Slashdot Mirror
TCP/MS, We'll Cure What Ails You
Cringely can string some words together from time to time, and this week's installment is a pretty good one. He's been reading a little too much Gibson (raw sockets have nothing to do with the spread of MSTD [?] 's), but overall, he's probably right. When the time is ripe, I think we'll see a move exactly like this.
While I can't help with 2-4, I wrote 2 things that help with #1. My web site offers to ability to Test Your E-mail Defenses by e-mailing you a harmless VBScript file. (It reads your registry, but doesn't change anything or send any info out.)
I also wrote Script Sentry which traps those VBS scripts (as well as DOC, XLS, SHS, SHB, REG, HTA, and more), shows you details as to what it would do if run, and lets you decide whether or not you really want to run it. So if a user opens up that new Love Letter they just got in the mail and sees a "This will change your registry" message, hopefully they will be scared/wise enough to cancel the action.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Raw sockets are an application programming interface (API) whereby the application is able to control the contents of IP packet headers directly. This means that an application, for instance, can transmit a packet with a forged source IP address - thus disguising its origin. This is often used to conceal the source of a DoS attack.
Linux provides raw sockets, but only the root user is able to utilise them (and rightly so). Cringely's article doesn't make it clear as to whether or not there's any kind of user-based protection under XP, or whether anything and everything can access raw sockets under XP.
Strags
Someone needs to write some viruses that do the following things:
1) educates -- infects your computer and gives you
a multimedia presentation on flaws within "Hi! I'm Victor Virus!
I'm an Outlook Virus. How did I get in your machine?"
2) secures -- "Would you like me to install a Zone Management
package?"
3) explains alternatives -- "Did you know there are other alternatives
to Microsoft?"
4) Highlights Microsoft abuses...
Libertarianism is rich wolves and poor sheep playing gambler's ruin for dinner.
Once a virus is detected, software can be written to clean it and possibly prevent its further transmission. These days, the delay between first detection and anti-virus software is usually a few days.
The more time a virus spends lying dormant or slowly spreading, the more time there is for someone to find it and spread the word. There are a small number of highly secure systems run by highly paranoid sysadmins who do things like compare all files to known good copies on a regular basis and log all network traffic. Even a quiet virus will be detected if it attempts to spread to one of these systems. If the virus attempts to infect something like a Honeypot, it will be detected. And then, the game is up.
These virii are only effective against the uninformed. The slower it moves, the more time it gives information to spread.
Of course, Cringely takes this already dubious theory and mangles it even further into something that makes very little sense whatsoever.
I think most everyone here is missing the point. Yeah, he's way off on the technical bits, but that wasn't what I got out of the article. I pretty much ignored that and was surprised to see everyone basing this discussion on that. What struck me was the idea that MS might deliberately make things worse, as a sort of mass DoS attack, in order to then introduce proprietary extensions to make things better, but ONLY between Windows boxes. It's a little crazy, but possible. It's also classic MS embrace and extend, just on something we're not used to thinking of as a possible target.
I think he's right about one thing: MS software will (continue to) make things worse on the internet. But I don't think it's out of malice, just greed (takes more time to make things secure, gotta ship now now now!) and a little incompetence. Even so, don't let the technobabble get in the way, it's an interesting theory.
Actually, I've heard that IPv6 is not popular because none of the current backbone equipment will switch it and no one wants to be responsible for conversion from v6 to legacy IP...
If MS's implementation is buggy/not compatible, then it probably won't work through any switches or routers, and they will have to change it. IPv6 does have some provisions for vendor specific fields, ala Kerberos, but that'll go over about as well as MS's TNF email format (read 'not at all'), esp. in such a wide open environment as the 'net.
After all, it's not called the INTERnet for nothing. However, I don't doubt that they will be able to push their proprietary extensions into corporate environments, but they really already have done that (SMB & MAPI).
The reality is that TCP/IP is really too low level for MS to worry about. There is no added value to controlling packets, only the payload, which is why they are pushing
Chris.
-- I don't have a cool sig.
Cringely makes a very astute observation: How did MS manage to avoid having all those VBS viruses tagged as MS Windows viruses or MS Outlook viruses instead of "email" viruses?
Laws affecting technology will always be bad until enough techies become lawyers.
We could implement a secure user identity system precisely like telephone Caller ID. It would be essentially an Internet ID. All Internet transactions could be based on it. Anyone who sends me e-mail can be identified. Anything I send can be traced to me. People wouldn't be forced to participate, but if they remain anonymous, I might choose to block them. I certainly wouldn't accept file attachments from them.
You can already do this. You can trace email. You can block email from those you don't know. And this system won't work to block email worms because usually they come from people who you know.
Get with it, man!
Dancin Santa
The local news programs that dispense opinions to the average folks have a tendency to simplify technological reports WAY past the point of inaccuracy. These news shows are aimed at the kind of user who doesn't know that there IS anything beyond what they do, and they don't really have a clue exactly what it is they're doing, anyway. They just do it, and most of the time, it works well enough for them.
Back to my point, the majority of reports are not going to point out that these email virii only work through MS Outlook - because the news perceives that web-based mail and Outlook make up the totality of their target audience's concept of 'email'. And why should they take the time to be accurate? They might piss off Microsoft, they might alienate some viewers from their "friendly" news service, and it's close enough anyway.
Reality is indistinguishable from any sufficiently advanced fantasy.
Actually it would seem that they've done that in reverse too.
Netscape 4 requesting from IIS is markedly slower than you'd expect by looking at relative performance on Apache with NN and IE. But it's not illegal, just ethically grey
Screw you all! I'm off to the pub
SO don't be so sure that something like this would save the world. The infrastructure you describe is daunting to say the least with smart cards, and keys, etc. Just ask anyone who has tried to implement an enterprise sized PKI - its a scary task and its not in Microsofts interest - they'll probably continue to use plain old userids and passwords.
