Vista feature exposes beta machines

Found on CNet News on Thursday, 18 August 2005
Browse Software

After installing the first beta release of the upcoming Windows client, some testers noticed suspicious network traffic to their machines. Concerned about a possible attack, these people last week contacted the SANS Internet Storm Center.

After investigating the traffic for SANS, Bakos found the culprit: a peer-to-peer networking feature that is turned on by default in Vista Beta 1, released last month. The feature uses a new version of Microsoft's peer name resolution protocol (PNRP) and connects to other beta machines as soon as an Internet connection is available, he said.

It does go against Microsoft's "secure by design, secure by default and secure in deployment" principle, which the company adopted as part of its broader security initiatives. The principle calls for delivering products in locked-down mode, with features turned off.

The peer-to-peer feature is meant to enable connections between Windows computers without the need for a central server, so that they form a "peer-to-peer cloud."

Turning the feature on by default is risky in a range of ways, Bakos said. The system opens a connection to the Internet using a protocol that has not yet been vetted for security issues. Also, the peer-to-peer service functions as a directory of connected computers and could aid attackers in finding targets.

Why should you want your OS to automatically join a network? It looks like the planned security improvements won't be much different. After all, the first virii for Longhorn (yes, I still prefer to call it Longhorn) have already been created, using its shell (Monad, which won't be in the final release now).