The scary details can be found at a Web site devoted to the dangers of Denial of Service and Microsoft’s seemingly casual lack of security concerns. The site, hosted by Steve Gibson of Gibson Research Corporation, a computer security company, is downright scary reading.

Here are a few paragraphs that show you where Gibson is coming from:
 

Gibson’s latest concern is that hackers will enlist your computer in organized or Distributed Denial of Service attacks that soak up a server’s bandwidth, effectively shutting down the affected Web site, as happened to Gibson’s own site recently. All this will be done without your knowledge, of course.

Why this will be the case is one of those technology stories with lots of odd-sounding acronyms like API, TCP/IP, ICMP and so on, although Gibson strives manfully to make the issues understandable. As I understand it, then, it goes something like this. Hackers send out a “zombie” program that lies dormant on your hard drive until activated. Once brought to life, it behaves like an electronic robot (or bot) and, when you log on to the Net, begins sending a sequence of data packets to the targeted Web site. The beauty, or the horror, of these zombie bots is that hundreds of computers can be secretly enlisted in the cause, which is Denial of Service due to so many incoming calls arriving all at once. Without a proper firewall, properly set up, you could easily be hacking some Web site and never know it, especially if your own machine is always on the Net when turned on, as with DSL.

Where do Microsoft and Windows XP finally enter the picture? For the first time in a consumer product, XP Home Edition supports the raw socket API (Application Programming Interface). The only other Microsoft OS that permitted this was Windows 2000. Ordinarily, raw socket access is the sort of thing restricted to Unix administrators, or an application with full “root” privilege. Apparently, in an effort to remain compatible with older Windows programs, and allow new applications access to the Net, Microsoft opted to include raw socket access, as opposed to the old approach (TCI/IP), which used standard sockets, and went by the name of WinSock.

According to Gibson, raw sockets were originally developed by Berkeley Unix programmers as a research tool that permitted “backdoor” access to core Network functions, and were never intended to be included in a mass-market consumer operating system. Of course, that changed with the arrival of Unix, Linux, and now Apple’s OS X on the desktop, all of which allow raw socket access.

But Windows outsells all these systems by several orders of magnitude, meaning that Windows XP will soon be in millions of homes and dormitory rooms everywhere. That in turn means that machines running the XP Home Edition will become the preferred target of choice of malicious hackers. Merry Christmas, all!

And don’t think it can’t happen to you. Back in May of this year, a paper published by the San Diego Supercomputer Center’s Cooperative Association for Internet Data Analysis revealed that more than 4,000 Denial of Service attacks were taking place weekly. Among the more common targets were the usual suspects, including Amazon.com, America Online, Microsoft’s Hotmail, Whitehouse.gov, the public-relations Web site of President George W. Bush, and others.   

Needless to say, this is not what Web creators had in mind when the Internet was in its infancy. They envisioned a free flow and exchange of information, not a system, any Web site of which, could be brought to its knees by a disgruntled user with a grudge to settle, or a hacker with time on his or her hands.

Windows XP for the home is scheduled to go sale on October 25 of this year. If Gibson is right, the Internet will never be the same.