Re: Raw Sockets in WinXP

From: kath (kath@kathweb.net)
Date: 07/27/01 

Message-ID: <011301c11631$348933a0$0c00a8c0@optonline.net>
From: "kath" <kath@kathweb.net>
To: "Jim" <mlist@budget.co.nz>, <SECURITY-BASICS@SECURITYFOCUS.COM>
Subject: Re: Raw Sockets in WinXP 
Date: Thu, 26 Jul 2001 20:15:04 -0400

I think one of the problems is this:

How many newbies get a linux distro and start doing everything as root,
never using a normal account? I know I did, a long time ago. I was
obsessed with having the power and never needing to su up in a xterm for
something.

How many Windows XP users do you think will inadvertantly and sometimes
(like how I was at first with linux) purposefully use the Administrator
account all the time?

- k

----- Original Message -----
From: "Jim" <mlist@budget.co.nz>
To: <SECURITY-BASICS@SECURITYFOCUS.COM>
Sent: Thursday, July 26, 2001 6:56 PM
Subject: Re: Raw Sockets in WinXP

> > I'm curious.. Presuming XP is similar to NT in that normal user
accounts
> > are not the same as admin accounts, and it can be configured so that
only
> > admin accounts can do things like install drivers or otherwise modify
the
> > system, could Microsoft set things up so that only accounts specificly
> > granted the rights to do so could open raw sockets?
>
> This could definitely be done. Whether it would solve the problem people
> are complaining about, I don't know. Given the huge number of
> vulnerabilities in MS OS's, getting access to a priveledged account in
order
> to create the raw sockets would probably not be an issue, merely another
> step on the way. I'm assuming the ability to create raw sockets wouldn't
be
> restricted for an administrator, which would likely be the first account
to
> be cracked anyway.
>
>
> > This would allow apps that need raw sockets (which are generally few and
> > far between for regular users) the capability without giving every
trojan
> > the same ability.
>
> If the ability is there, people will find a way to use it and exploit it.
>
>
> > Surely the folks at microsoft have thought of this solution. Do they
> > simply not care? Have they said that they won't do this?
>
> I'm not sure that Microsoft don't CARE about security, but it's certainly
> not foremost in their mind when they design their products.
>
>
> -----------------------------------------------
> This message is confidential. If you are not the intended recipient you
must not read or do anything else with this message.
> If you have received this message in error please notify us immediately by
return email and destroy this email. Thank you.

Relevant Pages

  • Re: access to a socket (raw) is forbidden
    ... "service" account - an account explicitly for your application that has ... Sam Santiago ... >>> I have a DLL that pings a host via ICMP and raw sockets. ... >>> registry to stop the security checks on the RAW sockets. ...
    (microsoft.public.dotnet.distributed_apps)
  • Re: XP Security
    ... Not to mention XP SP1 also made some changes regarding raw sockets. ... >> Tightening Raw Sockets permissions ... This is more geared towards those who don't use the guest account. ...
    (comp.security.firewalls)
  • RE: Raw Sockets in WinXP
    ... Subject: Raw Sockets in WinXP ... It is a hobby and therefore does not get a lot of time for "security". ... updates the .dats and takes care of the *nix firewall/ids at home. ...
    (Security-Basics)
  • RE: Raw Sockets in WinXP
    ... Subject: Raw Sockets in WinXP ... mom, pop, and kiddie for their ignorance may not be the answer. ... updates the .dats and takes care of the *nix firewall/ids at home. ...
    (Security-Basics)
  • RE: Raw Sockets in WinXP
    ... Subject: Raw Sockets in WinXP ... Windows users tend to be at the low-end of the computing awareness ... packets at the victim's router doesn't do any good, ...
    (Security-Basics)