Site Navigation
|
|
PGTS Humble BlogThread: Microsoft (Decline Of) |
|
 |
Gerry Patterson. The world's most humble blogger |
| Edited and endorsed by PGTS, Home of the world's most humble blogger | |
| | |
The Security Elephant In The Room |
|
Chronogical Blog Entries: |
|
| | |
Date: Sun, 26 Feb 2012 08:41:26 +1100Recently it came to your blogger's humble attention that firewall policy violations would increase dramatically whenever an Xbox, behind the firewall, was in use. A little investigation proved that the cause of this was not necessarily malevolent port scanning. It seemed to be one port in particular that was being targeted ... Port 3074. And the pattern of the attacks seemed to be consistent ... One could almost come to the conclusion that it was a "feature" of someone's software ... Could it be a Microsoft feature, dear reader? |
|
Some more study of the logfiles revealed that the violations seemed to occur when a particular Xbox Live game was being played. It was as if agents (other Xbox consoles?) outside the firewall were trying to connect with the local Xbox by sending unsolicited traffic to port 3074 in order to open negotiations.
A little more investigation (with Google) revealed this rather obtuse recommendation on the Xbox Live Support Site:
If you have a firewall or network hardware, such as a router, you might need to make a configuration change in order for your Xbox 360 console to communicate with Xbox LIVE. This configuration change is sometimes called "opening ports" or "port forwarding".
Xbox LIVE requires the following ports to be open:
Port 88 (UDP)
Port 3074 (UDP and TCP)
Port 53 (UDP and TCP)
Port 80 (TCP)
There was no detailed information, that your humble blogger could find, about policies or what was meant by the use of the terms forwarding and/or open.
And so in the interest of consistency, dear reader, your blogger feels that he should declare his own humble definitions of these and a few other technical terms.
-
Ports. Internet services are transmitted as traffic that consists of "packets". A port is an internet service or channel. It is designated by some bits in packet headers.
-
Firewall. A firewall is a term borrowed from engineering and/or construction. In a ship, for instance a steel firewall might be constructed to protect the remainder of the vessel from an event such as an "engine room fire". In computer terms, the firewall is a device (often another computer) that protects one's local network from mischief that might be attempted by agents outside the firewall (the Internet). It does this by allowing traffic to go out but only allowing in traffic from an established connection. For a simple network that consists only of clients, that would mean allowing traffic for all ports going out and blocking unsolicited traffic for any port coming in. In other words a computer firewall usually allows local clients to open communications with external servers so that they can negotiate traffic on any port. However, The firewall usually prohibits all unsolicited inbound traffic.
-
Port Open. A port (or service) is open if there is no hindrance at all. Its rather like there is no firewall for that port. Obviously this is a rather poor security choice.
-
Port Forwarding. On the other hand for networks run by organisations which host servers that offer services to the Internet, their firewall must allow unsolicited traffic in for those services. Otherwise the clients on the Internet side would not be able to "establish" a connection (to obtain the service in question). In this situation ports are forwarded to the appropriate server. For example clients seeking HTTP services (port 80) will have their traffic forwarded to the HTTP server (webhost) ... And for a medium sized network this could mean multiple servers ... etc.
Given Microsoft's track record for Internet security, your humble blogger is not really surprised that they would design a gaming platform that requires ports to be open and/or to use port forwarding to and from what is essentially a client-side network.
And in some respects the decision to use this type of architecture might have been compelled by the choice of operating system for the Xbox hosts. Microsoft got rid of all their Unix servers several years ago as part of an over zealous in-house jihad to purify their internal networks and rid them of all non-Microsoft products. The subsequent performance of networks hosted exclusively by Microsoft servers has led them to off-shore processes which under usual circumstances might naturally belong on the server-side to the client-side. Many features of recent Microsoft systems architecture are a sad reflection of the anaemic Windows servers at the back-end which are incapable of sustaining the sort of through-put that one might expect from a professional operating system.
To date, the Xbox platform has been free of malware. However if a vulnerability exists, it would be in connection with Microsoft desktops ... Microsoft have pushed the integration of the Xbox with Microsoft Windows PCs using media centre etc. And since the PC platform is thoroughly compromised and there are already known exploits of Windows Media Player, this strategy would, from a security point of view, appear to be unwise.
But then again, when have Microsoft ever shown any real concern for their customers' security?
There a signs (in Windows Seven), that Microsoft is trying to make a few, halting, first little steps in the direction of improving their security. They are making a genuine effort to support multiple user accounts and user permissions and trying to get their heads around "privileged mode" ... Mostly this is too little, too late. When it comes to security Microsoft just don't get it. And your humble blogger suspects that they will never really get it until they learn some lessons in "humility". And bringing out a new humble logo is not sufficient. Genuine humility will only result from a sizeable portion of the bleating consumer herd moving on to greener (non-Microsoft) pastures ...
Where this all gets interesting is in the ongoing competition in the mobile arena. Apple and Android are currently the most popular mobile platforms, and Microsoft would like to be regarded as a player in this market.
Already there are signs that there are many less than savoury mobile apps about which could get up to considerable mischief if installed on a device. However your blogger must offer his humble opinion that such malicious apps that affect Android mostly seem to require the user to check the box that says "install untrusted applications" ... And then later, when the malicious app is encountered, the unwise user must also click on something which says install or accept the terms for the new app ... (e.g. install new app that will make you more sexy or cool etc ...)
The same problem exists with iPhones. However the iPhone app store is more tightly regulated than the Android app store. Still one should not under-estimate the gravity of such threats. Many people are using their phones to access their bank accounts, pay bills, purchase stuff from super-markets etc, etc. Malware can be a serious threat on any smartphone! And the Android platform will have more problems because it is an open system.
What this really highlights is that a dumbed-down approach of click and install anything that takes your fancy because it promises to make you more "cool" is not a viable security model. It never has been and it never will be ... Although to date, this has been exactly the security model for Microsoft desktops. In fact for sheer ease of installing Malware, the Microsoft desktop team has set the bar at an extraordinarily low level. This is the security elephant in the room ... Plug a USB device into your MS workstation ... Or just connect your MS workstation to the Internet ... And unless you have installed some very good anti-virus software, Malware will be silently installed on your Microsoft desktop, with no warning, without any prompting, automatically and unobtrusively in the background.
Microsoft would like us all to believe that if that happened to you, dear reader, then it would be entirely your own fault ... Because you didn't install anti-virus programs capable of preventing the mishap ... And this, dear reader, and the issue of poor performance are the main reasons that the Xbox remains the sole Microsoft device on your blogger's humble network. And likely to remain so for the immediate future.
With the release of Mountain Lion there are signs that Apple intend to integrate their desktop and mobile environments. Apple see this as a way of building on their undeniable success in the mobile market. Google have hinted that Chrome OS could be viable as a thin client. And now with the Windows 8 beta there are signs that Microsoft also see integration of their ecosystem as the way forward.
For Microsoft however, integration will be problematic. Not all that long ago, in fact, there were calls from within Microsoft to have their desktop quarantined. Integration with such an afflicted platform is bound to have security implications for both the Windows phone and the Xbox.