After poring over the hundreds of email responses to the July 10 issue of Windows 2000 Magazine UPDATE ("Is Windows XP Safe? A Look at the Growing Controversy," linked below) and speaking with security expert Steve Gibson, I believe that Microsoft is making a grave error with regard to full raw-socket support in XP. The company has often received criticism for its products' inadequate security and its general misunderstanding of customers' security needs. Although Microsoft has made great strides recently in improving these deficiencies, the raw-socket support controversy proves that the company would rather meet an important ship date than make a product more secure. According to Gibson, this situation won't change until Microsoft's customers demand better security.
"When I say that Microsoft is doing something wrong, people don't want it to be true," Gibson told me Monday morning. "They depend on Microsoft. It is their whole world, their entire infrastructure. But Microsoft is a marketing company, not a technology company. They're only going to sell what people want, and right now that's ease of use."
In my original article about the raw-socket controversy, I misreported a couple of facts, although they have no bearing on the overall message. "Zombie" Windows clients infected with a Trojan application attacked Gibson's Web site, but these zombies weren't taking advantage of raw sockets, as I reported. Instead, Gibson told me that most of the zombie clients were infected when users ran an application they had downloaded from USENET. "The way hackers get to machines is to send stuff out on USENET," Gibson said. "The Trojans exist in binary form, which are untraceable because of the nature of USENET, which replicates content from server to server. People download the Trojans, which promise to be free porn downloaders or whatever. There is a huge population of people ... I hate to say it this way, but the type of people who use AOL ... that are just unsophisticated when it comes to this kind of thing."
The infected zombies that bombarded Gibson's site—475 in all—took advantage of APIs that have been available in Windows since version 3.1. After Microsoft implements full raw sockets in XP Home Edition, Gibson expects hackers to take advantage of that more powerful technology. Full raw-socket support has been available in UNIX for years, and Microsoft first implemented the technology in Windows 2000. But with XP, the technology will be sitting on many more machines—machines logged on with Administrator-level access by default and operated by mostly unsophisticated—and unprotected—users. Hackers can easily write more sophisticated Trojans that will make Denial of Service (DoS) attacks and other hacks more widespread and damaging.
"With Windows 2000 you could argue that Microsoft was at least preserving the original NT security model," Gibson noted. "Regular users would log on as Administrator only when doing system tasks like installing applications or bug fixes, and then log on as a regular user to get work done. This is much like a UNIX machine, where the root account is tweaked very carefully, not generally used for day-to-day work. But Microsoft moved that NT security model to the home and gave Administrator power to users. [The company] discarded the traditional security model because it was too hard to explain to users, and it added unnecessary features, like full raw-socket support."
Microsoft says it added full raw-socket support for applications such as Tracert and Ping (although those applications worked previously without it), and integrated features such as the Internet Connection Firewall (ICF) and IP Security (IPSec). But nonprivileged users (i.e., non-Administrator-level accounts) can't access the full raw-socket features, so users must run under the equivalent of Administrator for the features to work properly. This situation leaves these users wide open to a new, more powerful generation of Internet worms, viruses, and other hacks.
Gibson (and many readers) agreed with my earlier assertion that full raw-socket support shouldn't ship with the OS; instead, it should be available as a separate, free download. The people who really need these features could get the code, but the code wouldn't be easily available to the wider public. "Consider the current SirCam Worm that is sweeping across the Internet," Gibson said. "It autoreplicates and appears to be a text attachment from someone you know, using an automatically generated subject line. If the hacker who wrote that knew he could rely on raw-socket support [in Windows], this worm would be far more dangerous. A year from now, it will be."
Given these facts and Microsoft's inability to provide a good reason why XP needs to include full raw-socket support—beyond, of course, the desire to ship XP on time—I can only conclude that this technology is a danger to all XP users, and malicious users will use the technology to proliferate DoS attacks and other hacks. That Microsoft won't fix this vulnerability and other obvious security holes is a sign that users aren't vocal enough about security. If you care about security and want Windows to be as secure as possible, please write the company (secure@microsoft.com) and ask it to remove or at least restrict this technology before unleashing XP on an unsuspecting world. My requests to speak with someone in Microsoft Security have been denied. I find it surprising and disheartening that the company is unwilling to discuss this important topic.
Reference
Is Windows XP Safe? A Look at the Growing Controversy
Register
