Truth About Computer Security Hysteria
Gibson applauds Microsoft security, fears Linux will destroy Internet
Monday, 25 June 2001
MEDIA DARLING STEVE Gibson knows how to stir up a controversy.
Media darling Steve Gibson believes Microsoft saved the Internet from self-destruction. And he believes Linux will destroy the Internet if it reaches the mainstream. Read what he wrote if you don't believe me.
A news item in Security Wire Digest notes the popular security guru "is fending off fierce attacks about his competence and credibility after calling Windows XP the 'exploitation tool of choice for Internet hackers everywhere.' "
The Gibson/Microsoft debate revolves around a wildly complex issue known as "raw sockets." But hey, you know technology reporters — they get paid to describe it in terms your mom's cross-stitch club can understand. So a thousand pundits each wrote 100-page summaries on the topic. But they didn't do a good enough job, so a hundred tech writers tried to squeeze it into a 10-page "meta" summary.
Still not good enough. Ten experts tried to condense it down to a one-page "ultra" summary. Bah! Amateurs, all of them. I will now boil down the Gibson/Microsoft debate to a single concise word:
Go on, admit it. I came up with the best techie joke this week.
Anyway, I wanted to let you know something important — Gibson applauded Microsoft's security in his diatribe. No, really! He wants Microsoft to continue providing good security in their operating systems. Gibson went so far as to attack Linux as a deadly threat to the Internet.
Don't believe me? These quotes come directly from Gibson's website — and I honestly believe I quoted him in context:
And my personal favorite:
- "Full Raw Sockets were created as a potent research tool. They were NEVER INTENDED to be shipped in a mass-market consumer operating system..."
- "Windows' traditional lack of full Berkeley Unix Raw Socket support has been a silent blessing that has undoubtedly contributed hugely to the stability of the global Internet of the past. It is the Internet's future that concerns me greatly..."
- "Any system whose fundamental architecture prevents applications from gaining 'Raw' access to the Internet will be MUCH harder to exploit..."
- "Microsoft's 'half-baked' Raw Socket implementation [HAS] BEEN A VERY GOOD THING for the Internet so far ... full Raw Socket support is absolutely unnecessary for the use of ANY benign Internet applications..."
Memo to Steve Ballmer: Gibson authorized a 0.25% spot bonus for the computer security team. See to it.
- "Microsoft's original 'WinSock' was exactly right for a consumer operating system..."
- "It is precisely because of the rapid growth in the number of hobbyist-owned Unix and Linux boxes — often configured insecurely then compromised with Trojans — that we are now seeing a rapid growth in the number of DDoS attacks..."
- "It is indeed unfortunate that 'everyone else' has full Raw Socket support. The Internet has already been suffering the consequences. That problem is certainly going to grow with time and needs to be dealt with as well..."
- "Microsoft was not the first to make this crucial mistake on the Internet..."
So there you have it. Microsoft saved the Internet from self-destruction, and Gibson wants them to continue. I mean, come on — people don't trust the computer security world to do the job they get paid to do! Gibson is right to beg for a Redmond reprieve. In fact, I can summarize his fear in three words:
"LINUX MUST DIE."
- "Blindly following ANY recipe, whether it's a specification or a standard, and lacking an understanding and independent evaluation of its role in the intended application, is tantamount to replacing your own judgement with someone else's..."