Re: Raw Sockets in WinXP

From: David Hickman (dhickman@yahoo.com)
Date: 07/27/01 

Message-Id: <a05101001b787860daf53@[209.83.195.36]>
Date: Fri, 27 Jul 2001 15:59:42 -0500
To: <SECURITY-BASICS@securityfocus.com>
From: David Hickman <dhickman@yahoo.com>
Subject: Re: Raw Sockets in WinXP

Actually I think it is a great thing that microsoft finally has a
real tcpip stack. The problem is most lusers run win* at the equiv
of root. With all of the security holes in ms products they are made
worse since the average user runs in admin mode.

Just think if everyone ran their unix as root. I beleive we will
start seeing simular problems with MacOSX it defaults to an admin
mode.

dhh

At 10:56 +1200 7/27/01, Jim wrote:
> > I'm curious.. Presuming XP is similar to NT in that normal user accounts
>> are not the same as admin accounts, and it can be configured so that only
>> admin accounts can do things like install drivers or otherwise modify the
>> system, could Microsoft set things up so that only accounts specificly
>> granted the rights to do so could open raw sockets?
>
>This could definitely be done. Whether it would solve the problem people
>are complaining about, I don't know. Given the huge number of
>vulnerabilities in MS OS's, getting access to a priveledged account in order
>to create the raw sockets would probably not be an issue, merely another
>step on the way. I'm assuming the ability to create raw sockets wouldn't be
>restricted for an administrator, which would likely be the first account to
>be cracked anyway.
>
>
>> This would allow apps that need raw sockets (which are generally few and
>> far between for regular users) the capability without giving every trojan
>> the same ability.
>
>If the ability is there, people will find a way to use it and exploit it.
>
>
>> Surely the folks at microsoft have thought of this solution. Do they
>> simply not care? Have they said that they won't do this?
>
>I'm not sure that Microsoft don't CARE about security, but it's certainly
>not foremost in their mind when they design their products.
>
>
>-----------------------------------------------
>This message is confidential. If you are not the intended recipient
>you must not read or do anything else with this message.
>If you have received this message in error please notify us
>immediately by return email and destroy this email. Thank you. 

--

Relevant Pages

  • Re: Raw Sockets in WinXP
    ... Subject: Raw Sockets in WinXP ... Presuming XP is similar to NT in that normal user accounts ... > are not the same as admin accounts, and it can be configured so that only ...
    (Security-Basics)
  • RE: Help... Event ID: 13042 "Self Update Not Working"
    ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ... I do see it in IIS though. ... accounts directory. ...
    (microsoft.public.windows.server.sbs)
  • RE: XPSP2 compatability
    ... Well Microsoft gave the programmers ... So now, Microsoft is back to saying, "No raw sockets" (amongst other ... I'm not saying that this is the only security hole in Windows. ... Subject: XPSP2 compatability ...
    (Pen-Test)
  • Re: Disabled Accounts
    ... recipient policy" and delete the user@xxxxxxxxxx address, ... Description of the Windows Small Business Server 2003 Best Practices ... Using Microsoft Exchange Server 2003 Recovery Storage Groups ... Personally I disable the accounts and wait until I need the licenses. ...
    (microsoft.public.windows.server.sbs)
  • Re: Outlook messages going un-bold
    ... accounts" and click Next, make a screen shot of the E-mail Accounts page. ... It may happen if the Outlook views are corrupted, if this is the case, we ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)