[LUNI] Try to remember...

Martin Maney maney at pobox.com
Sat Nov 10 09:40:01 CST 2001 

On Sat, Nov 10, 2001 at 09:08:22AM -0600, Jean-Michel Smith wrote:
> I know it was in Windows/95.  Windows 3.x did not have any real tcp/ip
> stack to speak of ... back in those days those of us cursed with windows
> had to download a shareware tcp stack just to get on the net.

Uhm, nope, sorry, I have a lab full of older boxes that are still running
Windows 3.1, and Microsoft certainly did release a TCP/IP stack for it.  We
no longer use those machines that way, mostly due to the severe memory
constraints in any pre-95 version of Windows, plus the need to run the IPX
and Novell client code in order to access shared resources, but we certainly
did use a Microdoft-provided TCP/IP stack on them - before the other lab got
upgraded, those machines used to BE our browser machines!  Good old
Netscape, versions 3 and, towards the end, 4.0x ...

> I wouldn't want to defend Gibson, but his point that providing a full
> tcp/ip stack to Windows would suddenly make all those millions of clueless
> pc users firtile ground for widespread DoS attacks of a more sophisticated
> nature was IMHO never rebutted very well (yes, I've read the rebuttals to
> his stuff, and this one argument IMHO does hold up against them).

Clueless PC users don't run, let alone write, DOS programs.  The tiny number
of vandals who do write such things have had ways of doing this stuff all
along.

> the net 24/7 by millions of clueless users.  But in the immediate future
> this is not the case, and GNU/Linux has a much better record on security
> than any version of Windows past or present.  FreeBSD's record is even

You're so close to the real issue here!  Gibson's goofy hysterical rant
misses the real cause of the problem: Windows is an insecure, readily
subvertible platform BY DESIGN.  Until they fix that, crippling the network
stack is at best a bandaid, and more likely is nothing but a filter,
preventing some of the less-skilled vandals from including some features in
the scripts they write.  This doesn't matter, since it only requires one
person who does know how to work around the problem; then all the script
kiddees can use his script.

> years past.  Nothing really new here, except perhaps in the variety and
> sophistication of some of the newer forms of attack that may be
> forthcoming.  This is neither hysteria nor FUD, merely business as usual,
> upgraded somewhat.

Tell that to Gibson, Jean.  :-/

-- 
Microsoft, which used to say all the time that the software business
was ruthlessly competitive, is now matched against a competitor whose
model of production and distribution is so much better that Microsoft
stands no chance of prevailing in the long run. They're simply trying
to scare people out of dealing with a competitor they can't buy,
can't intimidate and can't stop. -- Eben Moglen

More information about the luni mailing list