Windows XP: Raw Nerve?

 
 
By eweek  |  Posted 2001-10-15
 
 
 

Windows XP is set for an extravagant New York City launch on Oct. 25, but the debate over the security of an element called "raw sockets" in Microsofts latest operating system release will rage for quite a bit longer.

Steve Gibson, an independent software developer who has written several security programs, has been waging a public campaign since July against Microsofts inclusion of raw sockets in Windows XP. He has alleged that raw sockets - a TCP/IP feature included in XP for backward compatibility, but that also lets an application generate bogus IP headers - will soon make it much more difficult to prevent distributed denial-of-service (DDoS) attacks, which already occur frequently on the Internet.

"If I brought this up a year and a half ago, [Microsoft] might have fixed it, but it didnt see the danger until it was too late," Gibson said. To date, he said, no one at Microsoft has taken seriously his worries about raw sockets.

A denial-of-service attack is the sending of a large number of data packets to a single resource on the Internet, usually a Web or application server, effectively disabling it. A DDoS attack is more virulent because it involves taking control of hundreds or thousands of PCs by using zombies, software programs that let hackers make those PCs into the minions that launch the attack. Raw sockets could amplify that threat by making IP-spoofing readily available to hacker tools.

Microsoft adamantly refuted Gibsons claim that XPs support of raw sockets makes it a security problem. A Microsoft spokeswoman pointed out that Apple Computers Mac OS, Linux, Unix and Microsofts own Windows 2000 have all implemented raw sockets. She also noted that DDoS attacks have been launched using versions of Windows that didnt support raw sockets.

But Gibson countered that while the raw sockets feature was implemented in previous OSes, those operating systems werent as widely used by consumers as Windows XP is expected to be. He also said raw sockets dont make it easier to launch a DDoS attack, but instead makes it more difficult to defend against one.

Even one of Microsofts resellers expressed concern that the raw sockets in Windows XP will increase its susceptibility to hacking. "Its one less hoop that a hacker has to jump through," said Richard Blair, a senior consultant of Chicagos SEI Information Technology, a consulting firm that is a Microsoft Gold Certified Partner.

Other security experts were divided about the impact of raw sockets in Windows XP.

"Im not sure it makes the situation any worse," said Ted Julian, chief strategist of Arbor Networks, a developer of anti-DDoS software. Individual users, by securing their machines and networks against hacker intrusions, can do much more to reduce the threat of DDoS attacks than Microsoft or any single entity can, he said.

But Microsoft could help mitigate some of the security risk by making it harder for hackers to create DDoS tools, said Keith Waldorf, co-founder and chief technology officer of Captus Networks, which also provides a DDoS defense product.

"What were going to see if Microsoft continues down this path is that denial-of-service tools will be easier to implement and cause more problems for the Internet community as a whole," Waldorf said.

Matrix Editor Todd Spangler contributed to this report.

Rocket Fuel