allows for easier access to the kernel. As well as making for a nice dos box on the net, and one that would not be aware that it is sending.

The remedy Salon suggests? "It would probably take one of Microsoft's developers a short afternoon to build a simple, forthrightly labeled control panel that sits right on every user's desktop and asks, in plain English, 'Which program would you like to open Web pages? Or text files? Or MP3 audio files? Or photo files?'"

So these users, who the author seems to think are too stupid to know what right-clicking is, now have to know the difference between a text file (*.txt) and a Word file (*.doc) and which program goes with which extension (no, wait, which program they want to use to open which file types!)

Microsoft isn't even the real perpetrator of these things. It's companies like Real, which have programs like RealDownload (click here and here for examples) that really go overboard with the registered file types thing. RealDownload attaches itself to your web browser in such a way that the only way to stop it from popping up every time you try to download a file is to uninstall it. It also comes preinstalled on a bunch of OEM computers, so people are afraid to uninstall it. That's just one example...

There are lots of horrible pieces of software in the Windows world: spyware like the stuff that comes with BearShare and Morpheus, the Real "suite" of products that tries to take over your computer; AOL, which tries to eat your TCP/IP stack for lunch and replace it with its own TCP/IP stack. Instead of focusing on how Microsoft is horrible because it HAS registered file types, let's focus on programs (Microsoft ones included) that abuse their privilege and try to force you to use them for everything under the sun.

Finally, please continue to educate our user base, instead of just assuming they are "ignorant" and unable to take control of "where they want to go today" (and what program they want to use to do that.)

You can actually use it on CRT displays too, and it just looks like normal AA. Here's how it works. (XFree can do this too, set a resource to do it instead of normal AA)

At least the transition between Mac OS 9 and OS X was significant. I find it really lame that microsoft keeps releasing the same crap just so that people are pressured to buy an upgrade. Sure, maybe XP is all candy coated with a cooler gui, but nothing much has changed except for the fact that normal users have access to raw network sockets.

Microsoft claims that XP has better memory protection, better threading... I'm just waiting to see if any of this is true, or if XP has the same problems as 2k.

Old Brucey at it again. The guy is just a troublemaker and rabblerouster, just like Steve Gibson. Any IT security professional worth his salt knows that Schneier is just out to get a reputation for himself, his non-crypto articles are just wind and gas.

He said "fix the problem", not "bandaid the current exploits".

The problem is that security is nothing resembling a priority to Microsoft. Security is something to be added after the fact, by people who know little about designing a secure OS, in response to complaints. And at that, only if the complaints come from big customers.

case in point.

The sky is falling! The sky is falling!

This overreaction brought to you by Gibson Research Corporation.

It seems that law only protects big corporations. You can read this article about a series of DoS attacks GRC.COM suffered. The FBI told the sysadmin that they can not help him because he need to probe a damage at least of $200,000

What about the (IMHO) famous programmer Steve Gibson, author of Spinrite (sorry /.ers, may be before your time) who writes all his stuff in assembler? His utilities and more would easily be fit onto a floppy disk - even though some use the Windows API (AFAIK). This dude is a guru to anyone using and appreciating the x86 platform! When MFM hard drives were all we had, he provided us a way to keep them working well beyond the MTBF the manufacturers had planned (or promised). A purist beyond belief - and a blowhard in rhetoric, (if you check out his website), yet, a genius in assembler (we're not worthy!)(sorry; tried for a link and was overwhelmed)

Can you say "change my interleave without FDISK first?"

This guy rules! Don't forget him! He's at least as important as Peter Norton. Maybe more...

When the width of a stroke is around a single pixel, a grey pixel stands out in a big way

That's partially because of a nonlinearity between the number of electrons shot at a phosphor and the luminous intensity. A gray pixel needs to be at 50% luminous intensity, or it'll stand out as you mentioned. To correct for this, video hardware and software raise every displayed pixel to the power of gamma. For most displays, gamma correction of 0.45 or so produces a response that's nice and linear, and you can use traditional time-domain convolution to low-pass filter the text bitmap and remove the spatial frequency aliasing.

a non-anti-aliased, hand-hinted font is much cleaner.

A non-anti-aliased, hand-hinted font is also patented.

but when we get 300 dpi screens

The future is now. Color LCD screens have always been about 300 x 100 dpi; recent versions of Microsoft GDI used in Windows CE and XP can tap into the individual red, green, and blue pixels for even cleaner text.

> anyway...
> do you think real really cares about real player? how many
> people actually have the real player plus - the one you
> BUY? they only care about their SERVERS and SERVICES.

