[Dshield] XP and security

security@admin.fulgan.com security at admin.fulgan.com
Wed Nov 28 14:59:44 GMT 2001


DS> Lotsa people seem concerned about XP's security and easily
DS> accessed raw sockets.  Would a raw socket-less WinXP keep a user
DS> from booting from a floppy disk into a linux partition and running
DS> their hacks?

That's a bit beside the point: the problem is people being hacked and
used without knowing it. But as a matter of fact, raw sockets aren't
as dangerous as some people would like to make us believe.

DS> Would requiring 'root' privledges for raw sockets
DS> actually insure that only responsible people had 'root' access?

The use of RAW sockets in XP requires admin privilege already. But
that won't stop the hackers if the user use the admin account to log
in.

DS> Would raw sockets be that much of a problem if ISPs just checked
DS> the packets to make sure that the address sending the traffic was
DS> the same that was declared inside the packets?

ISPs should have egress filtering on all first hop routers as well as
on all border routers. In fact, it's already widely implemented (witch
is one more reason why hackers don't use spoofed packets for DDOS).

DS> I'm much more concerned with the lack of accountability that
DS> software developers have, as well as the lack of definition as to
DS> where an OS should stop and applications should start.

That's a completely different matter and it has little to do with
security (although it's also an interesting subject)

DS> Microsoft 
DS> has been 'developing' the windows platform for a LONG time now,
DS> and I STILL see applications installing files to the OS's core
DS> directories.

Hum. As a developper and someone that wrote (painfully, I must say)
several installer, I can tell you there are reasons for that: some
files MUST be shared between applications (Like OOP COM servers shared
component packages), as such, they must be implemented in a place
where other applications will find them when they are installed. The
only real good place for that is the system32 folder.

But the place you install software is not important. What's important
is the right you need to do something specific (i.e. a standard XP
user can install applications but not services or device drivers).

DS> If they're not going to tell consumers, shouldn't  
DS> Microsoft at LEAST tell developers where the OS stops and their
DS> Application starts?

You're confusing location and purprose here. the "Operating system" is
a set of exposed functionalities. An "application" is a software
designed to run in a specific environement and solve one or many
specific problems. "OS" is, actually, a subset of "application" then.

What you are actually bitching about is how hard it is to keep track
of what file belongs to whom. And I have a sad news for you: in some
case, there is no answer to that question because the same file,
although not installed by the OS, is used by more than one application
from more than one vendor (ActiveX are a perfect example).


DS> --Hoping I've not exposed too much of my lack of knowledge

Not at all... And moreover: there is no such a thing as a dumb
question. There are dumb answers and dumb silences, but no dumb
questions




More information about the list mailing list