Opinions on GRC.com's view on XP's raw sockets?

[Down8 0]

I was wondering if any one had an opinion on Steve Gibson's idea that WinXP is gonna bring down the 'Net? [link: http://grc.com/dos/ ]

 

I had read this guy's rant before, and thought him a complete crack-pot. But, as I was applying for a job at a friend's firm, he suggested GRC.com as one of the sites I check out [the DDoS story].

 

After reading his recent rant about MS not understanding security, I have returned to thinking of him as a crack-pot. He has made a self-fulfilling prophecy. If s'kiddies didn't know, now they do, and if they could use the exploit, he'll show them how [he plans on making a program that will exploit the socket_raw implementation].

 

I think this is the first case I've heard of where someone is *****ing at Microsoft for finally following the full standard. Usually Ms gets flack for not being standards compliant.

 

Either way, I think MS has taken a few measures to stop the use of socket_raw, by the inclded firewall, and the updates that don't require user input. People should be made more aware of system security anyway - which they'll be forced to when mom can no longer get to pbs.org and dad can't find cnn.com b/c they've been DDoSed. Or, this will just open up a new business model in the tech sector: saving your machine from killing the 'Net.

 

What ever, what are y'all's opinions on the situation?

 

-bZj

[DosFreak 2]

I think you've summed it up pretty nicely.

[EddiE314 0]

i can't say that Steve is a crack-pot, you have to admit, the guy is smart as hell.

[Down8 0]

Intelligence != sanity.

 

,

-bZj

[arioch 0]

He's a crazy loser trying to get some attention.

 

Anyone remember his "Project X"?

 

And his silly insistence on writing everything with ASM ... UGH.

[Intlharvester 0]

"If s'kiddies didn't know, now they do, and if they could use the exploit, he'll show them how [he plans on making a program that will exploit the socket_raw implementation]. "

 

The think about the "script kiddies" is that there's quite a few of them that know the system better than almost anyone. Raw socket attacks have been common in the Unix world for years, and they are coming to NT world whether Gibson shouts about it or not. It's not like the smarter kiddies don't have the Windows SDK sitting on their desktop.

 

However, I think Microsoft's response is valid. Killing all the half-assedness of Win 9x was probably the best thing possible for computer security as a whole. Now all we need is an installer that creates power users and not administrators (see MacOS X which is targetted at an even more computer illiterate audience than Windows).

[Khoren 0]

I am of 2 mind about this. First off, let me say that the tone of Steve's article was more due to frustration than anything else. He didn't make his points as clearly as he should have and he attacked MS, which is a mistake. Let me clarify what his REAL problem was with MS's Raw socket support. Steve did not actualkly have a problem with MS implementing Raw Soccket support. His issue was that, unlike every other OS which has Raw Socket Support, they are not requiring Root Access. In the professional and Server versions of XP this really isn't an issue since network access is controlled via login. What causes a problem is including RSS in the "HOME" Version of XP. This version has no authentication control and assumes everyone is root. Windows 2000 has RSS as well, but since it was never very popular in the home market, it wasn't an issue. The only people who had it were servers with Network authentication. XP will probably be in everyone's living room and THAT is what Steve was perceiving as a threat.