Will Windows eXPerience bring DoS disaster?

Are we about to be laid open to attacks?

Before Microsoft's latest Windows offering even lands on UK soil on the back of a billion dollar marketing blaze, detractors are already taking pot shots at the operating system. Chris Holbrook considers whether they are justified to warn about denial of service (DoS) attacks? Security experts are urging Microsoft to drop a user feature before the October release of Windows XP amid fears that an unprecedented wave of DDoS (distributed denial of service) attacks could be seen. The software giant will re-introduce a feature in Windows XP, previously dropped from older Windows programs - called 'raw sockets' - that allows IP address spoofing. Spoofing an address in this way means malicious hackers cannot be traced, and may encourage DDoS attacks and the bringing down of websites, according to some security experts. A DDoS attack requires a network intruder to break into a host of internet connected machines and then direct data packets from those various sources to a computer in their millions. Such an attack floods the targeted system, tying up its resources, so legitimate users are unable to gain access, often to a website. Steve Gibson, of Gibson Research, one of XP's biggest detractors, has called the add-on "a shocking example of corporate hubris" on his company's website, saying it spells catastrophe for the integrity of the internet. He stated raw socket functionality is completely unnecessary, with no valid use outside an internet research setting. He added: "In a consumer computer system, this will only be exploited for malicious purposes." Neil Laver, Windows product marketing manager at Microsoft, played down the inclusion. He maintains the move is a response to customer demand for a richer user environment. It is a reason Microsoft has used before when adding other features. Laver said: "All the operating systems, including Linux and Unix, include this facility. We haven't seen mass attacks because of these systems, so I don't believe there will be an increase in DoS attacks with the release of XP. The problem lies not in limiting operating system features but in blocking malicious programs from being installed on a computer in the first place." Laver claimed Gibson and others use security scare stories to gain exposure. However, the fact remains that for any number of reasons, Microsoft is still the firm people love to hate. David Wray, CTO of e-security software firm Authoriszor, said: "If a hacker gets one over on Microsoft, whatever their motivation, then they're 'the man'. Any new release of an OS will provide new opportunities." A recent study by the University of California revealed there are around 5,000 DDoS attacks every week. These figures may well be at the bottom end of estimates as firms naturally fight to conceal attacks from outsiders. The prospect of an increase in such attacks - which in the past have been used to cripple well-known websites such as Yahoo!'s main portal page - does not help Microsoft convince users they should upgrade. Authoriszor's Wray advises users to "stay with Windows 2000 as most of the bugs have already been ironed out", but acknowledges his firm - like thousands of others - will be upgrading early as it needs to develop for all platforms. Once again, it looks like a wait-and-see approach will mean XP is the latest high-profile product to be accepted gradually. In the meantime, all eyes will remain on websites which should show later this year if the DDoS threat is real. For related news see:
Industry underestimating DoS attack threat
http://www.silicon.com/a44645
IT directors shun XP upgrade
http://www.silicon.com/a45281
XP and smart tags - Microsoft at it again?
http://www.silicon.com/a44963
Microsoft Office XP fanfare falls on deaf ears
http://www.silicon.com/a44787
Microsoft bugs: Shape up before you ship out
http://www.silicon.com/a39767