Steve Gibson: more on Windows XP, raw socket support, and security

Jul 02, 2001, 23:30 (32 Talkback[s])

[ Thanks to Jeff Stephens for this link. ]

A lot of readers are probably familiar with Steve Gibson'site GRC.com as a place to go for superficial verification of workstation security via free, web-based portscans. GRC.com recently fell victim to a packet-flooding DoS attack. He argues that Microsoft, in implementing the complete Unix sockets specification for Win2000/XP, has opened the Internet to "an escalation of Internet terrorism the likes of which has never been seen before." In this follow-up after a meeting with Microsoft officials, he's even more convinced that Microsoft knows little about security, as they have included "Full Raw Socket" support without the safeguards that exist in UNIX-based systems.

In his own words:

"The experience with Windows-based denial of service attacks focused my attention on Microsoft's planned release of Windows XP with its planned inclusion of 'Full Raw Socket' support. Full raw sockets are a powerful and dangerous Internet API that exists in all Unix-based operating systems. But under Unix they are deliberately protected by the rigorous requirement for "root" privilege. (Similar to Microsoft's "Administrative" privilege.) However Microsoft has done away with this distinction in the Home Edition of Windows XP which threatens to populate the world with a needlessly dangerous capability."

Complete Story

Related Stories:

• The Register: Security geek developing WinXP raw socket exploit(Jun 14, 2001)
• Steve Gibson on Recent DoS Attacks Against GRC.com(Jun 05, 2001)