Truth About Computer Security Hysteria

Raw sockets: two years and counting (down?)

I LOVE TO watch Martha Stewart. Really! Every time I watch her, I think "there stands a blatant self-marketer disguised as a pedicured housewife."

Steven J. Vaughan-Nichols' 2001 article includes this gem: "ex­perts like Steve Gibson of Gibson Research Group [sic] pre­dict that the cur­rent explo­sion of DDoS attacks (4,000 a week by Gibson's esti­mate) will vastly increase. Theo­reti­cally, this could lead to the Inter­net itself slowing from hun­dreds of thou­sands of DDoS attacks."

Don't get me wrong! She looked genuinely enthralled during her famous "chinchilla episode." I feel the same genuine enthrallment every time I drive by the Anheuser-Busch factory in St. Louis. Yet a bunch of chinchillas taking a dust batch doesn't change the fact Martha is a blatant self-marketer disguised as a pedicured housewife.

...Okay, so you had to see the chinchilla episode to understand what I mean.

Computer security celebrity Steve Gibson reminds me of Martha Stewart. He's a blatant self-marketer disguised as both a town crier and a knight in cyber armor.

Two years ago this month, Steve Gibson started to scream yet again about the coming death of the Internet. Seth Fogie (VirusMD) marked the banshee's first anniversary. I'll mark the second anniversary.

An obscure, de facto Internet specification known as "raw sockets" threatened to destroy the Internet "and time is running out," Gibson warned in June 2001. "I do, indeed, think that Microsoft is 'absolutely nuts' to be moving forward with their, now confirmed, plans to bring RAW SOCKET support to the too-easily exploited end-user," he wailed.

Seven men at Microsoft "quite literally hold the future of the Internet in their hands," Gibson would later scream.

If you don't know about raw sockets, then don't fret about it. I bashed Gibson in June 2001 for his raw sockets hysteria. Then I bashed him again. And again. And again. And again (one of my best efforts). And again (my personal favorite).

Sadly, reporters have a fetish for juicy computer security stories. They'll cover almost any freak who (a) sees the cybergeddon coming and (b) knows how to stop it. I tell you, Gibson strummed the "raw sockets" hysteria like a virtuoso in 2001. The foam from his mouth spread to numerous people who should've known better, including Business Security Advisor associate editor Matt Smith, ComputerUser editor James Mathewson, ZDNet writer Steven J. Vaughan-Nichols, and Information Security editor Andrew Briney.

A SAVVY FOLLOWER of the raw sockets debate will ask an obvious question at this point. "Didn't Microsoft finally fix the raw sockets problem in September 2002 with the release of Windows XP Service Pack 1? Isn't that why the world didn't end?"

Raw sockets have always been a router security issue. Period.

Answer: NO!

Raw sockets have always been a router security issue. Period. Proper egress filtering on both sides of a router solves this problem. Instantly. For every computer on the network. It stops evil packets created by raw sockets under any operating system. Any router security analyst knows this! ("Oh, and I suppose you are a router security analyst, Rob?" Yeah, back in 1996-97. Five years before Gibson mis-identified the need for router egress filtering.)

Hence we can say with authority that Smith, Mathewson, Vaughan-Nichols, Briney, and (of course) Gibson are not router security analysts.