Feeds

Windows XP will make Internet unstable – top security expert

Disturbing but true

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

According to top security expert Steve Gibson, Windows XP threatens to make the Internet unstable as it will allow large numbers of people to launch uncontrollable denial-of-service attacks to whichever IP address they see fit.

Mr Gibson came across the flaw while doing an in-depth investigation into DoS attacks on his own site, grc.com. "In a fluke of laziness (or good judgement?) that has saved the Internet from untold levels of disaster," he wrote, "Microsoft's engineers never fully implemented the complete 'Unix Sockets' specification in any of the previous versions of Windows. (Windows 2000 has it.) As a consequence, Windows machines (compared to Unix machines) are blessedly limited in their ability to generate deliberately invalid Internet packets."

These invalid Internet packets are what malicious Internet users fire at sites from a range of computers. So many are aimed at a particular site that all the bandwidth is used up and so the site disappears from view for all other Internet users as they get no information to or from the site's server.

All Windows OSes until Windows 2000 and now Windows XP would not allow someone to "spoof" the source of such Internet packets. This means that a sysadmin can see where they are coming from and then block all data from that PC - freeing up bandwidth and letting others see the site. Spoof packets don't allow you to do that.

Why, if Windows 2000 and all machines running on Unix can already spoof packets, do we need worry about Windows XP allowing the same thing? Simple: Windows XP is a consumer OS and so will be taken up by a huge number of technically illiterate consumers. These are precisely the people that hackers will target due to their limited understanding of security issues. They will allow Trojans, Zombie and other types of malicious program on their PCs, they will remain unaware of them and they won't be able to remove it, even if they do discover them.

This means that the opportunity for hackers to control and direct others' computers as they wish will grow at an enormous rate as more and more people upgrade to Windows XP.

Steve Gibson writes in his piece: "When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before."

He calls on everyone to contact Microsoft senior execs and explain the potential problem, with the aim of removing this ability, possibly in the first service pack it knocks out. He's serious. ®

Related Story

Everything you wanted to know about DDoS attacks

Related Link

Steve Gibsons' DoS piece

Secure remote control for conventional and virtual desktops

More from The Register

next story
Microsoft WINDOWS 10: Seven ATE Nine. Or Eight did really
Windows NEIN skipped, tech preview due out on Wednesday
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.