I, Cringely: The Death of TCP/IP

Aug 03, 2001, 16:24 (23 Talkback[s])

[ Thanks to Mark for this link. ]

Robert X. Cringely has signed off on the "Internet Apocalypse via Windows XP's use of raw sockets" theory, saying it's an opportunity to make a bad situation worse, and a chance to push a proprietized "TCP/MS".

"As events of the last several weeks have shown, Microsoft Windows, e-mail and the Internet create the perfect breeding ground for virus attacks. They don't even have to exploit Windows flaws to be effective. Any Visual BASIC programmer with a good understanding of how Windows works can write a virus. All that is needed is a cleverly titled file attachment payload, and almost anyone can be induced to open it, spreading the contagion. It is too darned easy to create these programs that can do billions in damage. The only sure way to fix the problem is to re-stripe the playing field, to change the game to one with all new rules. Some might argue that such a rule change calls for the elimination of Microsoft software, but that simply isn't likely to happen. It's true that Linux and Apache are generally safer than Windows 2000 and IIS, but Microsoft products aren't going to go away. I promised you an answer to how to secure the Internet, and I mean to come through. First, we'll start with the way I would do it, then follow with a rumor I have heard about one way Microsoft might want to do it.

The wonder of all these Internet security problems is that they are continually labeled as "e-mail viruses" or "Internet worms," rather than the more correct designation of "Windows viruses" or "Microsoft Outlook viruses." It is to the credit of the Microsoft public relations team that Redmond has somehow escaped blame, because nearly all the data security problems of recent years have been Windows-specific, taking advantage of the glaring security loopholes that exist in these Microsoft products. If it were not for Microsoft's carefully worded user license agreement, which holds the company blameless for absolutely anything, they would probably have been awash in class action lawsuits by now.

Of course, it is not as though Microsoft intended things to be this way. No company deliberately designs bad products. But you must understand that Microsoft limits its investments to things that will enhance a product's market share. Every feature in Windows had to pass the litmus test, "Does it increase market share?" Putting security safeguards in their products evidently failed the litmus test, and therefore weren't added. While it is true that virus authors will target platforms that give them the most bang for their programming buck, the Windows platform has virtually no security to even slow them down. I believe the lack of security in Microsoft software was a deliberate business decision."

Complete Story

Related Stories:

• Steve Gibson: more on Windows XP, raw socket support, and security(Jul 03, 2001)
• The Register: Security geek developing WinXP raw socket exploit(Jun 14, 2001)
• Steve Gibson on Recent DoS Attacks Against GRC.com(Jun 05, 2001)