Microsoft has insisted that its inclusion of "raw sockets" in
Windows XP will not make it easier for hackers to conduct
distributed denial of service attacks.
The company was responding to criticism from Steve Gibson,
president of Gibson Research Group, who said that Windows XP will
make it easier for attackers to hide the real IP addresses of their
battery of PC launch pads. These addresses allow the systems
administrator to create filters to refuse packets coming from
unwanted sources.
Sockets are used to manage the creation and reading of these
packets, such as IP data, but raw sockets can be programmed to
handle unsupported protocols or specially configured packets.
This opens up the possibility of address spoofing, creating packets
with false senders' addresses, making it much more difficult to
shield the targeted system.
Microsoft said raw sockets are already implemented on Windows 2000
business systems but Gibson argued that Windows XP is also set to
replace home users' desktops, increasing the number of platforms
suitable as unwitting participants in a distributed denial of
service attack.
The key to such attacks lies in the planting of "zombie", or "bot",
programs on computers, duplicating the techniques virus writers use
to spread malicious code.
Gibson said home users will have less idea of how to prevent their
systems being used as zombie launch pads.
Microsoft insists that security will be tighter in Windows XP, a
move given cautious approval by Philip Huggins, managing security
architect for consultancy @Stake. "The inclusion of raw sockets
brings Windows in line with Unix operating systems where they offer
many positive benefits.
"It would be better if Microsoft took a different approach by
setting maximum security as the default install state. Without
that, over time Windows XP could lower the barrier," he said.
Eric Doyle
eric.doyle@rbi.co.uk