[Computering] The Death of TCP/IP

Jeff Szuhay jeff at szuhay.org
Sat Aug 4 18:01:30 UTC 2001 

Forgive me for posting this here, yet I came across this
article which is so plausible yet so monumentally horrifying
that it deserves consideration. You may also want to consider
Bob's several previous posts on MS and Security.

The internet _will_ have a
toll booth, and MS will be the onc collecting <shudder>.

 article URL: <http://www.pbs.org/cringely/pulpit/pulpit20010802.html>

The Death of TCP/IP
Why the Age of Internet Innocence is Over
By Robert X. Cringely

"As events of the last several weeks have shown, Microsoft Windows, 
e-mail and the Internet create the perfect breeding ground for virus 
attacks. They don't even have to exploit Windows flaws to be effective. 
Any Visual BASIC programmer with a good understanding of how Windows 
works can write a virus. All that is needed is a cleverly titled file 
attachment payload, and almost anyone can be induced to open it, 
spreading 
the contagion. It is too darned easy to create these programs that can do
billions in damage. ..."

some exercpts:

"The wonder of all these Internet security problems is that they are 
continually labeled as "e-mail viruses" or "Internet worms," rather than 
the more correct designation of "Windows viruses" or "Microsoft Outlook 
viruses." It is to the credit of the Microsoft public relations team that 
Redmond has somehow escaped blame, because nearly all the data security 
problems of recent years have been Windows-specific, taking advantage of 
the glaring security loopholes that exist in these Microsoft products. 
If it were not for Microsoft's carefully worded user license agreement, 
which holds the company blameless for absolutely anything, they would 
probably have been awash in class action lawsuits by now."

and,

"And now, we have the impending release of Windows XP, and its problem of 
raw TCP/IP socket exposure. As I detailed two weeks ago, XP is the first 
home version of Windows to allow complete access to TCP/IP sockets, which 
can be exploited by viruses to do all sorts of damage. Windows XP uses 
essentially the same TCP/IP software as Windows 2000, except that XP 
lacks 2000's higher-level security features. In order to be backward 
compatible 
with applications written for Windows 95, 98, and ME, Windows XP allows 
any application full access to raw sockets.

"This is dangerous."

furthermore,

"According to these programmers, Microsoft wants to replace TCP/IP with 
a proprietary protocol -- a protocol owned by Microsoft -- that it will 
tout as being more secure. Actually, the new protocol would likely be 
TCP/IP with some of the reserved fields used as pointers to proprietary 
extensions, quite similar to Vines IP, if you remember that product from 
Banyan Systems. I'll call it TCP/MS.

"How do you push for the acceptance of a new protocol? First, make the 
old one unworkable by placing millions of exploitable TCP/IP stacks out 
on the Net, ready-to-use by any teenage sociopath. When the Net slows 
or crashes, the blame would not be assigned to Microsoft. Then ship the 
new protocol with every new copy of Windows, and install it with every 
Windows Update over the Internet. Zero to 100 million copies could happen 
in less than a year, and that year could be prior to the new protocol 
even 
being announced. It could be shipping right now.

"Suppose you are a typical firm that also has some non-Microsoft servers. 
You will want to use this new protocol between your Microsoft and non-
Microsoft servers. Microsoft could charge Sun millions to put TCP/MS on 
their systems. Microsoft can promise open support, but make it 
financially 
impractical. Then use it in a marketing attack against competitors. 
Zero-Footprint network drivers, ODBC, and MAPI are examples of Microsoft 
"open" standards that took years for non-Microsoft firms to use. Almost 
anyone who would have wanted to use these open standards has been driven 
out of business. "

and finally, (here's the horror)

"MS/TCP will ostensibly be a solution to the problems businesses are 
having 
with the Internet. It will assign priorities to packets. It will insure 
that 
all connections and packets can be traced, authenticated, and monitored. 
And since all these connections to the Internet have to be authenticated 
to someone, it will likely be hooked into a credit card or some sort of 
account, from which Microsoft can extract its price as the gatekeeper for 
the authentication via Hailstorm, Passport and .NET.

"But how will this stop the "I just e-mailed you a virus" problem? How 
does 
this stop my personal information being sucked out of my PC via cookies? 
It won't. Solving those particular problems is not the protocol's real 
purpose, which is to increase Microsoft's market share. It is a marketing 
concept that will be sold as the solution to a problem. It won't really 
work."




--
   **************************************************
   Jeff Szuhay              A randomly-directed 
   www.szuhay.org           chaotical wetware pattern 
   jeff at szuhay.org          recognizer/generator.	


   "The idea that Bill Gates has appeared like 
   a knight in shining armour to lead all customers 
   out of a mire of technological chaos neatly 
   ignores the fact that it was he who, by peddling
   second-rate technology, led them into it in the 
   first place."
			                 -Douglas Adams, on Windows '95

More information about the Squeak-dev mailing list