Microsoft States Full TCP/IP Too Dangerous

daria42 writes "To fully implement the TCP/IP protocol in Windows XP would make creating denial of service attacks 'entirely too trivial', Microsoft has claimed. The company was responding to claims by Nmap author and well-known security expert Fyodor that by repeatedly disabling the ability to send TCP/IP packets via the 'raw sockets' avenue, Microsoft was asking the security community to 'pick their poison': either cripple their operating system or leave it open to hackers. Admitting that a recent security patch had intentionally disabled a community-developed workaround to Microsoft's TCP/IP changes - which were first implemented in Windows XP Service Pack 2 - the company claimed it had received little negative feedback on the issue."

A wise decision

[jawtheshark]

Of course nobody needs raw sockets, and after all no other operating system supports them. I mean, it's not as if OpenBSD, Mac OS X, FreeBSD, NetBSD, the various Linux flavours support it. It would be too dangerous.

No, Microsoft... none of those support raw sockets. Oh, wait... they all do. The problem is not raw sockets, the problem are the holes in the OS in the first place. If your OS doesn't run services that can be hacked, or if the applications don't allow to execute untrusted code there is no problem. Avoiding raw sockets is treating the symptoms, not the cause.

Privileges anyone?

[bigberk]

I can't believe this issue of Windows security is so difficult to understand. You read all these articles about viruses and trojans but people keep failing to mention the obvious - you must never casually run Windows with Administrator privileges.

It's because so many people are used to doing this by default, and so many third party apps demand Admin privileges, that Windows security is a nightmare.

There's more to the Windows security picture of course (insecure services as well) but you can prevent so many problems just by avoiding that Admin account. It's quite normal to have raw sockets via root/Administrator privileges. The problem is that all windows users (and any software they download) are Admins.

Re:raw sockets+MS?!

[Rui Lopes]

IDS? PF? Basically, anything that's not application-level...

I agree...

[ebrandsberg]

If you can't have a secure OS, the OS should be less vulnerable to being abused. So in effect, use Linux or other OS's if you need to use raw sockets.

Re:So now

[Anonymous Coward]

Microsoft decides what I may do on my computer or not?

This statement applies to any operating system -- you can only do things within the OS's limitations.

Remember when the 2.6.8 kernel suddenly broke CD/DVD burning in several prominent distros, because they implemented certain security features? That was fun...

Re:Ha!

[Pakaran2]

It isn't "almost crippled."

Ordinary users on Unix are subject to even worse limitations (which is, in fact, why ping among other utilities runs setuid root).

Has anyone found that this makes Unix unusable for them? For that matter, outside of DDoS, connection hijacking, and abusing smtp servers to cover your tracks when spamming, is there ever any need for an application programmer to falsify a source address? Doing so means you won't get a reply from whatever you're trying to do.

All that said, I imagine if MS actually put some effort into fixing the security issues with their flagship product in the first place, so it didn't get hacked (hint: disable activex by default, along with integrated vb scripting in outlook), then there'd be no hacked machines to be used in attacks.

Re:News Flash: Butter is good on toast!

[rsmith-mac]

Let's give MS some credit here, I think even they've come to realize that Gibson was right and raw sockets for users was a mistake. The fact of the matter is that they fixed the issue by taking away raw sockets, and now they have to defend that position.

Re:A wise decision

[aaamr]

I realize you were being sarcastic, but consider: from TFA:

• In addition, the software giant said only a small number of programs were affected by the change: "The only applications that care deeply about the ability to send over raw sockets are enterprise security applications that use 'fingerprinting' techniques to characterise a host on the network based on its response to carefully crafted packets." Consequently, the company has restricted access to raw sockets in desktop versions of its software, but not on servers.

Since the majority of windows users are not well-versed in good security practices and just want to get online, this is actually a Good Thing, since these folks really don't need access to the described functionality. Those people that do will typically run a non-crippled OS, or one of the Windows server varieties.

Easy to see why

[Anonymous Coward]

Thousands of people gripe about Windows having this "awful security hole" thanks to misinformation on GRC, and are generally so uptight about information they find on there that they'll cripple their internet connections, wreck the data on their harddrives, and so on...all in the name of being secure! (his entry on http://attrition.org/errata/charlatan.html [attrition.org] links to http://www.grcsucks.com/ [grcsucks.com] which describes some of the mania people will go through at Gibson's prompting)

So what happens if MS doesn't pander to them? They constantly get bad press from people who constantly spout off about "security" that they gleaned from the Gibber's site. What happens if MS does pander to them? A few people are upset, but most of the bad press on this issue goes away.

