RE: Raw Sockets in WinXP (maybe OffTopic?)

From: CJ Oakwood (cj_oakwood@yahoo.com)
Date: 07/28/01 

From: "CJ Oakwood" <cj_oakwood@yahoo.com>
To: "'The Psychotic Viper'" <psyv@root.org.za>
Subject: RE: Raw Sockets in WinXP (maybe OffTopic?)
Date: Fri, 27 Jul 2001 15:32:41 -0700
Message-ID: <000b01c116ec$0c7cc140$0540a8c0@oakwood.com>

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This may be getting way off topic...
But Windows XP Home Edition is (in my option) a hacked version of the
OS.
Home Edition is basically viewed towards those mom's and pop's that
just want a computer to check E-Mail and Surf the web. The Kernel is
the same, it's just limited on what you can do.
Like I said there is an Administrator Account that you can use to
major changes to the OS, but logically, when you setup a computer,
your not going to be doing major changes to your Hardware.

We are going to have to compare Home Edition to Windows 9x (even
though they are totally two different OS')
Since 9x is gone, MS is going to have to make a user friendly
computer for the average user. One that when you install/turn on, it
will be easy to navigate. By giving users basic functionality, such
as installing and running application, the average user will feel
satisfied. An average user is not going to ever use the
Administrator account. Basically, you are the administrator of your
own account, but not the computer. You choose what personal folders
you do or do not want viewed by other users, without messing up other
accounts.

When is a user going to be upgrading there Compaq or Dell box? Most
of the time, a user will hire somebody.
I'm not sure how users would upload Hardware Driver information, but
if it is XP Certified, then good old Plug & Play kicks in.

CJ
- -----Original Message-----
From: The Psychotic Viper [mailto:psyv@root.org.za]
Sent: Friday, July 27, 2001 14:32
To: CJ Oakwood
Cc: eMenendez@worldnet.att.net; SECURITY-BASICS@securityfocus.com
Subject: RE: Raw Sockets in WinXP (maybe OffTopic?)

Hi,
this may be off topic but just curious if it DOES work that way:/,
anyhow

On Fri, 27 Jul 2001, CJ Oakwood wrote:
> This is incorrect...
> Microsoft WindowsXP Home Edition, has 2 types of accounts
> Administrator and Limited User.
>
> Every user on the Home Edition will be a limited user, not Admins.
> The only time you can access the Admin account, you must boot into
> safe mode. You can never log in as Admin unless you are in Safe
> Mode (that may have changed...)

that would either make winXP insecure to a point or just a pain to
use, if you can only log into the system as administrator in safe
mode that could mean either you would need to boot into safe mode to
make any changes to hardware or software or worst yet all local users
have the same privs to the system and can do as they please and
affect changes system wide. It seems illogical to have only two
profiles that work that way (though you could add custom ones I
hope). I havent used XP as of yet for various reasons, and Im hoping
its changed coz its a scarey scenario if it hasnt, but could be
proven wrong if theres anyone out there with more expertise in that.

>
> The creation of Raw Sockets comes from the call to function
> setsockopt()
> Any program can call this function.
>
> As everybody knows, this functionality already exists in Windows
> 2000. So when you say "any Trojan on a typical home XP box can
> spoof
> packets" it should say,
> "Any Trojan on a typical Windows 2000 or greater can spoof
> packets."
>
And well yes thats also scarey and wouldnt matter what your privs to
the stack are and has no bearing on the past question , like i said
maybe off
topic:) but curious to know regardless.

PsyV

 

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
Comment: Go to http://4.60.71.222/public/ for public key

iQA/AwUBO2HsCa+nyPk9PHN7EQIPDwCgp849jOqCUWpfb1mOcDLWNbgKw6YAoOOa
hB4MOkPaB/C5mDw5hEKvNMGY
=SAqL
-----END PGP SIGNATURE-----


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Relevant Pages