Microsoft Removes Raw Sockets from XP "To fully implement TCP/IP in Windows XP would make denial of service attacks a walk in the park", Microsoft said. Several years after the release of Windows XP, my predictions for the consequences of making raw sockets available in a mass market consumer operating system (see all the pages below) came to pass. In fact, the famous "MS Blast" Internet worm used XP's raw sockets to attack Microsoft themselves! Microsoft first began blocking XP's raw socket features with the release of their second XP Service Pack (SP2). Then an April 2005 security patch finished the job by completely killing off raw sockets. This final move caused a great deal of frantic running around and arm waving from fringe factions of the PC industry who still adamantly refuse to "get it". If these folks still don't "get it" they're never going to. But I am very pleased that Microsoft finally did, and does. See ZDNet Story: Microsoft tries to quell TCP/IP 'danger' Microsoft absolutely hates "taking back" operating system features, and thus breaking compatibility with applications that were using them. So this could NOT have been an easy or casual thing for them to do. I am sure it was only done after a great deal of thought and careful consideration. And it means that raw sockets in XP really WERE causing the huge amounts of trouble I knew they would. For the sake of history, the pages below are being left intact, exactly as they were first written years ago during the summer before XP's first winter release, when I was trying (rather desperately at times :) to prevent the original raw socket mistake. Before they changed their mind: Before Microsoft changed their mind, they posted a page about how wrong I was on their web site. Here is that page, exactly as it was, as both a PDF and GIF image: Microsoft: Raw Sockets is not the real problem. (45k PDF file) Microsoft: Raw Sockets is not the real problem. (104k GIF image)

Although my principal focus and interest continues to be personal security and privacy for individual users of the Internet (as opposed to corporations), the denial of service attacks we sustained in May of 2001 created the opportunity for some interesting investigation and research into another aspect of the deliberate abuse of Internet technology. These pages document that investigation.

The Distributed Denial of Service (DDoS) attacks also highlighted the serious threat posed by Microsoft's ill-advised decision to include full raw socket support in the Home Edition of their Windows XP operating system platform.

Latest News  August 14th, 2001 — Raw Socket Utilities SocketToMe & SocketLock  July 19th, 2001 — Microsoft Laughs Off Windows XP Security  June 28th, 2001 — I participated in an eight-way telephone conference with Microsoft executives and developers responsible for the forthcoming Windows XP. While the result of the hour-long discussion was disappointing, I learned something important. See the page "Microsoft Does Not Understand Security" below for the details.

Our Denial of Service Investigations:

	The Strange Tale of the DoS Attacks against GRC.COM This is the story of our investigation into the world of 13-year-old hackers with their obedient fleets of remote control IRC Zombie/Bots.
	Description of the June 20th Attack On June 20th, 2001, we were hit with a ICMP flood attack launched by 195 machines. Most of the attacking machines were servers running Microsoft's perennially insecure IIS web server, which this attack exploited.
	A Brief Summary of My Windows XP Concerns The next page, containing the complete explanation of the Windows XP problem, is highly detailed with tutorial explanations and interlocking arguments. This brief summary page quickly explains the problem for those who just want to understand the situation without all of the detailed background and supporting evidence. If you are satisfied with this page you can skip the long page and then read about my conference with Microsoft.
	Why Windows XP will be the DoS Exploitation Tool of Choice for Internet Hackers Everywhere I believe that Microsoft's decision to include "Full Raw Sockets" in the home version of Windows XP represents a tremendous threat to the global Internet. Consider the arguments presented on this page and see whether you agree.
	Microsoft Does Not Understand Security Microsoft invited me to discuss my XP concerns. What they did was rehash the same old arguments. But by listening to their responses to my arguments, I discovered that Microsoft does not understand Security.
	Microsoft Considers Windows XP Security to be a Laughing Matter The Register's Thomas Greene interviewed Microsoft's Security Program Manager Scott Culp during the 2001 Blackhat and DEFCON conferences. According to The Register, Scott spent most of the time laughing about these issues. As you will see from my analysis, he also introduced a lot of spin.

The Internet owes much of its astounding reliability to the guiding principle of Distributed Responsibility. As packets of Internet data move across the globe, the responsibility for each packet's delivery is distributed at every point along its path. Local failures are tolerated by a system designed to distribute this responsibility.

But just as the responsibility for the delivery of data is distributed throughout every layer of the Internet, so the responsibility for the prevention of deliberate abuse of this system is distributed throughout every layer.

Suggestions have been made that I am wrong to focus upon the conduct of individual users and their Internet-connected machines — especially the future risks associated with Windows XP. Detractors argue that, rather, it is the internet's communication providers, our ISP's, who bear the responsibility for carrying malicious traffic that could be easily detected and blocked. While I do not disagree that ISP's also have responsibility (as I have always clearly stated at the end of my original Denial of Service page), an understanding of security and the distributed nature of the Internet demonstrates that everyone shares in a distributed responsibility for the Internet's health and proper operation:

	The users of machines are responsible for preventing the hosting of malicious Zombie attack Bots on their Internet-connected computers;
	Operating system providers are responsible for preventing the facilitation of the creation and use of potent malicious Internet software; and,
	ISP's are responsible for preventing the transportation of obviously-fraudulent and easily blocked Internet traffic.

Because the responsibility for a safe and secure Internet is just as distributed as the Internet's technology, we must work together to bring about the required changes.

This must change before the Internet can become a sufficiently safe and secure network upon which we can collectively build a solid future.