Feeds

Windows XP will make Internet unstable – top security expert

Disturbing but true

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

According to top security expert Steve Gibson, Windows XP threatens to make the Internet unstable as it will allow large numbers of people to launch uncontrollable denial-of-service attacks to whichever IP address they see fit.

Mr Gibson came across the flaw while doing an in-depth investigation into DoS attacks on his own site, grc.com. "In a fluke of laziness (or good judgement?) that has saved the Internet from untold levels of disaster," he wrote, "Microsoft's engineers never fully implemented the complete 'Unix Sockets' specification in any of the previous versions of Windows. (Windows 2000 has it.) As a consequence, Windows machines (compared to Unix machines) are blessedly limited in their ability to generate deliberately invalid Internet packets."

These invalid Internet packets are what malicious Internet users fire at sites from a range of computers. So many are aimed at a particular site that all the bandwidth is used up and so the site disappears from view for all other Internet users as they get no information to or from the site's server.

All Windows OSes until Windows 2000 and now Windows XP would not allow someone to "spoof" the source of such Internet packets. This means that a sysadmin can see where they are coming from and then block all data from that PC - freeing up bandwidth and letting others see the site. Spoof packets don't allow you to do that.

Why, if Windows 2000 and all machines running on Unix can already spoof packets, do we need worry about Windows XP allowing the same thing? Simple: Windows XP is a consumer OS and so will be taken up by a huge number of technically illiterate consumers. These are precisely the people that hackers will target due to their limited understanding of security issues. They will allow Trojans, Zombie and other types of malicious program on their PCs, they will remain unaware of them and they won't be able to remove it, even if they do discover them.

This means that the opportunity for hackers to control and direct others' computers as they wish will grow at an enormous rate as more and more people upgrade to Windows XP.

Steve Gibson writes in his piece: "When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before."

He calls on everyone to contact Microsoft senior execs and explain the potential problem, with the aim of removing this ability, possibly in the first service pack it knocks out. He's serious. ®

Related Story

Everything you wanted to know about DDoS attacks

Related Link

Steve Gibsons' DoS piece

Beginner's guide to SSL certificates

More from The Register

next story
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
First in line to order a Nexus 6? AT&T has a BRICK for you
Black Screen of Death plagues early Google-mobe batch
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.