Windows XP, Microsoft Corp.’s forthcoming operating system, has the potential to escalate Denial of Service (DoS) attacks to a level never before seen, according to a computer security researcher.
Windows XP, set to be released on Oct. 25, is more open to being used in DoS attacks than previous versions of Windows because Microsoft has fully implemented a networking technology called Unix Sockets, according to Steve Gibson, founder and owner of Gibson Research Corp., a computer security product maker.
Unix Sockets, long a standard part of Unix operating systems, has only recently been fully included in Windows, starting with Windows 2000 and now in XP, Gibson wrote, in a piece on his Web site about DoS attacks that had been launched against his company by a 13-year-old.
DoS attacks can disable a Web server or other type of computer by bombarding it with a high volume of fake requests for information, causing the target computer to crash or become so overloaded that it grinds to a halt.
The implementation of Unix Sockets is troubling, Gibson wrote, because they are frequently used in two aspects of DoS attacks: falsifying IP (Internet protocol) addresses — a technique called spoofing which makes the source of an attack harder to pinpoint, and allowing computers to flood other computers with certain types of traffic, in this case, the kind of TCP (transmission control protocol) packets that can bring down Web servers.
Using Unix Sockets in a consumer operating system like Windows XP is particularly dangerous because the combination of users who are not security experts, an insecure operating system and broadband Internet connections will likely lead to “an escalation of Internet terrorism the likes of which has never been seen before,” Gibson wrote.
Windows XP systems will be targets for hackers to take over and use in DoS and Distributed DoS attacks (attacks in which multiple computers worldwide are taken over and used in an attack) because they will be both powerful and easy to break into, Gibson wrote. Computers can be taken over, or primed for use in such attacks, without their owners even knowing. Worms, such as those spread through e-mail, like the Lion worm, can contain hidden code that will allow a hacker access to the system when they want to launch a DoS attack.
When married with high-speed Internet connections, Windows XP systems could be used to launch a DoS attack beside which “the historical problems with Internet attacks promise to pale in comparison,” Gibson wrote.
DoS attacks have plagued the Web for years, though they came to prominence early last year when a series of such attacks were launched against major commercial sites, including Yahoo.com, Amazon.com and eBay.com. A recent study by researchers at the University of California San Diego found that more than 4,000 DoS attacks are launched each week against companies and individuals.
Microsoft, however, called Gibson’s charges “drastically overblown,” in the words of Steve Lipner, manager of the company’s security response center. Windows has always had some of the functionality Gibson is talking about, Lipner said. Additionally, DoS attack effectiveness is not as much a function of operating systems as the programs used to launch them, he said. Programs running on any operating system can be written to perform such attacks, he added.
Though Windows XP can be used to launch DoS attacks, and can spoof IPs as Gibson charged, adding security features to the operating system was a better idea than removing features, Lipner said. Spoofing IPs can have legitimate purposes, such as for firewall testing and some other network operations
Included in the operating system are such new security features as a personal firewall; a security application that can help stop intruders and DoS attacks that is configured automatically when a PC is hooked up to the Internet; user-definable policies to keep certain kinds of code from running on the machine, and modifications to the Outlook e-mail client to try to prevent e-mail worms from spreading, Lipner said.
Gibson and Microsoft have conducted a dialog over e-mail about these issues and essentially agreed to disagree, Lipner said.
Gibson arrived at his position after his site was attacked, prompting him to focus on what Windows didn’t do, as opposed to what it did do, according to Lipner. “He’s more focused on the mechanism than the effect,” he said.
Chris Le Tocq, principal analyst with Palo Alto, California-based Guernsey Research, said it’s difficult to gauge the accuracy of Gibson’s claims. However, to the extent that Gibson raised awareness of security issues and techniques for consumer operating systems, Gibson has done a good thing, Le Tocq said.
Though Le Tocq agrees with Gibson that the danger posed by automated attack programs and always-on broadband connections is serious, Windows XP’s personal firewall – which functions more like an intrusion detection system than a true firewall, a distinction Gibson has helped highlight – will likely block 80 per cent of attacks, he said.
In the end, Le Tocq said, Gibson’s statements should help raise awareness of security issues for consumers. Now, end users just have to make sure their computers are as secure as possible.
Gibson Research Corp. in Laguna Hills, Calif., can be reached at http://www.grc.com. Microsoft, in Redmond, Wash., can be reached at http://www.microsoft.com/.
(Gibson was a columnist for InfoWorld in the late 1980s and early 1990s. InfoWorld is owned by the same parent company as the IDG News Service, International Data Group Inc.).