Real is well known for spyware practices.
If the MS move will kill them, I'll be among the ones that will
complain about MS dirty behaviour, and certainly not for
Real's death.

Said that, everybody is missing the point that the inclusion
of a media player is not the most Wrong Thing (tm).
Microsoft is forcing people to use and sell their products;
5 or 6 years ago I read on the net of a big PC vendor in
Germany that was threatened by MS not to sell OS/2
installed machines, and just days ago we read almost
the same thing about their threats against PC vendors
that sell PC with other operating systems loadable via
multiboot (sorry, lost the link).

I don't care at all about what software MS ship with
their crappy operating systems, I don't use them,
period. What I'm really concerned about is the way
they're limiting other companies businesses by acting
directly against them.

Anyway, from Steve Gibson's summary:

"... the Home Edition of Windows XP executes all applications with full administrative ("root") privilege. Thus, Windows XP eliminates the raw socket safety restrictions imposed by all other operating systems."

So, while I may be a genuine fuckwad (actually, fuckwad's my first name), I defer the ignorance to another party, if, in fact, Windows XP does protect the socket access.

was created one week after Steve Gibson and Microsoft go to war over the WinXP Raw Sockets Vulnerability ... what a coincidence for a well-done spoof site of Steve Gibson's to go online a week after Steve and MS start fighting

has bogus/ridiculous/fake Registrant, Administrative, Technical, & Billing WHOIS information

was created one week after Steve Gibson and Microsoft go to war over the WinXP Raw Sockets Vulnerability ... what a coincidence for a well-done spoof site of Steve Gibson's to go online a week after Steve and MS start fighting

has bogus/ridiculous/fake Registrant, Administrative, Technical, & Billing WHOIS information

This may also be a simptom of the "microsoft" disease: creeping bloat, reliance on hardware to make up for shortcomings in software, endless features.

The "cost" of making that little bit of effort to optimize for use might be substantial on a titanic project like MS Office, but I cannot imagine that a non-Borg developer would not take pride in their work and at least try.

And then there's Steve Gibson who takes the principle of optimized code to its extreme. Good for him!

Bob-

We are all part of a team, the team can work together to ensure:

spoofed packets don't leave a team-member's network

OS's that allow easy IP spoofing are changed to make it difficult to spoof by implementing access controls a la WinNT/Unix/Linux. Evidently WinXP consumer edition has ZERO-DESIRE to be a team-player like its Win95/98/NT cousins.

FYI, Steve Gibson has posted his latest explanation of the WinXP Raw Sockets Vulnerability here from whence the concern of "WinXP boxes and ... their [spoofed] IP addresses" evidently first originated.

Steve & Co. also provide two "quick 'n dirty" FREE programs to download to:

test your access to "raw sockets" (all Win OS)

secure NON-SYSTEM "raw sockets" access (Win2K & WinXP) to see that Win2K & WinXP continue to function just fine

The funny part is that Steve Gibson now uses Microsoft's own MSDN Technical Documentation against Microsoft. Steve provides quotes from the Microsoft MSDN websites and links to the original Microsoft Technical Documentation

As of 8/13/01 @ 0801 PST, all the links to the Microsoft Technical Documentation PROVING (?) Steve Gibson's points were fully functional.

BTW, for a "nail biting" (grin - soon to be a motion picture - grin) tale of one man's experience with a Distributed Denial of Service attack read both here and SlashDot commentary to learn where Steve's fear of WinXP Raw Sockets originates (i.e. WinXP zombies doing DDOS with the easy to spoof WinXP box IP addresses due to desktop Joe/Jane-consumer user always being "root")

Evidently, Steve Gibson can now quote chapter and verse back to Microsoft and ask Microsoft "Why are you [microsoft] now contradicting yourself."

BTW, there is now an "astroturf" (?) website devoted to debunking Steve Gibson here although all the DNS details seem bogus ("How convenient for the astroturf PR agency!!!" says the Church lady)

We are all part of a team, the team can work together to ensure:

spoofed packets don't leave a team-member's network

OS's that allow easy IP spoofing are changed to make it difficult to spoof by implementing access controls a la WinNT/Unix/Linux. Evidently WinXP consumer edition has ZERO-DESIRE to be a team-player like its Win95/98/NT cousins.

FYI, Steve Gibson has posted his latest explanation of the WinXP Raw Sockets Vulnerability here from whence the concern of "WinXP boxes and ... their [spoofed] IP addresses" evidently first originated.

Steve & Co. also provide two "quick 'n dirty" FREE programs to download to:

test your access to "raw sockets" (all Win OS)

secure NON-SYSTEM "raw sockets" access (Win2K & WinXP) to see that Win2K & WinXP continue to function just fine

The funny part is that Steve Gibson now uses Microsoft's own MSDN Technical Documentation against Microsoft. Steve provides quotes from the Microsoft MSDN websites and links to the original Microsoft Technical Documentation

As of 8/13/01 @ 0801 PST, all the links to the Microsoft Technical Documentation PROVING (?) Steve Gibson's points were fully functional.

BTW, for a "nail biting" (grin - soon to be a motion picture - grin) tale of one man's experience with a Distributed Denial of Service attack read both here and SlashDot commentary to learn where Steve's fear of WinXP Raw Sockets originates (i.e. WinXP zombies doing DDOS with the easy to spoof WinXP box IP addresses due to desktop Joe/Jane-consumer user always being "root")

Evidently, Steve Gibson can now quote chapter and verse back to Microsoft and ask Microsoft "Why are you [microsoft] now contradicting yourself."

BTW, there is now an "astroturf" (?) website devoted to debunking Steve Gibson here although all the DNS details seem bogus ("How convenient for the astroturf PR agency!!!" says the Church lady)

FYI, Steve Gibson has posted his latest explanation of the WinXP Raw Sockets Vulnerability here from whence the concern of "WinXP boxes and ... their [spoofed] IP addresses" evidently first originated.

Steve & Co. also provide two "quick 'n dirty" FREE programs to download to:

test your access to "raw sockets" (all Win OS)

secure NON-SYSTEM "raw sockets" access (Win2K & WinXP) to see that Win2K & WinXP continue to function just fine

The funny part is that Steve Gibson now uses Microsoft's own MSDN Technical Documentation against Microsoft. Steve provides quotes from the Microsoft MSDN websites and links to the original Microsoft Technical Documentation

As of 8/13/01 @ 0801 PST, all the links to the Microsoft Technical Documentation PROVING (?) Steve Gibson's points were fully functional.

BTW, for a "nail biting" (grin - soon to be a motion picture - grin) tale of one man's experience with a Distributed Denial of Service attack read both here and SlashDot commentary to learn where Steve's fear of WinXP Raw Sockets originates (i.e. WinXP zombies doing DDOS with the easy to spoof WinXP box IP addresses due to desktop Joe/Jane-consumer user always being "root")

Funny thing now is that Steve Gibson can now quote chapter and verse back to Microsoft and ask Microsoft "Why are you [microsoft] now contradicting yourself."

BTW, there is now an "astroturf" (?) website devoted to debunking Steve Gibson here although all the DNS details seem bogus ("How convenient for the astroturf PR agency!!!" says the Church lady)

FYI, Steve Gibson has posted his latest explanation of the WinXP Raw Sockets Vulnerability here from whence the concern of "WinXP boxes and ... their [spoofed] IP addresses" evidently first originated.

Steve & Co. also provide two "quick 'n dirty" FREE programs to download to:

test your access to "raw sockets" (all Win OS)

secure NON-SYSTEM "raw sockets" access (Win2K & WinXP) to see that Win2K & WinXP continue to function just fine

The funny part is that Steve Gibson now uses Microsoft's own MSDN Technical Documentation against Microsoft. Steve provides quotes from the Microsoft MSDN websites and links to the original Microsoft Technical Documentation

As of 8/13/01 @ 0801 PST, all the links to the Microsoft Technical Documentation PROVING (?) Steve Gibson's points were fully functional.

BTW, for a "nail biting" (grin - soon to be a motion picture - grin) tale of one man's experience with a Distributed Denial of Service attack read both here and SlashDot commentary to learn where Steve's fear of WinXP Raw Sockets originates (i.e. WinXP zombies doing DDOS with the easy to spoof WinXP box IP addresses due to desktop Joe/Jane-consumer user always being "root")

Funny thing now is that Steve Gibson can now quote chapter and verse back to Microsoft and ask Microsoft "Why are you [microsoft] now contradicting yourself."

BTW, there is now an "astroturf" (?) website devoted to debunking Steve Gibson here although all the DNS details seem bogus ("How convenient for the astroturf PR agency!!!" says the Church lady)

This is one of the worst things I know, SpyWare - I simply hate freeware/shareware/ad-ware programs that use SpyWare - I recently installed KaZaa (p2p filesharing) - but 5 minutes after, not having run it, I uninstalled it, because it had installed Cydoor software on my computer (when I explicitly told it not to install it). I removed Cydoor - but then KaZaa wouldn't run.

