www.pbs.org/cringely/pulpit/pulpit20010802.html
AUGUST 2, 2001 The Death of TCP/IP Why the Age of Internet Innocence is Over By Robert X. Cringely As events of the last several weeks have shown, Microsoft Windows, e-mail and the Internet create the perfect breeding ground for virus attacks. They don't even have to exploit Windows flaws to be effective. Any Visual BASIC programmer with a good understanding of how Windows works can write a virus. All that is needed is a cleverly titled file attachment payload, and almost anyone can be induced to open it, spreading the contagion. It is too darned easy to create these programs that can do billions in damage. The only sure way to fix the problem is to re-stripe the playing field, to change the game to one with all new rules. Some might argue that such a rule change calls for the elimination of Microsoft software, but that simply isn't likely to happen. It's true that Linux and Apache are generally safer than Windows 2000 and IIS, but Microsoft products aren't going to go away. I promised you an answer to how to secure the Internet, and I mean to come through. First, we'll start with the way I would do it, then follow with a rumor I have heard about one way Microsoft might want to do it. If it were not for Microsoft's carefully worded user license agreement, which holds the company blameless for absolutely anything, they would probably have been awash in class action lawsuits by now. Of course, it is not as though Microsoft intended things to be this way. But you must understand that Microsoft limits its investments to things that will enhance a product's market share. While it is true that virus authors will target platforms that give them the most bang for their programming buck, the Windows platform has virtually no security to even slow them down. I believe the lack of security in Microsoft software was a deliberate business decision. Alas, things are only likely to get worse in the near term. So far, we've been lucky in that most virus authors have been impatient and want to see the immediate effects of their work. It is far more effective to be patient and let the virus spread quietly for months. If the virus does nothing, the defense against it will be slow and/or too late. If the virus does very little on one's PC (for awhile), it won't be discovered easily. I won't go into specifics for obvious reasons, but if you think about how virus detection software works, it isn't hard to trip it up. Even if 98 percent of the world's computers had current anti-virus software (which they don't), the remaining two percent would still be millions of devices capable of bringing down the entire Internet if infected. And now, we have the impending release of Windows XP, and its problem of raw TCP/IP socket exposure. As I detailed two weeks ago, XP is the first home version of Windows to allow complete access to TCP/IP sockets, which can be exploited by viruses to do all sorts of damage. Windows XP uses essentially the same TCP/IP software as Windows 2000, except that XP lacks 2000's higher-level security features. In order to be backward compatible with applications written for Windows 95, 98, and ME, Windows XP allows any application full access to raw sockets. What is wrong with telling application developers, "Your application can't have access to raw sockets," or, "When XP ships you need to have a non-raw socket version ready for your customers," or, "If your application needs to access raw sockets, these are the security rules and interfaces you will have to use"? The bottom line is that Microsoft's choice to provide access to raw sockets was based on the market share litmus test, period. Unless this feature is changed before XP is released, it will mean that millions of new computers will be manufactured as perfect little virus machines. Virus authors who are anticipating these new PCs will be able to pre-position their digital vermin to take advantage of the socket flaw as the new machines appear. The result is that, in all likelihood, there will be massive data security problems, as well as massive damage to files and property, all as a result of Windows XP. But as consumers, guess what--we won't even get a choice. Microsoft will require the PC makers to install XP in the factory. It will come on your PC, and you won't have the choice or option to pick something different. When Microsoft issues a new OS, it is forced into the market. We could implement a secure user identity system precisely like telephone Caller ID. People wouldn't be forced to participate, but if they remain anonymous, I might choose to block them. I know you hate this idea, but I think the Internet needs a fingerprint. It does not have to have personal information, but if you break the law it can be traced to you. You can choose not to have a fingerprint, but then your ability to communicate with others may be limited--a price many people may choose to pay. I am not opposed to people being anonymous--just to anonymous people receiving public assistance. Send all the anonymous love or hate mail you like, but don't expect to attach a file. The new model will not run attachments as they do today. E-mail attachments should not have access to the e-mail client, APIs, etc. Attachments should not have access to the operating system by default. The user should approve the use of some APIs, like having to give permission before device drivers are updated. Any application that wants to send bits onto the Internet must first be permitted to do so. Applications would be registered to send outgoing traffic. You would register your e-mail program as the only application that could talk SMTP, POP3, etc. If Microsoft Word wanted to send an e-mail, your e-mail program would pop up, ask you to authenticate yourself and explicitly send the message. At that point, you would be in complete control of what was happening on your PC. For mail-enabled applications, there would be an application user account registered on the post office. The account would be unique, and registered to a unique application. If kids want to install an Internet game, the game's IP port would be registered and permitted to operate, hopefully by the parent. If kids wanted to install an Internet chat program, too bad--it wouldn't work if Dad didn't want it to work. By default, under this scenario, your PC becomes a TCP/IP read-only device. By running applications like Gibson's Zone Alarm you can--right now--severely limit the use of TCP/IP by applications on your PC. So rather than ripping the protocol stack wide open, let's do the exact opposite. The only e-mail activity on my PC should be initiated by me, personally. Nothing else should access my address book or send out messages without my express permission. The story came to me from people I have come to trust, and I have looked into it closely enough to think it might have some validity. But for the sake of keeping lawyers off my back, let's just call it a rumor, and only use it as a basis for discussion. To be perfectly clear, I am not claiming that the following is true--just that I have heard it from more than one source,and think it accurately characterizes some past behaviors of Microsoft. Perhaps by bringing it into the light, we can insure that Redmond takes a more thoughtful course. Programmers who ought to be familiar with Microsoft's plans have suggested that the real motive for raw socket support is for Microsoft to use Windows XP to exploit a bad situation, to deliberately make things worse. According to these programmers, Microsoft wants to replace TCP/IP with a proprietary protocol--a protocol owned by Microsoft--that it will tout as being more secure. Actually, the new protocol would likely be TCP/IP with some of the reserved fields used as pointers to proprietary extensions, quite similar to Vines IP, if you remember that product from Banyan Systems. First, make the old one unworkable by placing millions of exploitable TCP/IP stacks out on the Net, ready-to-use by any teenage sociopath. When the Net slows or crashes, the blame would not be assigned to Microsoft. Then ship the new protocol with every new copy of Windows, and install it with eve...
|
http://csua.com/feed/