Home > Articles > Security > Network Security

  • Print
  • + Share This
From the author of

The Threats

In short, there are several reasons why including Raw Sockets in Windows XP is thought to be a bad idea. This section takes a look at these concerns, and what they really mean for you. These are the summarized points made at http://www.grc.com:

  • Raw Sockets have never been included by default with an operating system before Windows XP.

    This isn't true. Windows 2000 includes Raw Socket support. In addition (and GRC finally recognized this), every version of Windows supported Raw Sockets with the use of a third-party program or driver. This basically means that even if Windows XP didn't include Raw Socket support, a hacker could simply incorporate this feature into a DoS program and install it into an "owned" computer. Therefore, this point is null and void.

  • All other operating systems that support Raw Sockets do so only under administrator or root level access. Windows XP Home Edition is run with everyone setup as an administrator.

    This is true! The Web site is 100% correct on this point, and I am glad it is. Basically, Microsoft is providing a piece of software that gives each and every user the full potential of what its software is capable of. In other words, is it right to restrict and control access to users of the Internet just because some people may abuse it? NO! Not even if you live in some location under governmental oppression. Now, there are some situations in which more control is necessary, and it is rightly justified. For example, the workplace has the right to control every aspect of its computing environment because the company that owns the computer is responsible for what is done on it. However, if this is needed, Windows provides other versions of XP that include the capability to lock out Raw Sockets and other less-desirable features of the operating system.

  • "For the first time ever, applications running under the Home Edition of Windows XP—whether deliberately executed or running as hidden 'Trojan' programs—will be easily able, without modifying the operating system in any way, to generate the most damaging forms of Internet attacks."

    I copied this as it exists verbatim on the GRC Web site simply because it illustrates the type of hype and propaganda that got this whole Raw Sockets debate going. This statement is an exaggerated and wordy way of saying a simple fact. It basically says that Windows XP Home Edition will allow a program to generate spoofed packets. Of course, so will Windows .NET, Windows 2000, Linux, AIX, SCO, Unix, Mac OS-X, and almost any other operating system out there. I wonder why this isn't mentioned.

  • Windows-based, Internet attacks are common; and with the release of Raw Sockets, the attacks will be even more threatening.

    At the time of the XP warning, this statement was unprovable, so it could not be verified either way. However, we are now six months after the public release of Windows XP (and more than a year since the release of Windows XP beta 1), and there has not been a single whisper of an attack taking advantage of Windows XP Raw Sockets' capability. There is no time limit for when this more threatening attack will take place, so once again no one can dispute this statement. Is this more smartly crafted propaganda?

  • No previous versions of Windows had Raw Socket support, and they worked fine. Therefore, the addition of this feature is unjustified.

    This is a very interesting point, and it is one of my favorites. One of the most restricting aspects of Windows was its limited power with regards to networking. Almost every other operating system supported the use of Raw Sockets. In fact, Microsoft added this feature as "...a response to customer demand for Winsock standard compliance." Again, isn't the point of a free market to please the customer? Do we need to be regulated and controlled based on every possible threat that exists? If that is the case, you may as well pull the plug on the Internet right now!

  • Windows XP security supports legacy software that requires a limited set of restrictions. As a result, this operating system "...will be used to attack and damage any chosen Internet user or site."

    Again, this is a bold and prophetic statement. It also is a clever way of rewording an unprovable statement. One could say that any operating system will be used to attack and damage a user or site, and be technically correct. The fact that Windows XP includes Raw Socket support has no relevance to this statement. With or without Raw Socket support, Windows XP will be used to attack and damage users and Web sites.

  • + Share This
  • 🔖 Save To Your Account