Worried if you have SpyWare? Get ad-aware from LavaSoft - it's free and reliable.
Or you can just check your programs here - just enter the name of the software...
Or Steve Gibson's (grc.com) OptOut

Don't use SpyWare!

A lot of people who are ignorant of computers have this belief that anyone who knows what they are doing can hack any computer easily. They do not believe that any form of computer security can exist.

The FBI, in particular, is very ignorant about computers and securty. Read this Month's crypto-gram (one link from the page I lined to) for a story on how sensitive FBI documents were passed on to the internet at large via SirCam.

About a year ago, there was an (mumble mumble) on-line community that I was a part of. They had a number of mailing lists. Discovering that they had a Majordomo-style interface, I proceeded to send the list-request address a LIST request.

Instead of just listing the mailing lists that exists, the program gave me a list of all mailing lists, and all people subscribed to the lists.

Later on, someone on one of the lists wondered out loud how many people were on a mailing list. I told them.

At this point, the people freked out. They though I had broken in to their system or some such. I explained how I got the information, and then said that I was going to leave. I knew that this was something that could get me in to trouble.

Thankfully, the moderator of the mailing list was a member of out family's church. I wonder what could have happened if we were not on friendly terms with these people.

Finally, I wonder why the FBI persues crap like this, and not stuff like legitimate problems where the FBI could really help (scrool down to the section where he describes his dealing with the FBI).

- Sam

The FBI, in particular, is very ignorant about computers and securty. Read this Month's crypto-gram (one link from the page I lined to) for a story on how sensitive FBI documents were passed on to the internet at large via SirCam.

About a year ago, there was an (mumble mumble) on-line community that I was a part of. They had a number of mailing lists. Discovering that they had a Majordomo-style interface, I proceeded to send the list-request address a LIST request.

Instead of just listing the mailing lists that exists, the program gave me a list of all mailing lists, and all people subscribed to the lists.

Later on, someone on one of the lists wondered out loud how many people were on a mailing list. I told them.

At this point, the people freked out. They though I had broken in to their system or some such. I explained how I got the information, and then said that I was going to leave. I knew that this was something that could get me in to trouble.

Thankfully, the moderator of the mailing list was a member of out family's church. I wonder what could have happened if we were not on friendly terms with these people.

Finally, I wonder why the FBI persues crap like this, and not stuff like legitimate problems where the FBI could really help (scrool down to the section where he describes his dealing with the FBI).

- Sam

for GNU/Linux and BSD that is. Everyone seems to get upset with this idea, I love it! Fsck em, let them screaw things up more and more. The more they do it, the more people will search for an alternative.

GNU/Linux allows me to do what ever the hell I want. If I wanna run _everything_ as root and make the system 100% insecure, its up to me. It will allow me to make whatever changes required to do so. Of course I wouldn't, but the freedom is there.

On an M$ platform, M$ makes those desisons for me. Why would anyone need another firewall ? Ours is good enough. This comming from a company that has zero clues on security.
Theres a slew of intresting info on this avaiable here. (Take a look at the links on the bottom) They talk about a lot of crap that M$ is tring to pull with XP. Its a good read. Especially for those intrested in acutally using an M$ platform.

"We've been working closely with Microsoft - BlackIce is widely used inside Microsoft - in order to make sure it works well," Rob Graham, founder of NetworkIce told us.

After reading Steve Gibson's scathing pseudo-review of BlackIce Defender that was part of his Denial of Service article (which was previously covered here on /.), I find this quote fscking hilarious. If you're relying on a company that can't keep its own products secure to help you do quality assurance on your company's security-specific product, well...

If there was ever an endorsement for why one shouldn't use BlackIce Defender, this is it!

~Philly

"We've been working closely with Microsoft - BlackIce is widely used inside Microsoft - in order to make sure it works well," Rob Graham, founder of NetworkIce told us.

According to Steve Gibson, Black Ice is fairly ineffective (Scroll down to "Personal Firewalls and IRC Zombie/Bot Intrusions
") against actually protecting the system. Now I personally don't want to have Black Ice built into my operating system. I'd like the ability to use Zone Alarm at the very least. I prefer to use Tiny Personal Firewall, because it allows me to allow/deny connections on different protocols and ports as well as do MD5 checksums of programs.

Who knows, MS might make Black Ice in WinXP decent, but I at least what the freedom to choose my own security setup.

"We've been working closely with Microsoft - BlackIce is widely used inside Microsoft - in order to make sure it works well," Rob Graham, founder of NetworkIce told us.