So what should they have done? Wait it out, and take the high road? They've tried that. Educate the users? We've tried that. What else?

batton-down the... industry standard protocols?

[dionysian.mind]

But why properly implement anything when you can just cripple it instead?

Seriously, this is the all-too-common fatal flaw that I have seen in *almost* every tech organization I have ever worked for, or with. It is always easier to throw crap together with no reguard for how it actually works. If it limps along, that is enough for some people (maybe because they were all raised on Windows?).

At this point, if M$ had any respect for itself or the tech industry they would liquidate their company and give all their capital to a more helpful and pertinent organization... dare I say, the OSDL?

... but then again, where would be the mafia-capitalism joy that can only come from making a 4th rate product and then strong-arming tech markets into using it...

Re:Ulterior motives

[harrkev]

Microsoft can't win no matter WHAT they do.

Steve Gibson (author of Spinrite, among other things), has been on a crusade for years to get raw sockets taken out. See his web page [grc.com]. And I tend to trust this guy. He makes Windows programs in assembly! That is the geek equivalent of crushing a beer can on your head! That may make you question his sanity, but certainly not his technical knowledge.

Implemnt raw sockets, get blasted by one security "expert." Take them out, and get blasted by another.

For what it's worth, I think that raw sockets in user-mode are a bad idea. The average user does NOT need raw sockets.

Re:Baby, meet bathwater.

[badriram]

Now that was the dumbest answer i have ever seen. No justification whatsoever for your cliam of XP not designed right.

Microsoft is doing somehting that i do belive is better for 99% of the drones out there that do not need raw TCPIP. However i do think they should make available as a download or on CD a TCP/IP pack that does support raw sockets.

Re:So when...

[RailGunner]

I don't think the TCP window size has anything to do with the size of packets that can be sent and received. It just determines when the packets are broken up for transmission... right?

You are correct. The default window size, btw, is 32K, if memory serves me correctly. Grandparent is a troll.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:So now

[JPrice]

Umm, while I'm not siding with Microsoft on the issue, I also think that yours is a ridiculous statement.

Microsoft is not deciding what you can do on your computer. They are deciding what you can do with a product they sell. It's a free market - if their product doesn't do what you want, buy (or download for free in many cases) a product that does.

Consider the Source

[k96822]

Okay, the company with a baffling amount of security holes [microsoft.com] is giving advice on computer security. That is about as absurd as, say, the company with worst software quality giving us advice on how to develop quality software [microsoft.com].

To quote Ted Kennedy, "Hello? Hello?!!"
Some days, life is just a little too weird to take.

Re:Ulterior motives

[grasshoppa]

Gibson is a nit. His site is propiganda, written to manipulate and distort.

He writes win32 programs in Assembly. So what? All that proves is he has tons of time on his hands. The real test is writing reusable, easy to understand code, portable if possible.

Re:Privileges anyone?

[yagu]

..., you must never casually run Windows with Administrator privileges.

It's because so many people are used to doing this by default, and so many third party apps demand Admin privileges, that Windows security is a nightmare. ...,

I find the problem to be the insidious architecture of XP specifically the lack of clear demarcation between a priveleged user and an admin. I consult in both unix and Windows worlds for a living, so I'm on a Windows box a lot! (way more than I like) And I pretty much always have myself configured as an admin type user... not because I have to all the time (I do lots of work not needing that level of access) but more because of the unpredictability of what isn't going to work in some strange way when I'm using XP as an un-priveleged user. It sucks, but I've found it to be the most expedient way, and I'm always nervous about it. I DO configure others as non-priveleged, but it's amazing how often I get called to help with some problem caused by their lack of access (even though the problem SHOULDN'T exist).

On the other hand, I NEVER (as in don't remember the last time I logged in as) log in as root on unix machines, and don't even put myself in a root or bin group. I do use sudo when I need it both for the protection of not inadvertantly mucking something up and for the nice logging artifacts (makes it easy to go back and find out where *I* mucked something up if *I* did). And, I don't give my users any exceptional access rights... AND, I (comparatively speaking) virtually never get support or help calls from those users. Everything pretty much works the way it's supposed to in a unix world -- the unix community is pretty savvy about what the various directory structures are for, what levels of access they provide, and how to work within that paradigm.

My experience leads me to conclude MS is a long way from really solving the admin/general user problems -- it's SO entrenched in their philosophy (remember, Windows really started out and was developed for PC's -- remember what the "P" stands for? -- it should be no surprise there aren't any bright lines drawn between super and regular users.)

