From jan@starbase1.de Wed Jul 04 11:43:31 2001
Newsgroups: alt.2600
Subject: Go Home Steve Gibson
From: "Jan Raddatz" <jan@starbase1.de>
Date: Wed, 4 Jul 2001 20:43:31 +0200
Hallo,
I've read several articles about Steve Gibson's war against Microsoft and
their RAW - Sockets support for Windows XP. His arguments against Raw Socket
support under Windows XP makes me thinking that Steve can't be too familiar
with Network programming techniques and the Winsock API.
Here's an EXCERPT out of his article:
==========================
"The experience with Windows-based denial of service attacks focused my
attention on Microsoft's planned release of Windows XP with its planned
inclusion of 'Full Raw Socket' support. Full raw sockets are a powerful and
dangerous Internet API that exists in all Unix-based operating systems. But
under Unix they are deliberately protected by the rigorous requirement for
"root" privilege. (Similar to Microsoft's "Administrative" privilege.)
However Microsoft has done away with this distinction in the Home Edition of
Windows XP which threatens to populate the world with a needlessly dangerous
capability."
Steve says that fully Raw Socket support is powerful and dangerous. Well it
might be used to create new DOS programs etc. But at first you need to know
HOW to write a program and HOW to use the Winsock API. I guess here's the
first border. Simple Script kiddies which create the most attacks in the
net fail at this point. They won't be able to write C++ programs which use
the Winsock API.
For real programmers this Raw Socket support is an advantage. Okay there'll
still be some people writing stupid programs but it was possible before too.
You could download a special driver which offers a Raw Sockets interface for
programmers. Under LINUX you can write programms with RAW socket support
long time before. And "HALLO STEVE WAKE UP" every serious hacker who's
testing his program or every script kiddie testing a new downloaded program
out of the net WILL have ROOT access at his LINUX box or Admin access at his
Win32box. So the sentence: "But under Unix they are deliberately protected
by the rigorous requirement for "root" privilege." is crap.
Steve makes a mistake when he says Raw socket support is restricted to ROOT
users only and though Raw socket attacks won't run under UNIX or LINUX. I
have root access on all of my Computers at home LINUX, UNIX, WINDOWS so I AM
able to run programms using Raw Sockets.
Well what I want to say is :)
- Microsoft, please implement the Raw sockets support
- Steve, stop whining. LINUX offered Raw socket support long time before
windows did
Sincerely
Jan
Credits
-- UnKnown --
|