Vmyths.com


Hoaxes, myths,
urban legends

Columnists

Newsletter
signup

Addictive
Update
Model

False
Authority
Syndrome

About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

To put it simply: 'no'

Rob Rosenberger, Vmyths co-founder
Thursday, 28 June 2001 As read by the author (MP3) SECURITY GURU STEVE Gibson scared Microsoft users when he went on a tirade against "raw sockets." His fear (repeat: fear) of this wildly complex Internet specification led Vmyths.com reader Louis Nettles to ask an important question. Will raw sockets create "serious problems for the ordinary user with a DSL connection?"
Malicious software can very easily exploit your computer ... but only if it seizes your computer in the first place. "Raw sockets" play no role in the takeover of your PC.
To put it simply: "no." Will Microsoft's implementation of raw sockets create a problem for Joe SixPack and his 56k modem? Will it create a problem for your average Fortune 500 company? To put it simply: "no." Gibson insists "any system whose fundamental architecture prevents applications from gaining 'Raw' access to the Internet will be MUCH harder to exploit." The following examples expose a flaw in Gibson's "concrete" argument:
  • The Melissa virus turned many computers into 'zombies' in 1999, yet it didn't use sockets of any sort.
  • The ILoveYou virus turned many computers into 'zombies' in 2000, yet it didn't use sockets of any sort.
  • The Kournikova virus turned many computers into 'zombies' in 2001, yet it didn't use sockets of any sort.
In each of these cases — and in many more like them — a virus came from people you knew & trusted. The computers that sent them never disguised their origins via "raw sockets" or "tar-tar sockets" or "medium-rare sockets" or anything other type of socket. This means malicious software can very easily exploit any computer ... but only if it seizes your computer in the first place. "Raw sockets" play no role in the takeover of your PC. They only come into play after malicious software takes over your system. If you keep your computer free of malicious software, then you have nothing to fear from raw sockets. If you don't keep your computer clean — well, let's just say "raw sockets are the least of your worries."
WILL RAW SOCKETS in Microsoft's new operating system "motivate hackers to find new ways into those machines," as Gibson insists? Will Windows XP-equipped PCs really "become the most sought-after target for penetration"?
Raw sockets are not the valuable part of a "zombie" computer. Its Internet connection is the real treasure.
To put it simply: "no." Gibson wants you to believe raw sockets are a valuable treasure. They are not. Your Internet connection is the real treasure. And this only makes sense! Think about it — if you were a "zombie hacker," would you commandeer only those PCs with raw-socket support? This realization leads to ask some philosophical questions:
  1. Does any 'zombie program' refuse to load on a computer if it lacks support for raw sockets?
  2. Can a 'zombie master' command his zombies to attack if and only if they support raw sockets?
  3. Did the 'zombie master' who attacked Steve Gibson's website use only zombies which supported raw sockets?
The answer to each question, to put it simply...