LT   EN   RU  
Thursday 28 March 2024 Straipsniai.lt - Independent and informative portal
Home
Phorum
Contacts
Login
Register   Login
News subscribe
Subscribe   Unsubscribe
Partners
www.slaptai.lt www.gamezone.lt
www.penki.lt www.hakeriai.lt
   
   
Advertising
Statistic
Visits since 2002 09 12 - 70579478
Pages in Straipsniai.lt: 40735
  
  Computers > Computer technologies > Security
Lankomumo reitingas Print version Print version
Gibson 1, Microsoft 0

Com­pu­ter secu­rity cele­brity Steve Gib­son won his long battle with Micro­soft over "raw sockets." It took three years for the folks in Red­mond to finally cave in to his media cru­sade. They im­ple­mented Gib­son's flawed thinking in Win­dows XP Ser­vice Pack 2...

Rob Rosen­ber­ger re­ports.

I hereby declare Steve Gibson won his long battle with Microsoft over "raw sockets." It took three years for the folks in Redmond to finally cave in to his media crusade. They implemented Gibson's flawed thinking in Windows XP Service Pack 2.

I'll explain below what I think will happen as a result of Microsoft's cave-in. First, though, let's recap the "raw sockets" controversy. To put it succinctly: Microsoft embraced Gibson's idea to solve a router security problem by crippling the default networking interface in one operating system.

Gibson's fear over raw sockets stems from an entrenched Internet specification known as the "Unix Berkeley sockets application programming interface." We'll call it the Berkeley sockets API for short; it establishes a networking interface so programs can talk/listen to the Internet. Many people (including myself but not Gibson) view it as a de facto standard. It debuted in the early 1980s as the very first sockets API for the Internet. It fathered many networking interfaces in use today -- especially Microsoft's -- and it greatly inspired the design of many others.

You'll find the Berkeley sockets API in OpenBSD, arguably the most secure desktop operating system you can install "right out of the box." You'll find it in the BSD programming environment for Mac OS X. Many operating systems choose it for their default networking interface because it's an entrenched Internet specification.

Any operating system will expose enough of its default networking interface so programs can send/receive packets of data across the Internet. It may offer a more-powerful default networking interface if it chooses, and all Internet-centric operating systems do this. However, a programmer will sometimes innocently or purposely create "undesirable packets" when his software manipulates raw sockets. Even a buggy networking interface can create undesirable packets!

The Internet Engineering Task Force places a burden on routers & hardware firewalls to guard the Internet from undesirable packets. It makes sense to place this burden on routers & hardware firewalls rather than on operating systems & networking interfaces. Sadly, many router manufacturers didn't configure their products by default to protect the Internet from undesirable packets.

Gibson wanted Windows XP to pick up the slack for poorly configured routers used by companies and ISPs all over the world. It's a classic case of flawed thinking -- his crusade has always been a router security issue, not an operating system security issue, and every legitimate router security analyst knows this.

So much for the recap. Time for me to pontificate.

I PREDICT MICROSOFT'S cave-in will further delay the widespread acceptance of an important router security best practice. I will not blame Gibson for this delay.

Microsoft's cave-in only applies to workstation editions of Windows XP, but I believe pseudo-experts will leapfrog on Gibson's win. I believe those pseudo-experts will call on Microsoft to cripple all of the server editions of its operating systems, too. "C'mon, guys! Why would you only attack Dracula's lesser minions when you could just as easily attack the more powerful ones, too?"

I believe Microsoft will hear renewed cries to delete IIS, Internet Explorer, Outlook Express, and the Administrator account from all versions of all future operating systems for security reasons. I'm not joking about the Administrator account -- a lot of pseudo-experts view it as a threat to network security.

I believe kooks will come out of the woodwork to pester Microsoft with all sorts of wild ideas for the benefit of mankind. "C'mon, guys! Your next workstation OS can finally end the problem of dueling DHCP servers!" I wish Microsoft only the best of success as it tries to fend off a horde of wacky security demands.

I believe government pseudo-experts, too, will leapfrog on Gibson's win. I believe they'll start by calling for the removal of USB support from future operating systems purchased by the U.S. military. I'm not joking about USB support, either -- the Pentagon views it as a threat to national security. It honestly won't surprise me if the feds force Microsoft to release a "Windows DC" operating system.

Lastly, I believe Microsoft will someday rectify the error they made when they caved in to Gibson. You simply cannot improve router security by crippling an operating system. Mark my words: the folks in Redmond will someday re-embrace Bill Gates' idea of one common robust networking interface in all versions of all of its operating systems.

Memo to Microsoft employees: I wrote a major recap for your edification. Click here to read it.

Memo to Steve Gibson: no jokes, no sarcasm, no burlesque, no satire. "You won," and you can quote me in context with just those two words. As one messiah to another, I congratulate you on your win. I learned of Redmond's capitulation in early July and I wanted to congratulate you back then ... but I regret to say it took me this long just to get over my frustration with Microsoft. My frustration with them prevented me from writing the column you honestly deserved.

         
Lankomumo reitingas

Diskusijos - Discusions

Print version - Print version

Atgal
Random tags:    Hobby (25)    Economics2 (2)    Automobiles (10)    Aquariums (28)    Business (25)    Aviation (10)    Computers (355)    S.Valiulis (2)    V.Nabokov (54)    Animals (65)    Telecomunication (40)    Countries (43)    Law (11)    UFO (39)    Photography (3)    Music (10)    Philately (8)    Cryptography (10)    Vampire (6)    Hardware (43)    Soldiership (12)    Tourism (46)    Sound systems (10)    Cats (14)    Helping and prevention (14)    Intercourse (265)    Badminton (3)    Narcotics no (13)    Open source (9)    Science (163)    Suckling (10)    Dogs (17)    Procesors (2)    Law (11)    Modems (2)    Kisses (13)    Heathendom (3)    Nursing (4)    Agriculture (17)    Mysticism 2 (3)    Skydiving (10)    Mother and child (17)    Buddhism (10)    Fantasy (10)    Sport gymnastics (9)    Software (11)    Floriculture (10)    PHP (3)    Horoscopes (4)    Ecology (10)
1. ATM industry prepares to secure its new windows-based ATMs
1. ATM industry prepares to secure its new windows-based ATMs
Map