On Thursday, June 28th, 2001, I was invited to attend a multi-way telephone conference with seven of Microsoft's top Windows XP executives and developers.

I was not told beforehand about the conference's goal, but since only one person would have been required to tell me that Microsoft had changed its mind about XP's inclusion of full raw socket support, I presumed that their top guys had been assembled with the purpose of convincing me that I was wrong. As the meeting got underway it was soon clear that this was the case.

Even though it was what I had been expecting, I was disheartened and disappointed; one always hopes. So I had scant expectation of learning anything during the hour we spent talking  . . . But I did:

I know this statement comes as no revelation to seasoned security professionals who have watched Microsoft stumble over security time and time again. It's certainly something I've heard said often enough. But to be confronted by seven very smart guys, who quite literally hold the future of the Internet in their hands, and to listen to them rationalize the decision they have already made by explaining why less security in Windows XP does not really matter was nevertheless unnerving.

These smart Microsoft techies did not argue about the power for malicious exploitation of full raw sockets in Windows XP, they know it well enough.

While we were arguing this, one of the Windows XP technical guys said that "removing full raw sockets would only be a public relations win" since malicious hackers could easily enough achieve the same thing by modifying the operating system through the installation of readily available third-party device drivers. When I countered that Windows XP was hardened against the installation of "unsigned" drivers, the developer discounted that by saying that anyone could get a "certificate" with which to sign a malicious driver. Microsoft's top operating system developers continually miss the point that there's a world of difference between what could be done and what actually is done.

Later that day, after this head-spinning exercise, I wrote the following to the Vice President in charge of Microsoft's corporate security who had arranged the conference:

[...] In thinking back over the meeting today, I see that while I was speaking with a bunch of very smart people who understand a lot about technology, they have no training or appreciation for the realities of security — and the two are very different. The fact that the technology of a fence or a lock is imperfect, does not obviate that measure's security utility. But this was exactly the defense I heard today for not bothering to improve XP's security. Can any locked car be stolen? Of course. So are locks on cars therefore pointless? Of course not. Why increase the difficulty of exploiting XP's Internet connectivity in one way, when there are other ways to exploit it? Because fences work  . . . and full raw sockets are too easy to use. I have heard it said many times that Microsoft does not understand security. Now I've come face to face — and voice to voice — with a vivid demonstration of exactly that principle in play. There is a reason why Microsoft is acquiring the reputation it is: It is deliberately earning it every day with security-naive decisions like these. This is a bad decision, and a big mistake. [...]

But, my protestations are falling on deaf ears at Microsoft. And thanks to many other loud and equally security-ignorant voices which are attempting to confuse the industry on this topic, Microsoft shows no intention of responding to this now very visible threat.

So be it. Microsoft's developers appear to be so wrapped up in technology that they fail to understand one of the first principles of effective everyday security:

Making malicious abuse of the Internet more difficult to accomplish — by removing full raw socket support from Windows XP — would be a worthwhile and effective deterrent and a useful security measure. There's just no doubt about it. Ask anyone who understands the realities of security.

One last thing . . .

Later in the note above, I added this . . .

Having spoken with the techies who are in charge, I am sure that none of this was the result of deliberate decision. They just failed to consider it. That is, after all, exactly the way most security mistakes occur.

I appreciate Microsoft's decision to set up the telephone conference with me.

If their goal was to explain why my position is wrong, I am sure they know they failed at that.

Sadly, I have also failed to convince them that they are making a huge mistake with this aspect of the design of the Home Edition of Windows XP.