Re:Baby, meet bathwater.

[iainl]

Presumably, the reason for not doing so is that if you can run something reasonably tiny to get access to raw-mode anyway, then that is the first thing any worm is going to do.

The real message is that if you need these proper TCP/IP features, use a proper OS.

Re:Baby, meet bathwater.

[fudgefactor7]

Actually, TCP/IP is broken. It was never intended to be secure, rather just a means of communication. The creators of the stack never envisioned people doing what they are with it. It needs a complete reworking--thus the need for IPv6 with all the security hoo-ha's in play. MS was in a quandry: force the patch out and fix the issue, and thereby hamstring some machines; or don't fix it and have an explosion of zombies and compromised machines--for which there would be no end to the complaints (on Slashdot or anywhere else, for that matter.) What's your pick: a more secure Internet experience for everyone or not?

IPv4 is broken, like it or not. Our only hope is to fix it.

Re:Ulterior motives

[Andrewkov]

Except everyony does their daily work signed on as administrator (by everone I mean the majority of average users). Maybe a desktop OS for the masses *should* be crippled in some ways, to protect people from themselves. And people who need a full featured OS can use something else (a seperate version of Windows, or whatever).

Re:So when...

[Temporal]

Why are you relying on such things? A TCP conection is a continuous stream of bytes, not a bunch of separate packets. There has never been any guarantee that send()s and recv()s would match up 1:1, even if they are less that 8k. If you are relying on this behavior, you need to fix your design.

Re:Hammer, meet nail.

[Anonymous Coward]

Raw sockets is an API that allows applications to create and send arbitrary network packets.

TCP and IP are network protocols.

Support for the raw sockets API and the TCP/IP network protocols are two different, unconnected things. The fact that both use a socket-based API to interface to applications is irrelevant. Removing support for raw sockets in no way impacts TCP/IP support.

You are as ignorant as the GP.

Re:Baby, meet bathwater.

[aug24]

Or perhaps if you are going to write apps that require such low level network access, you should be using a packet driver (or whatever the mechanism is in windows) to do that.

Which, if you are right, is what the DDoS malware will now start to do.

Justin.

Re:Baby, meet bathwater.

[kfg]

No justification whatsoever for your cliam of XP not designed right.

While this is correct, providing such justification would be like providing justification for a claim that Pintos weren't designed right and had a tendency to blow up.

There might be some who have missed that, but it's still common knowledge that doesn't bear repeating every damned time the issue comes up. I suppose we could all attach standard disclaimer files to all of our posts, but they would take up two or three library of congresses to only cover the most common of the bases.

Follow one of the links provided in subsequent posts to Steve "Foaming at the Mouth" Gibson's site to get a rundown on the issues. Note that Steve will cheer this move by MS because flaws in the OS design make it necessary.

The core issue being that XP Home Edition runs apps in administrator mode, giving all apps, like a trojan, full access to raw sockets. Most home users that use Pro are still silly enough to run in admin mode as well. But hey, at least it's hardened against trojans, eh?

Easy to infect with malicious code, malicious code runs with full privileges. That's bad design.

. . .i do think they should make available as a download or on CD a TCP/IP pack that does support raw sockets.

A patch to restore what a patch took out. That alone should clue you in that something braindead is going on.

Please note that only "desktop" versions of XP are affected, so all you have to do is buy a server product from MS.

Or install BSD for free.

KFG

Re:Ulterior motives

[Anonymous Coward]

Steve Gibson is a blabbering idiot. If you have any technical knowledge you realise that at least half of his articles doesn't even make sense.

And yes, I also write windows programs in assembly. I even earn money from it. It's not any harder than C or any other language.

Re:Steve "Ahab" Gibson

[TripMaster Monkey]

Funny...if Steve's views were so discredited, why does M$ agree with him now?

Re:Privileges anyone?

[gaspyy]

The default users get Administrator priviledges because many popular programs simply refuse to work correcty with limited rights. Over the top of my head, Winamp 5 and Trillian 3.1 are guilty of this. Sure, you can workaround by giving write access to everyone for those folders, but it's crazy.

Re:Baby, meet bathwater.

[gowen]

"Supporting packet sends from simple user-mode raw sockets makes it entirely too trivial for compromised systems under control of hackers"

You see, there are two ways to address this problem.
i) Stop using raw sockets.
ii) Make systems much harder to compromise.

The real problem here is the massive abundance of comprimised systems

Re:Baby, meet bathwater.

