Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft States Full TCP/IP Too Dangerous

Posted by Zonk on from the don't-let-them-have-all-the-toys dept.

daria42 writes "To fully implement the TCP/IP protocol in Windows XP would make creating denial of service attacks 'entirely too trivial', Microsoft has claimed. The company was responding to claims by Nmap author and well-known security expert Fyodor that by repeatedly disabling the ability to send TCP/IP packets via the 'raw sockets' avenue, Microsoft was asking the security community to 'pick their poison': either cripple their operating system or leave it open to hackers. Admitting that a recent security patch had intentionally disabled a community-developed workaround to Microsoft's TCP/IP changes - which were first implemented in Windows XP Service Pack 2 - the company claimed it had received little negative feedback on the issue."

13 of 575 comments (clear)

  1. A wise decision by jawtheshark · · Score: 5, Insightful
    Of course nobody needs raw sockets, and after all no other operating system supports them. I mean, it's not as if OpenBSD, Mac OS X, FreeBSD, NetBSD, the various Linux flavours support it. It would be too dangerous.

    No, Microsoft... none of those support raw sockets. Oh, wait... they all do. The problem is not raw sockets, the problem are the holes in the OS in the first place. If your OS doesn't run services that can be hacked, or if the applications don't allow to execute untrusted code there is no problem. Avoiding raw sockets is treating the symptoms, not the cause.

    --
    Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
  2. Privileges anyone? by bigberk · · Score: 4, Insightful

    I can't believe this issue of Windows security is so difficult to understand. You read all these articles about viruses and trojans but people keep failing to mention the obvious - you must never casually run Windows with Administrator privileges.

    It's because so many people are used to doing this by default, and so many third party apps demand Admin privileges, that Windows security is a nightmare.

    There's more to the Windows security picture of course (insecure services as well) but you can prevent so many problems just by avoiding that Admin account. It's quite normal to have raw sockets via root/Administrator privileges. The problem is that all windows users (and any software they download) are Admins.

    1. Re:Privileges anyone? by gaspyy · · Score: 4, Insightful

      The default users get Administrator priviledges because many popular programs simply refuse to work correcty with limited rights. Over the top of my head, Winamp 5 and Trillian 3.1 are guilty of this. Sure, you can workaround by giving write access to everyone for those folders, but it's crazy.

  3. Re:Ha! by Pakaran2 · · Score: 5, Insightful

    It isn't "almost crippled."

    Ordinary users on Unix are subject to even worse limitations (which is, in fact, why ping among other utilities runs setuid root).

    Has anyone found that this makes Unix unusable for them? For that matter, outside of DDoS, connection hijacking, and abusing smtp servers to cover your tracks when spamming, is there ever any need for an application programmer to falsify a source address? Doing so means you won't get a reply from whatever you're trying to do.

    All that said, I imagine if MS actually put some effort into fixing the security issues with their flagship product in the first place, so it didn't get hacked (hint: disable activex by default, along with integrated vb scripting in outlook), then there'd be no hacked machines to be used in attacks.

  4. Re:News Flash: Butter is good on toast! by rsmith-mac · · Score: 5, Insightful

    Let's give MS some credit here, I think even they've come to realize that Gibson was right and raw sockets for users was a mistake. The fact of the matter is that they fixed the issue by taking away raw sockets, and now they have to defend that position.

  5. Erm, cough, cough, excuse me... by pandrijeczko · · Score: 5, Insightful
    I run Linux and UNIX with my "insecure" full TCP/IP stack. My UNIX-y machines have an IP address, subnet mask, gateway, etc. etc. These machines do not get worms or viruses.

    I run Windows 2000 with my "secure" limited TCP/IP stack. My Windows machine has an IP address, subnet mask, gateway, etc. etc. This machine would get virii if I didn't run a virus checker, firewall, etc.

    There is one difference between the two scenarios above - the operating system!

    Yes, my UNIX-y boxes are subject to attacks from the Internet but not random attacks like viri and worms.

    An attack on my UNIX-y boxes comes from a single, person or script trying to get into my box and trying to (probably) buffer overflow a specific application daemon like FTP, Telnet, etc (not that I run either of these on the Internet anyway!)

    So let's not blame it on the "TCP/IP" stack because all attacks are as a result of attacking applications that use the stack, not the stack itself.

    We'll also remind ourselves here that UNIX was built around TCP/IP 25 years ago whereas MS refused to believe TCP/IP existed until 15 years ago after Windows 3.11 came out and they had to write a limited stack to install into Windows.

    --
    Gentoo Linux - another day, another USE flag.
    1. Re:Erm, cough, cough, excuse me... by pandrijeczko · · Score: 4, Insightful
      You seem to have an inability to read my posting correctly so I'll simplify it for you.

