Monday, August 07, 2006

Vista's virgin stack

Microsoft Windows Vista (now in beta testing) and Windows Server "Longhorn" (now in beta testing) include a new implementation of the TCP/IP protocol suite known as the Next Generation TCP/IP stack.

So runs the blurb on Microsoft.com - it seems that they have started again (much in the way they did with XP and Windows 95 before it). Now I'm a big fan of writing something that is clean and not a hack'ed, patched version of something but as Steve Gibson points out the TCP/IP stack is the one thing you want to be hardened by sustained hacker attack - the stack in XP showed none of it's vulnerabilities in beta but as we know it was a security nightmare until SP2 (and even now we haven't had a quiet patch Tuesday for more than eighteen months!). The same was true of 95/98/ME - the only version of Windows that had a relatively secure IP stack from launch was Windows 2000 - and it inherited NetBSD's stack!
Now Symantec have been hammering Vista with malformed packets and have some very alarming results here - I suppose it's in their interest to portray Vista as insecure and needing of additional software (theirs!) to make it safe to use. Still - makes for interesting reading.
Like all OSes I'll be waiting a year before I install it on any machines I rely on...

As an aside I was chatting to someone I met on a campsite - he writes embedded applications for industrial machines - not Windows Embedded but proper assembler code for 80186 chips (and the like) - low power processors that can run off batteries etc. He is currently working on an IP stack for the x86 and has implemented stacks for Z80 etc. His observation was that there are no good quality "free" (as in free software - open source) code implementing an IP stack on those chips - today people are keen to save the time and implement using embedded Win2K (but not XP interestingly - probably for the reasons above). But, you only get the best performance with the economy of assembler code.
Reminded me of the little NetIOM board is was playing with just after Christmas - see here and here. It had a very rudimentary web server on chip and support of ICMP etc.

1 comment:

Kevin said...

He thought W2K IP stack was better than any GNU Linux one? I'd like to hear more about that!