[telecsan]

Oh, that's good. Claim it does nothing, then disprove yourself by admiting it does make it at least a little harder.

No, this does not fix the problem by itself. Anyone who expects Microsoft to release a singular hotfix that solves all of their problems, I want to know what medications you are taking, and where I can get some!

Re:Baby, meet bathwater.

[PurpleXanathar]

Wether this is a good or bad choice, it shouldn't bother you if you are writing internet applications, since only a few apps really need raw socket access.

Re:Going back on their word

[Smallpond]

Cringely never gets more than about 50% correct in his articles. In this case he calls it "raw tcp/ip sockets". Wrong. Raw sockets access IP, so you can forge tcp packets in a DOS attack. Every OS allows access to TCP/IP. How else would your browser work?

He then proposes a secure ID system. Gee. Maybe if every connection to the network had a unique 32-bit number that could be traced somehow? Maybe there could be a world-wide database connecting names and administrative information to these numbers? If only that were possible. Thanks, Bob.

Correct URL

[SSpade]

For the truth about Mr Gibson, look here [grcsucks.com]

Re:A wise decision

[10101001 10101001]

It's different primarily because there's more than su. Most user-friendly distros, along with KDE itself, have been moving towards a system somewhat like OS X; ie, when necessary you're prompted for the root password. There's even a nice "Konqueror File Manager (Admin)" on the desktop for some distros. Add to that things like sudo and ksu, and it's a lot more than simply su.

Having said all that, su is still better than RunAs. Why? Because Linux distros that demand you use su don't hide from you the configuration program. It's not a question of running "rundll32 ..." at some point. And while getting root X programs to securely run on the desktop is not trivial, there's a lot of command-line programs that never touch X and for which su is perfectly capable of doing its job. With Windows, which is so GUI centric, not having a GUI interface to RunAs is blatantly obviously bad. Just like if there was only a GUI interface to su in *nix.

Re:Ha!

[CreatureComfort]

Recap, almost all Win users run as Admin. Mostly because that is the default, everything they use works, and some things that shouldn't require admin privledges do.

Microsoft's solution then is to cripple Admin so that "bad things" can't be done in that mode.

This will inevitably lead to Admin on Win being reduced to an equivalent of user mode in *nix. Eventually we will see a new Super Admin that can be entered to do the things that MS takes away from Admin. As long as we can keep developers from writing programs requiring super admin privleges, Win might actually eventually get to where it should have started out at.

Re:Erm, cough, cough, excuse me...

[dills]

Thus proving that running a Unix operating system doesn't indicate level of clue.

Wow.

You do realize that raw sockets have nothing to do with "worms of viruses" as you put it, right? It has to do with mitigating the effects of what can be done to a compromised windows box.

Raw sockets don't decrease security; they increase the amount of damage that can be done if somebody has taken control of your computer.

I don't run a virus scanner on any of my windows boxes, never have, and I've never gotten a virus. So, your assertion that you would get a virus if you didn't have a firewall makes me realize you have absolutely no idea what you're talking about.

Yes, Unix is more secure. But for the most part, that's because idiot users don't use it.

Re:Ulterior motives

[LWATCDR]

How about turning off raw sockets as default but letting the admen open the up if the machine needs them.
You can make any system insecure if you are dumb enough. Put a Linux box on the net running every servers known to man, no firewall, and the root password set to root. It will be owned in a second.
The trick is to make the defaults safe. So put in an option.
Of course the problem is that most windows users run as admin so IF a malware program is run it will have the ability to change it :( Crap I hate windows.

Re:A wise decision

[snorklewacker]

Runas is not the pile of shit, the installer is. Most of those broken installers will fail if you rename the Administrator account. Is microsoft to blame for stupid installers that can't use the *excruciatingly* well-documented APIs for this sort of thing? Go complain at the folks who wrote the installer.

I can write a unix installer that requires root but will fail if your uid 0 isn't named root, or you merely used su instead of "su -". I've even *seen* installers that do idiotic things like if [ `whoami` != root ] ...

Re:News Flash: Butter is good on toast!

[Le_Batleur]

Seconded.

Gibson came in from a lot of flak from hecklers who didn't understand his concerns, both here and on his own website. The attacks were quite vitriolic and energetic, surprisingly so.

The concept can be used for good or evil, depending on their application. So do you remove them, or keep them? Most will use them (accidentally, by trojans) for evil, so they should at least have to be enabled by some extra process, like the filter or monitor drivers for Windows have to be added manually. Deliberate misuse of them can only be effectively blocked by the next layer up - the router on that connection, controlled by the ISP, filtering out such harm.