According to Steve Gibson, Black Ice is fairly ineffective (Scroll down to "Personal Firewalls and IRC Zombie/Bot Intrusions
") against actually protecting the system. Now I personally don't want to have Black Ice built into my operating system. I'd like the ability to use Zone Alarm at the very least. I prefer to use Tiny Personal Firewall, because it allows me to allow/deny connections on different protocols and ports as well as do MD5 checksums of programs.

Who knows, MS might make Black Ice in WinXP decent, but I at least what the freedom to choose my own security setup.

In addition, you might be interested to know that BlackICE completely blocks all network traffic when lanning, and is very troublesome, while Tiny is not. BlackICE, in my experience, also does not actually uninstall properly and continues to run after you have theoretically removed it. This struck me as very strange, and could be a random incident. However, I have had my computer frozen solid with BlackICE running, on Windows 2000, and my opinion of it, like that of Steve Gibson is somewhat low. And yeah, some of you might laugh at Steve Gibson, but I'm not just going by what he says, bear that in mind.

To be honest, when I read that BlackICE was used widely inside Microsoft, I laughed my arse off.

The security features built into all other raw socket capable operating systems (Windows 2000, Unix, Linux, etc.) deliberately restrict raw socket access to applications running with full "root" privilege. However, the Home Edition of Windows XP executes all applications with full administrative ("root") privilege. Thus, Windows XP eliminates the raw socket safety restrictions imposed by all other operating systems.

Of course, Cringely takes this already dubious theory and mangles it even further into something that makes very little sense whatsoever.

Seeing as how Zone Alarm is the only darn free/software firewall that appears to work, then why run anything else? I'd like to see Microsoft's crack team of security "experts" come up with something comparable.

Oh wait, they did.

Hahahahah

By default, under this scenario, your PC becomes a TCP/IP read-only device. By running applications like Gibson's Zone Alarm you can -- right now -- severely limit the use of TCP/IP by applications on your PC

I didn't know Steve Gibson wrote Zone Alarm. When did this happen? What happened to Zone Labs?!

Why is it that Code Red gets the trumpets and klaxons, while Sircam continues to spread private documents(!) with considerably less attention?

Because Steve !! Gibson !!! didn't rant about Sircam..

I wish the media would vet these so-called 'experts' before blindly accepting everything they say.

I don't always agree with Gibson, I think he's off-base concerning raw sockets, but the Register is way out of line in saying that he predicted severe consequences for the Internet. In reading Gibson's advisory I see no such thing. In fact at the end of the the advisory Gibson says:

"Please note that neither in the above communique, nor elsewhere, have I ever made any dire predictions for the worm's effect on the Internet. Others have, but I am skeptical. I believe that the Internet can easily handle the "replication probing traffic" generated even by millions of simultaneously searching and reproducing IIS worms."

The rest of the advisory is here.

The Register has lost my respect, but then it never had much of it to begin with.

IIRC, doesn't win2k do a default instal of IIS with the service on? (Thought I read that some where, but I don't run Win2k, so I can't verify.) This means that there are plenty of machines that are vunerable and their owners don't know it.

According to stats collected by CAIDA, the top 4 identifiable infected domains, with over 7% of the infections, are home.com (cable), rr.com (cable),t-dialin.net (? dial-up?), and pacbell.net (dial-up and DSL). Add in a few more to the list and you are above 10%.

The way I read this, most of those companies are geared to home and individual users (or fairly small businesses). These people are *NOT* Apache customers (otherwise they wouldn't be infected) but nor would they be the kind to purchase Apache. They are small businesses (home business) or home users that either have a cute web site up for their friends, or don't even know they have IIS running.

These people are the ones that don't know about the updates and couldn't care (but can't figure out why their Quake latency is so high).

So, I am a little afraid about this "slice of the pie." Not only is it potentially bigger than the "official server" base, but also is it less informed, and more of a potential threat.

[What happens if Steve Gibson's WinXP concerns are correct and insecure software is being put in the hands of every Joe/Jane User that allows for/facilitates massive global attacks? (I realize that Steve's issue is slightly different, but I bring it up here as it illustrates that the nature of the "pie" is shifting.)]

______

Here is a program called OptOut which searches for spyware, and helps you remove it. (if you use windows ;)

Damn the man.

The larger concern is that XP will be shipped with full raw sockets. This makes it likely (assuming XP becomes as ubiquitous as Win9X) for it to become the platform of choice for DDoS attacks...

-- Shamus

Insert pithy saying here

Then it's not a martini anymore! It's a Gibson.