WHich will make for funny TV the next time there is a worldwide virus that wrecks a lot of systems, the FBI will track the virus using Microsofts info and arrest some poor grandma who had her credentials lifted.
Top Most Bizarre/Disturbing Error Messages
This seems like a nice idea, but I'm not for it, and I'm not sure if it even feasible. An IP address is already like caller ID.
Lets say you were assigned this new unique ID. Who's responsible for ensuring the identity of the payload remains unaltered? The software maker? That sounds familiar! Today, when you send mail, your message might sit at several relays. Is it up to the mail server to implement tracking of this ID? Could you not simply make a mail server that ignored this precedent and spoofed whatever it wanted? This seems the same as someone getting a shell on a box and running some kind of custom relay meant for delivering spam mail anonymously.
I also can't imagine a business deciding to ignore mail based on the lack of this identification. If you have to favor security over a new customer, you have other problems.
The funny thing about this article is that a PC implementing his ideas for security could easily exist now, but the fact is Microsoft isnt going to do that. If they can't follow measures to implement good security now, why would they under this new system?
Personally, I hope the answer to all this DOS'ing does not involve me losing what anonymity I do have (which doesnt seem like much at this point anyway).
If Outlook/MSMail are so bad security wise, how come someone doesn't write an Outlook vbs script that turns ON some of the disabled security options in Outlook and IE?
Of course, someone would write a variant that actually did some damage as well.
We already have a replacement for IP that does many of these things. It's already supported under Linux, and probably a couple of other OSs I don't know about.
It's called IPv6, and it has QOS, guarenteed delivery, traceablity, and a whole host of other goodies. C'mon, do you really thing Cisco would let MS take away their bread and butter? IPv6 has been in the works for years and was designed specifically to solve all of the issues he mentions. I guess he thinks that only MS is smart enough to develop a new protocol...
This whole article is a red herring, and Cringley's about a technically literate as a door knob.
-- I don't have a cool sig.
If someone suggested this on Unix, people would just laugh - 'lose the ability to script my whole system using my favourite glue language; no way'. Why it seems any more appealing on Windows, I have no idea.
Cringely must have been smoking some of that hydroponic shit - or maybe just his socks. First, let me state upfront: I work for M$, in the networking division (but I have made living for many years as a UNIX systems programmer - as have many other people working at M$. M$ hires people for their brains, not for their OS religious beliefs). I used to think Cringely understood tech, but the past two weeks have shown him to be clueless. Gibson's complaint about XP raw sockets is that they allow IP spoofing, something Cringely doesn't seem to understand. Even Gibson is blowing it all out of proportion; turn on the fucking ingres filters on the routers and deal. As for TCP/MS - sheesh! The truth is, M$ *do* have a strategy to push a more secure protocol in the market. It just happens to be IPv6. Let's face it, it's about time, and unless M$ makes that push, it isn't going to happen. The world will be a better place when it does. Anyway, Penguinheads, you shouldn't feel so threatened by M$. Linux is going to go away; you can have all the OSes you want. They're all getting better, so no-one's losing (XP rocks, BTW!). MS might be the only choice for your mother's PC, but that's not because its the only choice, but because its the only OS that has targeted that market and invested heavily in making PCs usable by the computer illiterate. For the computer literate, you have choice. If you want to worry about monopolies, look at AOL Time Warner Netscape (Real Amazon .. the monster keeps growing). They might end up controlling your mind...
I dreamed once, likely from having a fever, that I went back in time and told the developers of IPv4, "Add two more octets to the address space. Yes, I know it seems like overkill right now, but it will solve so many problems in the future!"
Bob-
The Ludwig von Mises Institute. The reasoning individuals economics
When i worked at a Air Force base - and we had perfectly good Sun Sparc20's running as our servers (mail, dns, SQL, etc)...
.NET.. why should we think that they will stop there?
my boss told me that because we were upgrading to Windows 95.. that it was time to ditch all those servers and get Windows servers with Exchange, et al...
i asked him why should we get rid of our perfectly running servers which had given us no trouble at all just to move to Microsoft? "Because, we're getting in contractors now, and they only know Windows Nt 4.0."
Later on, it was then decided that instead of bases having their own servers and their own email systems, that now that we'd all moved to Exchange, that we'd all put our GALs together (Global Address List - the list that Outlook/Exchange VBScripts use as their distro lists to replicate themselves), then we'd really kick ass.. no more joe.blow@otherairforcebase.af.mil...
my reply was - um... LDAP servers? open Source? Hello? Anyone?
well, skip ahead to today - the US Air Force (and soon all of DoD) is going to be moving from its now Air Force-wide GAL (why we just pull the plug now during virus scares and why we were down for weeks during Melisa) to Active Directory.
back when i shut down all my Sun boxes.. i told my boss that this was just stupid.. why should we give up on what works just to buy what Microsoft is giving us? Their goal was not to give us good products, but to get us to buy their products... and things like Exchange, with its GAL, are just the first protocols that they are trying to hijack and take back on the internet... eventually, all the open ones would be overthrown by the new default MS proprietary ones that would ship someday with newer versions of Windows.
I thought it might end with email.. but i see that i'm wrong.. i agree with Cringley... its going to go all the way.. and we have no way to stop it..
MS will take over the internet.. they are already took over filesharing with SMB, they are taking over email with Exchange, they have taken over HTM L with Explorer, they are trying to take over java with
sigh.. oh well..
guns kill people like spoons make Rosie O'Donnell fat.