Ironically, I use Nmap in my work and would like to continue to use raw sockets in conjunction with this and other Penetration-Testing software.

His "Nanoprobe" (Bad Trekkie-style name for very cool technology) custom TCP/IP stack can manipulate, interrogate, and interpret conventional datagrams to quite astonishing levels - well worth learning more.

Re:For a bunch of you who dismiss MS as crap

[Lukey Boy]

You asked: If MS sucks and you don't use 'em for anything, why do so many of us invest so much time following them, complaining about them, and posting stories about them?

Microsoft has a monopoloy in a lot of different areas, so regardless of whether or not a Slashdot reader personally uses their software it still permeates everyday computer life - like it or not. If someone does have strong feelings against the software giant then they would be guilty of complacency for not following it's actions.

I don't care particularily about the guy complaining about his ex-girlfriend, but when companies such as Best Buy screw consumers I'd rather hear about it than not.

Re:Ulterior motives

[pg110404]

If they locked down raw sockets and made it available only to administrators or root users, that would solve it.

The only problem to that argument is that a good number of people who bother to create separate accounts apart from administrator don't bother to (at least in the xp pro version I use) unclick the checkbox that by default gives them administrator privileges.

If microsoft did do this AND changed their security policy so additional users by DEFAULT DON'T have administrator rights, it would certainly go a lot farther.

Re:Baby, meet bathwater.

[shird]

Actually, yes it does. By not spoofing the source of the attacks, you are able to filter the traffic and track where it is coming from. DDoS style attacks will still be possible initially, but these machines will be singled out soon enough as they can no longer hide.

Re:News Flash: Butter is good on toast!

[Deathlizard]

Restricting them is a start in the right direction, but the way Microsoft did it is screwed up.

What they should have done is make raw socket restrictions mandatory on Windows XP home and below (Media Center, Reduced Media and Starter edition) and allowed Windows XP professional and above to at least be able to run with full raw sockets if you turn on a setting in TCP/IP settings.

They have this new Security center thing running all the time warning you about your antivirus and firewall changes. It would have been trivial to make it scream at you all day if it found unrestricted raw sockets was turned on in XP Pro, and have an option to turn off the warning if you really turned the Raw Sockets on just like you can with the antivirus and firewall settings.

The only good thing here is that they at least left it on in their server line. If they shut it off there they would have a real mess.

Re:Ulterior motives

[misleb]

Except everyony does their daily work signed on as administrator (by everone I mean the majority of average users).

THIS is the problem that needs to be solved. Otherwise you are treating the symptoms and not the disease.

Maybe a desktop OS for the masses *should* be crippled in some ways, to protect people from themselves

Or maybe users shouldn't be given admin access by default. That way you can restrict the user without crippling the operating system. OS X does this. Users are by default are put in the admin group, but they still have to enter their password (su) to perform any administrative functions such as installing an application.

And people who need a full featured OS can use something else (a seperate version of Windows, or whatever).

Totally unacceptable.

-matthew

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Ulterior motives

[Reality Master 101]

The kind that recognizes that everyone has limitations, and once you have made an honest effort to reach as high as you can, continued striving above your limitations benefits no one.

Everyone has limitations, but it's not for the teacher to judge who has them and who doesn't, because he can't. That fucker should be fired, if not put in jail. I wonder how many kids he screwed up with his smack down comments.

I also wonder how many kids would have done well with a more positive teacher, but now think they have "limitations" due to this teacher.

Gah, that's maddening.

Re:News Flash: Butter is good on toast!

[cortana]

Any malware that wanted raw sockets turned on would then be able to turn it on itself.

Re:Baby, meet bathwater.

[throughthewire]

...DDoS remote sites take advantage of the limitations of IPv4 (mostly the ease of forging your source IP address) to hide the true sources of the attack.

Which could be all but eliminated if ISPs would implement access lists in their routers to drop packets with source addresses other than those assigned to the downstream networks.

Problem solved without relying on OS vendors or end users to implement anything at all.

Re:The Metro of netoworking protocols

[Anonymous Coward]

Remember,
They are barred from the industry standard VM by Sun's lawsuit.
Adobe own's PDF, not the industry.

I used to like slashdot, but, not everything Microsoft does is inherently evil just because it's Microsoft.

I am not willing to say Microsoft is evil, SUN should have sole control of VMs. Nor do I think we should just blindly allow Adobe to go unchecked in the PDF arena.

