Microsoft States Full TCP/IP Too Dangerous 575
daria42 writes "To fully implement the TCP/IP protocol in Windows XP would make creating denial of service attacks 'entirely too trivial', Microsoft has claimed. The company was responding to claims by Nmap author and well-known security expert Fyodor that by repeatedly disabling the ability to send TCP/IP packets via the 'raw sockets' avenue, Microsoft was asking the security community to 'pick their poison': either cripple their operating system or leave it open to hackers. Admitting that a recent security patch had intentionally disabled a community-developed workaround to Microsoft's TCP/IP changes - which were first implemented in Windows XP Service Pack 2 - the company claimed it had received little negative feedback on the issue."
They picked C (Score:5, Funny)
In Redmond, this is what they call a win win.
Core Routers (Score:4, Funny)
Scary thing is, from what I've been reading Oracle will go along with this. And they can tell the future!!
Maybe Microsoft wants to (Score:2, Funny)
My TCP/IP (Score:5, Funny)
Maybe Microsoft is right. Protocols are dangerous.
Wouldn't it be safer if we all just had a My TCP/IP folder?
Another note from Bill Gates (Score:4, Funny)
I Can't Believe It... (Score:5, Funny)
As an aside, I think I'm going to take the rest of the day off, agreeing with Microsoft is mentally jarring. It has to make you question existence just a little and also make you a touch ill.
Re:My TCP/IP (Score:5, Funny)
Microsoft's Real Plans (Score:4, Funny)
But of course, being Microsoft, you're probably right. They'll make their own implementation of the evil bit, patent it, and charge royalties to others who want to support their new "EDDP" protocol (Evil Data Detection Protocol).
Not to mention that IIS, Exchange, IE, and Outlook will grow to require use of EDDP during transfers of data, locking Mozilla, Apple, Linux, and others from accessing much of the internet.
Finally, John C. Dvorak [dvorak.org] will boldly claim that EDDP is the wave of the future, and Apple, Linux, and Mozilla are clearly inferior for not supporting what is clearly a web standard, because if Microsoft says it is, it MUST be.
Hammer, meet nail. (Score:4, Funny)
You nailed it.
Microsoft is clearly trying to shift the blame from their dain-bramaged design to TCP/IP. How many other operating systems are there that do (more or less) fully implement TCP/IP, including raw sockets? It's almost universal.
Oh well. I guess Microsoft knows the neighborhood is safer with a crippled lunatic than healthy one.
Translation (Score:3, Funny)
Not that this will solve anything, no raw sockets? I don't need no raw sockets, I have 48 billion bogus dns lookups!
Re:They picked C (Score:3, Funny)
Re:Core Routers (Score:3, Funny)
OMGWTFBBQ you noob! You forgot Al Gore's node.
Re:Something is wrong, alright (Score:3, Funny)
Windows was never a bathtub - it was a sewer.
Re:A wise decision (Score:5, Funny)
So you run internet explorer to add a printer. And I thought adding a printer to OS/2 was unintuitive...
Re:Steve "Ahab" Gibson (Score:3, Funny)
"M$ agree[s] with him now" = egg
Re:Baby, meet bathwater. (Score:1, Funny)
Help us Billy Gates, you are our only hope!
If the virus gets into the kernel... (Score:3, Funny)
Yeh, that's why the majority of people doing this use an widely available rootkit or equivalent to do it for them.
and that if malware did make it into the kernel of a Windows machine, the user would have more serious concerns than just SYN attacks launched from their machines.
"If malware can execute code on a Windows machine, the user has more serious concerns than just SYN attacks launched from their machines. That's why Windows doesn't bother trying to close local exploits."
Re:Erm, cough, cough, excuse me... (Score:1, Funny)
You haven't browsed the Gentoo forums, have you?
Windows is much more secure (Score:3, Funny)
so, put an ACL on it? (Score:3, Funny)
I mean, on other occasions you hear them blather about Windows' totally stellar, fine-grained security architecture, and now they want to prevent Joe Average user from accidentally using raw sockets by, uh, removing the feature altogether?