Windows XP:
The experience with Windows-based denial of service attacks
focused my attention on Microsoft's planned release of Windows XP
with its planned inclusion of "Full Raw Socket" support. Full raw
sockets are a powerful and dangerous Internet API that exists in
all Unix-based operating systems. But under Unix they are
deliberately protected by the rigorous requirement for "root"
privilege. (Similar to Microsoft's "Administrative" privilege.)
However Microsoft has done away with this distinction in the Home
Edition of Windows XP which threatens to populate the world with
a needlessly dangerous capability.
Microsoft and I have been arguing about this quite a lot
recently. Last Thursday, this culminated in an eight-way
telephone conference:
My page explaining the XP threat:
http://grc.com/dos/winxp.htm
About our phone conference:
http://grc.com/dos/xpconference.htm
-Steve Gibson
www.grc.com
