Microsoft States Full TCP/IP Too Dangerous

daria42 writes "To fully implement the TCP/IP protocol in Windows XP would make creating denial of service attacks 'entirely too trivial', Microsoft has claimed. The company was responding to claims by Nmap author and well-known security expert Fyodor that by repeatedly disabling the ability to send TCP/IP packets via the 'raw sockets' avenue, Microsoft was asking the security community to 'pick their poison': either cripple their operating system or leave it open to hackers. Admitting that a recent security patch had intentionally disabled a community-developed workaround to Microsoft's TCP/IP changes - which were first implemented in Windows XP Service Pack 2 - the company claimed it had received little negative feedback on the issue."

They picked C

[Nijika]

Cripple the OS, and leave it open to hackers!

In Redmond, this is what they call a win win.

//no Karma Bonus for that one... ;)

Core Routers

[republican+gourd]

This is just part of the push to get the core internet routers cut over to NetBEUI well in advance of any ipV6 rollout. If Microsoft can manage that, the internet will be theirs again, just like when they initially built it between Steve, Bill and Woz's offices back in the early seventies.

Scary thing is, from what I've been reading Oracle will go along with this. And they can tell the future!!

My TCP/IP

[wombatmobile]

Maybe Microsoft is right. Protocols are dangerous.

Wouldn't it be safer if we all just had a My TCP/IP folder?

Re:My TCP/IP

[tehshen]

If they implement the full protocols, everyone could have your TCP/IP folder :)

Another note from Bill Gates

[PenguinBoyDave]

Dear MS Employees, We have started the FUD about TCP/IP. Now press forward with MS/IP. Once we release it we'll charge everyone a fee to use it because we know it will be more secure than TCP/IP. After all, it comes from Microsoft. With Love, Bill

I Can't Believe It...

[cyngus]

I am actually going to side with Microsoft on this one. It is not as if they removed raw sockets, but rather restricted access to them. Let's consider who needs raw sockets, mostly advanced users. Advanced users are going to have an Administrator or root account on the Windows machine and therefore should have access to raw sockets, no? There is almost no reason for the average user to have raw sockets. They do create a real risk of bad network behavior and I imagine if someone were to create TCP/IP today instead of 30 years ago when the Internet was a much smaller, nicer place, raw sockets would not be part of the spec.

As an aside, I think I'm going to take the rest of the day off, agreeing with Microsoft is mentally jarring. It has to make you question existence just a little and also make you a touch ill.

Hammer, meet nail.

[lheal]

This is because XP is not designed right, not because the TCP/IP protocol is wrong. (just to be clear)

You nailed it.

Microsoft is clearly trying to shift the blame from their dain-bramaged design to TCP/IP. How many other operating systems are there that do (more or less) fully implement TCP/IP, including raw sockets? It's almost universal.

Oh well. I guess Microsoft knows the neighborhood is safer with a crippled lunatic than healthy one.

Re:A wise decision

[nusuth]

runas /user:Administrator@domain "C:\program files\internet explorer\iexplore.exe"

So you run internet explorer to add a printer. And I thought adding a printer to OS/2 was unintuitive...