As for abandoning the TCP/IP standard, they are not, they are just choosing to only implement a portion of it. This is a security move to keep applications from doing IP Spoofing on XP machines.

Yes, I know there are other reasons to support Raw_Sockets, but, the majority of windows users don't need it. They should make available a full version of the stack for those that need it. It should be a nigthmare to install so the next virus doesn't just plop it down.

If you don't like Microsoft's TCP/IP stack, write your own. I remember in the old 3.1 days, you could use one by the name of TrumpetTCP.

Stop the blatant MS bashing.

Re:A wise decision

[JoeZeppy]

Bullshit. Open up Printers and Faxes and shift-Right click anywhere in the window, other than on a printer. Choose Run As.. and it will ask if you want Add Printer or Server Properties.

a GUI (!) login screen will open, log in using admin credentials and do what you need to.

We aren't allowed to be logged on as admin at work, so I have shortcuts on my desktop for all the admin rights tools I need, for example:

%windir%\System32\runas.exe /profile /env /user:domain\ID regedit - for Regedit

%windir%\System32\runas.exe /profile /env /user:domain\ID "C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe" - for Sytem info, local or remote boxes.

%windir%\System32\runas.exe /profile /env /user:domain\id "mmc %windir%\system32\dsa.msc" - for AD users and computers

Click the icon, a DOS box opens and asks for your password, and away you go. I do %90 of my desktop support work from my desk, without ever logging out of my non-admin account. And if any unix weenies complain that the syntax is too hard, you must be kidding, given some of the things I've had to learn in Unix command line. If you complain that they aren't already prefab and built in, why do I keep hearing that Unix is so wonderful because you can pipe and redirect various tools from the command line, and build little custom utilities in Perl, and so on?

Maybe next time you should ask a system admin, instead of a developer, if you want to know how Windows works.

Re:Ulterior motives

[blahtree]

As a teacher of mine once said to perpetual underachievers in class: Perhaps you might consider a career in food service instead?

Some people are too arrogant for words. People learn differently and are motivated by different things. That teacher has clearly not studied learning in any meaningful way.

Re:Ulterior motives

[Gabrill]

Maybe a desktop OS for the masses *should* be crippled in some ways, to protect people from themselves. And people who need a full featured OS can use something else (a seperate version of Windows, or whatever).

That won't fly in homespace. It won't even walk. It'll work in the workplace and nowhere else.

Home users ARE their own admins, and they need to be able to install software, develop programs, and do other "insecure activities" as a matter of course.

The best you can do for a home operating system is to demand a password for EVERY new piece of software, including Java and Flash apps.

Expect to see automatic password programs soon after.

Re:If the virus gets into the kernel...

[quantum bit]

It also pointed out that "writing and installing kernel-mode code is vastly more complicated" than using an existing raw socket feature,

Yeh, that's why the majority of people doing this use an widely available rootkit or equivalent to do it for them.

Exactly. All it takes is one person to do it. Once the cat is out of the bag, malware authors can just all copy that one.

It might not even be a black hat that does it. It wouldn't surprise me if the open source pcap driver for windows could be used to send arbitrary packets.

Re:Ulterior motives

[Skjellifetti]

This, too, is the fault of Microsoft. If you design the O/S such that it's difficult or impossible to run apps as a normal user, this is the result.

I refuse to believe that it is difficult or impossible to write an app for MS OSs that does not require the app to be run as admin. This is more often than not the fault of application programmers who are too damn lazy to write user specific data to the user's home directory instead of to either the system or the app's installation directory thus requiring the user to be admin or have write perms on the system directories.

A lot of what MS has written is buggy and full of security holes, but too many applications have carried over bad practices from the days when Win 3.1 was a single user system.

Lack of negative feedback != no problems

[MilenCent]

the company claimed it had received little negative feedback on the issue.

In other news, a noted chemical manufacturer was found to have been dumping toxic waste products into a nearby water supply for years. In their defense, company spokesmen claims they had received little negative on the issue.

Local police have been caught on camera beating up suspected felons. When cornered on the issue, they responded by saying that there had been little negative feedback on the issue -- at least, from anyone who mattered.

In a press conference today, Bush defended his administration's handling of the war on terrorism by saying that they had little negative feedback on the issue. (Possibly because they had suppressed their own report on the issue; outside sources indicate that terrorist activity around the world is four times worse than in the previous year.)

There, three possible responses to the negative feedback defense. Pick your favorite, I need a drink after this.