[Computering] The Death of TCP/IP
Jeff Szuhay
jeff at szuhay.org
Sat Aug 4 18:01:30 UTC 2001
Forgive me for posting this here, yet I came across this
article which is so plausible yet so monumentally horrifying
that it deserves consideration. You may also want to consider
Bob's several previous posts on MS and Security.
The internet _will_ have a
toll booth, and MS will be the onc collecting <shudder>.
article URL: <http://www.pbs.org/cringely/pulpit/pulpit20010802.html>
The Death of TCP/IP
Why the Age of Internet Innocence is Over
By Robert X. Cringely
"As events of the last several weeks have shown, Microsoft Windows,
e-mail and the Internet create the perfect breeding ground for virus
attacks. They don't even have to exploit Windows flaws to be effective.
Any Visual BASIC programmer with a good understanding of how Windows
works can write a virus. All that is needed is a cleverly titled file
attachment payload, and almost anyone can be induced to open it,
spreading
the contagion. It is too darned easy to create these programs that can do
billions in damage. ..."
some exercpts:
"The wonder of all these Internet security problems is that they are
continually labeled as "e-mail viruses" or "Internet worms," rather than
the more correct designation of "Windows viruses" or "Microsoft Outlook
viruses." It is to the credit of the Microsoft public relations team that
Redmond has somehow escaped blame, because nearly all the data security
problems of recent years have been Windows-specific, taking advantage of
the glaring security loopholes that exist in these Microsoft products.
If it were not for Microsoft's carefully worded user license agreement,
which holds the company blameless for absolutely anything, they would
probably have been awash in class action lawsuits by now."
and,
"And now, we have the impending release of Windows XP, and its problem of
raw TCP/IP socket exposure. As I detailed two weeks ago, XP is the first
home version of Windows to allow complete access to TCP/IP sockets, which
can be exploited by viruses to do all sorts of damage. Windows XP uses
essentially the same TCP/IP software as Windows 2000, except that XP
lacks 2000's higher-level security features. In order to be backward
compatible
with applications written for Windows 95, 98, and ME, Windows XP allows
any application full access to raw sockets.
"This is dangerous."
furthermore,
"According to these programmers, Microsoft wants to replace TCP/IP with
a proprietary protocol -- a protocol owned by Microsoft -- that it will
tout as being more secure. Actually, the new protocol would likely be
TCP/IP with some of the reserved fields used as pointers to proprietary
extensions, quite similar to Vines IP, if you remember that product from
Banyan Systems. I'll call it TCP/MS.
"How do you push for the acceptance of a new protocol? First, make the
old one unworkable by placing millions of exploitable TCP/IP stacks out
on the Net, ready-to-use by any teenage sociopath. When the Net slows
or crashes, the blame would not be assigned to Microsoft. Then ship the
new protocol with every new copy of Windows, and install it with every
Windows Update over the Internet. Zero to 100 million copies could happen
in less than a year, and that year could be prior to the new protocol
even
being announced. It could be shipping right now.
"Suppose you are a typical firm that also has some non-Microsoft servers.
You will want to use this new protocol between your Microsoft and non-
Microsoft servers. Microsoft could charge Sun millions to put TCP/MS on
their systems. Microsoft can promise open support, but make it
financially
impractical. Then use it in a marketing attack against competitors.
Zero-Footprint network drivers, ODBC, and MAPI are examples of Microsoft
"open" standards that took years for non-Microsoft firms to use. Almost
anyone who would have wanted to use these open standards has been driven
out of business. "
and finally, (here's the horror)
"MS/TCP will ostensibly be a solution to the problems businesses are
having
with the Internet. It will assign priorities to packets. It will insure
that
all connections and packets can be traced, authenticated, and monitored.
And since all these connections to the Internet have to be authenticated
to someone, it will likely be hooked into a credit card or some sort of
account, from which Microsoft can extract its price as the gatekeeper for
the authentication via Hailstorm, Passport and .NET.
"But how will this stop the "I just e-mailed you a virus" problem? How
does
this stop my personal information being sucked out of my PC via cookies?
It won't. Solving those particular problems is not the protocol's real
purpose, which is to increase Microsoft's market share. It is a marketing
concept that will be sold as the solution to a problem. It won't really
work."
--
**************************************************
Jeff Szuhay A randomly-directed
www.szuhay.org chaotical wetware pattern
jeff at szuhay.org recognizer/generator.
"The idea that Bill Gates has appeared like
a knight in shining armour to lead all customers
out of a mire of technological chaos neatly
ignores the fact that it was he who, by peddling
second-rate technology, led them into it in the
first place."
-Douglas Adams, on Windows '95
More information about the Squeak-dev
mailing list
|