      Putting DDoS-type attacks aside, compromising a system, whether UNIX, Windows, whatever, involves attacking an application, not the stack. Therefore, whether you have a full or limited IP stack makes no difference to security - it's about what applications you're running.

      If you honestly believe security is about accepting you'll be broken into but just mitigating the results of it, then it's you without the clue, my friend.

      You don't run a virus scanner and never got a virus? Fine, I can believe that but then tell the whole story - you probably don't run Outlook for your email or, if you do, you're really careful about who you open emails from; you probably don't use IE and you've probably got your head screwed on properly when it comes to not downloading stuff from certain places on the Internet.

      However, when most Windows users are "without-clue" Joe Sixpacks, raw-sockets and mitigation mean nothing, it's the vulnerabilities of the apps they run that are the problem.

      How about you and I take a Joe Sixpack user each, put one in front of your fully secured Windows boxes and I put one in front of a fully secured Linux box? You set him up IE and Outlook, I'll give him Firefox and Thunderbird and we leave them both to it. Tell me, who's going to rife with spyware and one or two viruses after a week or two?

      Like I said, it's the applications and nothing to do with lame excuses about stacks.

      --
      Gentoo Linux - another day, another USE flag.
  6. Re:Ulterior motives by Andrewkov · · Score: 5, Insightful

    Except everyony does their daily work signed on as administrator (by everone I mean the majority of average users). Maybe a desktop OS for the masses *should* be crippled in some ways, to protect people from themselves. And people who need a full featured OS can use something else (a seperate version of Windows, or whatever).

  7. Re:So when... by Temporal · · Score: 5, Insightful

    Why are you relying on such things? A TCP conection is a continuous stream of bytes, not a bunch of separate packets. There has never been any guarantee that send()s and recv()s would match up 1:1, even if they are less that 8k. If you are relying on this behavior, you need to fix your design.

  8. Re:Baby, meet bathwater. by kfg · · Score: 5, Insightful

    No justification whatsoever for your cliam of XP not designed right.

    While this is correct, providing such justification would be like providing justification for a claim that Pintos weren't designed right and had a tendency to blow up.

    There might be some who have missed that, but it's still common knowledge that doesn't bear repeating every damned time the issue comes up. I suppose we could all attach standard disclaimer files to all of our posts, but they would take up two or three library of congresses to only cover the most common of the bases.

    Follow one of the links provided in subsequent posts to Steve "Foaming at the Mouth" Gibson's site to get a rundown on the issues. Note that Steve will cheer this move by MS because flaws in the OS design make it necessary.

    The core issue being that XP Home Edition runs apps in administrator mode, giving all apps, like a trojan, full access to raw sockets. Most home users that use Pro are still silly enough to run in admin mode as well. But hey, at least it's hardened against trojans, eh?

    Easy to infect with malicious code, malicious code runs with full privileges. That's bad design.

    . . .i do think they should make available as a download or on CD a TCP/IP pack that does support raw sockets.

    A patch to restore what a patch took out. That alone should clue you in that something braindead is going on.

    Please note that only "desktop" versions of XP are affected, so all you have to do is buy a server product from MS.

    Or install BSD for free.

    KFG

  9. Re:Going back on their word by Smallpond · · Score: 4, Insightful

    Cringely never gets more than about 50% correct in his articles. In this case he calls it "raw tcp/ip sockets". Wrong. Raw sockets access IP, so you can forge tcp packets in a DOS attack. Every OS allows access to TCP/IP. How else would your browser work?

    He then proposes a secure ID system. Gee. Maybe if every connection to the network had a unique 32-bit number that could be traced somehow? Maybe there could be a world-wide database connecting names and administrative information to these numbers? If only that were possible. Thanks, Bob.

  10. Re:Baby, meet bathwater. by throughthewire · · Score: 4, Insightful
    ...DDoS remote sites take advantage of the limitations of IPv4 (mostly the ease of forging your source IP address) to hide the true sources of the attack.

    Which could be all but eliminated if ISPs would implement access lists in their routers to drop packets with source addresses other than those assigned to the downstream networks.

    Problem solved without relying on OS vendors or end users to implement anything at all.

  11. Lack of negative feedback != no problems by MilenCent · · Score: 4, Insightful

    the company claimed it had received little negative feedback on the issue.

    In other news, a noted chemical manufacturer was found to have been dumping toxic waste products into a nearby water supply for years. In their defense, company spokesmen claims they had received little negative on the issue.

    Local police have been caught on camera beating up suspected felons. When cornered on the issue, they responded by saying that there had been little negative feedback on the issue -- at least, from anyone who mattered.

    In a press conference today, Bush defended his administration's handling of the war on terrorism by saying that they had little negative feedback on the issue. (Possibly because they had suppressed their own report on the issue; outside sources indicate that terrorist activity around the world is four times worse than in the previous year.)

    There, three possible responses to the negative feedback defense. Pick your favorite, I need a drink after this.