Windows XP Could Unleash Wave of DoS Attacks

Windows XP, Microsoft's forthcoming operating system, has the potential to escalate denial of service attacks to a level never before seen, according to a computer security researcher.

Set to be released on October 25, Windows XP is more open to being used in DoS attacks than previous versions of Windows because Microsoft has fully implemented a networking technology called Unix Sockets, according to Steve Gibson, founder and owner of Gibson Research, a computer security product maker.

Unix Sockets, long a standard part of Unix operating systems, has only recently been fully included in Windows, starting with Windows 2000 and now in XP, Gibson writes about denial of service attacks that had been launched against his company by a 13-year-old.

DoS attacks can disable a Web server or other type of computer by bombarding it with a high volume of fake requests for information, causing the target computer to crash or become so overloaded that it grinds to a halt.

The implementation of Unix Sockets is troubling, Gibson writes, because they are frequently used in two aspects of DoS attacks. They are used to falsify IP addresses, a technique called spoofing which makes the source of an attack harder to pinpoint. They also allow computers to flood other computers with certain types of traffic, in this case, the kind of TCP packets that can bring down Web servers.

Insecure Users

Windows XP systems will be targets for hackers to take over and use in DoS and distributed denial of service attacks (when multiple computers worldwide are taken over and used in an attack) because they will be both powerful and easy to break into, Gibson writes.

Computers can be taken over, or primed for use in such attacks, without their owners knowing. Worms, such as those spread through e-mail, like the Lion worm, can contain hidden code that will allow a hacker access to the system when they want to launch a DoS attack.

When married with high-speed Internet connections, Windows XP systems could be used to launch a DoS attack beside which "the historical problems with Internet attacks promise to pale in comparison," Gibson writes.

DoS attacks have plagued the Web for years, though they came to prominence early last year when a series of such attacks were launched against major commercial sites, including Yahoo.com, Amazon.com, and EBay.com. A recent study by researchers at the University of California San Diego found that more than 4,000 DoS attacks are launched each week against companies and individuals.

Added Features

Microsoft calls Gibson's charges "drastically overblown," in the words of Steve Lipner, manager of the company's security response center. Windows has always had some of the functionality Gibson is talking about, Lipner says.

Additionally, DoS-attack effectiveness is not as much a function of operating systems as the programs used to launch them, he says. Programs running on any operating system can be written to perform such attacks, he adds.

Though Windows XP can be used to launch DoS attacks, and can spoof IPs as Gibson charges, adding security features to the operating system was a better idea than removing features, Lipner says. Spoofing IPs can have legitimate purposes, such as for firewall testing and some other network operations.

Included in the operating system are new security features, including a personal firewall, a security application that can help stop intruders and DoS attacks that is configured automatically when a PC is hooked up to the Internet, user-definable policies to keep certain kinds of code from running on the machine, and modifications to the Outlook e-mail client to try to prevent e-mail worms from spreading, Lipner says.

Gibson and Microsoft have conducted a dialog over e-mail about these issues and essentially agreed to disagree, Lipner says.

Chris Le Tocq, principal analyst with Palo Alto, California-based Guernsey Research, says it's difficult to gauge the accuracy of Gibson's claims. However, to the extent that Gibson raised awareness of security issues and techniques for consumer operating systems, Gibson has done a good thing, Le Tocq says.

In the end, Le Tocq says, Gibson's statements should help raise awareness of security issues for consumers. Now, end users just have to make sure their computers are as secure as possible.