Slashdot Mirror
Vista's TCP/IP Promises and Perils
boyko.at.netqos tips us to a new writeup on Vista's TCP/IP stack, which is called Compound TCP/IP (CTCP). From the article: "...security policy will come from a centralized source. When you get your DHCP lease, your computer will report to the stack what OS you're using, what version level, what patches, what anti-virus software that's active — all that kind of stuff. It will have the ability to restrict your network access if you have a down-level machine... We could see a lot of our customers with much higher WAN network utilization because of this new TCP/IP stack... CTCP can be enabled/disabled from the command prompt but there has been no mention of tuning parameters which leads us to ask the question: How are you supposed to configure this setting in Vista?... What worries us... is that Microsoft is basing this on packet round trip time. The round-trip time from the client-side will have the server processing time in it; but the clients aren't likely going to be the running the CTCP at first. If you have a server-to-server backup running, for example, CTCP may think its part of the round-trip time and it'll throw the delay window through the roof..."
So my trojan will be reporting values honored by the DHCP servers. This system is still relying on the information sent by the (possibly infected) machine, so it is not secure in any way.
Life is just nature's way of keeping meat fresh.
"It will have the ability to restrict your network access if you have a down-level machine."
Ehm... and who decides what is a down-level machine?
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
"It will have the ability to restrict your network access if you have a down-level machine..."
Translation: "You WILL upgrade all of your machines to Vista, or Microsoft will artificially degrade their performance." It's called "market development."
Those M$ asshats are actually going to try to sell this as a NAC feature, when it's nothing but another license fee grab. Piss on them: I'm still running several totally stable, bullet-proof web servers on NT4 with 128Mb (albeit behind a good firewall), and I have neither the need nor the intention to "upgrade" them anytime soon (or ever, for that matter).
About the word "if": If bullfrogs had wings, they wouldn't bounce around on their little green butts.
Thats exactly the point. It's a bastardization of the TCP/IP standard by M$. They want everything to operate to the M$ standard not the approved W3C/ISO standards. Which means that if someone implements an opensource version then M$ sues them. This should be a Security Service that runs in the background and annoys the user that they may be using an "insecure" connection.
The first time the CEO can't get his email because his laptop wasn't patched to the right level all hell will break loose and this will be turned off.
It's also insecure as hell, someone could write a virus that does nothing but shut off this checking and then erases itself. Then you got a lot of time spent by the Help Desk and/or Techs trying to figure out why no one can connect! And unless the techs are ultra sharp about how the "new" TCP/IP stack operates they are going to be really puzzled and frustrated.
People keep saying that your trojan'd box could report false information, but what about a rooted DHCP server (like in a coffee shop, or any area with free WIFI)? You computer would be telling an unknown system its exact patch level. Screw brute force attacks, it would know exactly where you're vulnerable. didn't microsoft learn anything about offering too much information?
The network admins. Won't apply patches? You don't get network access. Won't run AV software? You don't get network access. Infected with known malware? You lose network access until it's cleaned up.
Or you could go with the paranoid conspiracy theory and assume that MS will shoot themselves in the foot by trying to close out competing OSes at the network level; that would be the slashdot way, after all.
It's official. Most of you are morons.