[Dshield] XP and security

Chris Newton newton at unb.ca
Wed Nov 28 15:03:21 GMT 2001


Not directed at David, just the list.

  I think everyone is missing the point about the 'easily accessed raw 
sockets'.  The people who can boot a floppy into linux and run the hacks are 
not the problem.   What people are trying to explain... is that millions of XP 
boxes with this ability, sitting on the desktops of complete non-technophiles, 
is a problem.  Up until now, its been unix boxes that had this ability 
(primarily), _usually_ sitting on the desks/racks of slightly more technically 
orientated users (ie: they just _might_ notice something weird going on, or 
acutally secure the box, or give a damn)... and we still have a big 
spoofing/DDoS problem (and there are DAMN few unix boxes compared to Windows 
boxes).

  _now_ we will have millions of boxes sitting in homes, schools, wherever, 
that will have this ability, controlled by users who dont care, dont know, and 
wont notice a problem if/when they get hacked.

  I've heard the explanations too... but...

1) Noc operators shouldnt be letting spoofed addresses through...it's their 
problem....  guess what, they still do, they always will...  CodeRed/Nimda 
should have taught people that no amount of preaching will reach those who 
dont care/dont listen to fix things they dont understand.

2) You could always do the raw socket-like thing on windows, by (re)writing a 
driver, and installing that...  Weeeeee... when was the last time you saw a 
trojan install network drivers?  This features makes it simple, and easy.  
Writing drivers is not easy.




>===== Original Message From "David Sentelle" <David.Sentelle at cnbcbank.com> 
=====
>Lotsa people seem concerned about XP's security and easily accessed raw 
sockets.  Would a raw socket-less WinXP keep a user from booting from a floppy 
disk into a linux partition and running their hacks?  Would requiring 'root' 
privledges for raw sockets actually insure that only responsible people had 
'root' access?
>
>Would raw sockets be that much of a problem if ISPs just checked the packets 
to make sure that the address sending the traffic was the same that was 
declared inside the packets?
>
>I'm much more concerned with the lack of accountability that software 
developers have, as well as the lack of definition as to where an OS should 
stop and applications should start.  Microsoft has been 'developing' the 
windows platform for a LONG time now, and I STILL see applications installing 
files to the OS's core directories.  If they're not going to tell consumers, 
shouldn't Microsoft at LEAST tell developers where the OS stops and their 
Application starts?  (Sorry for the tangent, but I've been working for 2 days 
trying to figure out how to allow users to 'cut' a block of text from 
MS-Word2k without crashing)
>




More information about the list mailing list