I believe that Microsoft and I have been locked
in a misunderstanding. But it is one that is too
important to ignore . . . and not too late to fix!
Due to a misunderstanding right from the start, Microsoft and I have been talking about different issues relating to raw sockets: I have been saying that raw sockets are not necessary and are dangerous, while Microsoft has been saying that they are necessary and are no more dangerous than alternatives.
Each of us, from our perspective, has been
correct, but we have been talking about
different aspects of raw sockets.
I have been talking about USER access to raw sockets being dangerous and unnecessary, while Microsoft has been talking about SYSTEM access to raw sockets being necessary, and no more dangerous than other networking technologies available in the system.
What's so odd about this . . . is that we agree with each other!
Please take a look at this page containing excerpts from Microsoft's own current web pages explaining how all access to raw sockets is deliberately restricted to administrative users.
It is clear that raw sockets are not necessary for typical personal computer users, and that Microsoft themselves never intended common users to have them. This is in keeping with traditional industry-wide support for the Berkeley raw socket interface.
Ask yourself this: If the raw socket interface, originated at U.C. Berkeley 20 years ago, were not a security risk for users, for systems, and for the Internet, then WHY has this interface always been restricted from casual use everywhere it has ever appeared?
I have NO PROBLEM with RESTRICTED access to the raw socket interface, and no problem with the SYSTEM having access to the interface. That is traditionally what has always been done on Unix, Linux, and similar systems and, as we have seen on Microsoft's own pages, in Windows.
But HERE is what has suddenly changed:
Under the Home Edition of Windows XP,
ALL users are Administrators by default.
Microsoft's reasons for doing this are clear, reasonable, and understandable: Many Windows 9x/ME legacy applications would fail to operate within an environment that suddenly imposes security restrictions. Microsoft's solution to this for Windows XP has been to run all users in the system as administrators.
I have only one (now famous) concern about Microsoft's decision to default all users to full administrative privilege:
As a result, the deliberately restricted raw socket
interface has become available to ALL system users.
As we know from Microsoft's own documentation, the Berkeley raw socket interface was NEVER intended to be unprotected and globally available for abuse in this fashion. This is why it has always required "root" or administrative-level access. But an unfortunate side effect of Microsoft's need to elevate everyone to administrative privilege is that raw sockets have become globally available.
Since NO USERS — administrative or otherwise —
have ANY practical need for raw sockets, ALL I ASK
is that Microsoft restrict raw socket access to the
SYSTEM, so that traditional safeguards against
raw socket abuse will be retained.
Consumer versions of Windows have never had full raw socket access. So not one of the hundreds of malicious Trojans or Zombie/Bots floating around the Internet employs the more potent raw socket attacks. But, if future versions of Windows freely permit raw socket access, a new era of Internet exploitation will begin.
Am I tilting at windmills? No.
Am I running around in circles crying that the sky is falling? No.
I am demonstrating that a powerful and unnecessary application-level Internetworking programming interface, which is frequently abused on Unix, Linux, and other systems to launch potent Internet attacks, need not be, should not be, and MUST not be, exposed on tens of millions of future Windows systems that are targeted at the common home computer user.
This is such a simple argument,
and such a simple issue to repair.
If you find yourself in agreement, consider making your voice heard:
in a misunderstanding. But it is one that is too
important to ignore . . . and not too late to fix!
Due to a misunderstanding right from the start, Microsoft and I have been talking about different issues relating to raw sockets: I have been saying that raw sockets are not necessary and are dangerous, while Microsoft has been saying that they are necessary and are no more dangerous than alternatives.
Each of us, from our perspective, has been
correct, but we have been talking about
different aspects of raw sockets.
I have been talking about USER access to raw sockets being dangerous and unnecessary, while Microsoft has been talking about SYSTEM access to raw sockets being necessary, and no more dangerous than other networking technologies available in the system.
What's so odd about this . . . is that we agree with each other!
Please take a look at this page containing excerpts from Microsoft's own current web pages explaining how all access to raw sockets is deliberately restricted to administrative users.
It is clear that raw sockets are not necessary for typical personal computer users, and that Microsoft themselves never intended common users to have them. This is in keeping with traditional industry-wide support for the Berkeley raw socket interface.
Ask yourself this: If the raw socket interface, originated at U.C. Berkeley 20 years ago, were not a security risk for users, for systems, and for the Internet, then WHY has this interface always been restricted from casual use everywhere it has ever appeared?
I have NO PROBLEM with RESTRICTED access to the raw socket interface, and no problem with the SYSTEM having access to the interface. That is traditionally what has always been done on Unix, Linux, and similar systems and, as we have seen on Microsoft's own pages, in Windows.
But HERE is what has suddenly changed:
Under the Home Edition of Windows XP,
ALL users are Administrators by default.
Microsoft's reasons for doing this are clear, reasonable, and understandable: Many Windows 9x/ME legacy applications would fail to operate within an environment that suddenly imposes security restrictions. Microsoft's solution to this for Windows XP has been to run all users in the system as administrators.
I have only one (now famous) concern about Microsoft's decision to default all users to full administrative privilege:
As a result, the deliberately restricted raw socket
interface has become available to ALL system users.
As we know from Microsoft's own documentation, the Berkeley raw socket interface was NEVER intended to be unprotected and globally available for abuse in this fashion. This is why it has always required "root" or administrative-level access. But an unfortunate side effect of Microsoft's need to elevate everyone to administrative privilege is that raw sockets have become globally available.
Since NO USERS — administrative or otherwise —
have ANY practical need for raw sockets, ALL I ASK
is that Microsoft restrict raw socket access to the
SYSTEM, so that traditional safeguards against
raw socket abuse will be retained.
Consumer versions of Windows have never had full raw socket access. So not one of the hundreds of malicious Trojans or Zombie/Bots floating around the Internet employs the more potent raw socket attacks. But, if future versions of Windows freely permit raw socket access, a new era of Internet exploitation will begin.
Am I tilting at windmills? No.
Am I running around in circles crying that the sky is falling? No.
I am demonstrating that a powerful and unnecessary application-level Internetworking programming interface, which is frequently abused on Unix, Linux, and other systems to launch potent Internet attacks, need not be, should not be, and MUST not be, exposed on tens of millions of future Windows systems that are targeted at the common home computer user.
This is such a simple argument,
and such a simple issue to repair.
If you find yourself in agreement, consider making your voice heard:
