Sarasota PC Monitor
Tech Talk (10/01)
Windows XP
by Brian K. Lewis, Ph.D.*
Member of the Sarasota Personal Computer Users Group, Inc.By the time this article shows up in the Monitor the latest version of Windows may already be on sale. So should you upgrade or wait? If you buy a new computer you can be sure it will be pre-loaded with XP. But before you decide to upgrade from your current operating system there are several things that you need to consider. First, a disclaimer: I have not worked with XP. My comments are based on many reviews and commentaries from sources whose opinion I have found reliable in the past.
The first thing you have to consider about XP is whether or not your computer has the horsepower to handle this upgrade. And, if you are currently running Windows 95, forget about an upgrade. You may as well plan on buying a new system. XP will only upgrade 98, ME and 2000. The minimum hardware requirements for XP are a 300 megahertz processor and 64 megabytes of RAM. However, if you were familiar with any of the requirements for earlier versions of Windows you realize that with the minimum requirements, you will function at a snail's pace. You might be able to get by with a 400 megahertz cpu and 128 megabytes of RAM. With XP, the more powerful your computer, the better it will function. If you do decide to upgrade, the expected price will be about $100 for the Home edition and $200 for the Professional edition. Although some suggest that XP be installed on a clean hard drive and then reinstall all software, other have simply installed XP over the previous operating system. I have never had a problem in the past with Windows upgrades on systems that were functioning correctly.
If you have more than one computer in your house or home office running Windows, you will be forced to buy a separate copy of XP for each computer. You will no longer be able to buy one copy and install it on all your computers. You also won't be able to burn a CD and give it to a friend, relative or whoever that really wanted to upgrade their software. Although these practices were never legal in the past, now it becomes much more difficult to accomplish. This is because of the new copy-protection system that Microsoft has included with XP. They refer to it as Product Activation.
When you first install XP you are asked if you are ready to "activate" your copy. If you say "yes", then the installation program sends a selection of hardware information and the XP serial number, in code, to a Microsoft Website. This information is stored by Microsoft and on your computer in an encrypted file. If you do not "activate" your copy during installation, you will have 30 days in which to do so. At the end of the 30 day period, your computer will stop loading Windows and hang up with an activation screen. Until you contact Microsoft by phone, you will not have access to your computer or any of your data. If you activate your copy of XP and then install it on a second computer, the second computer will function for 30 days. If you try to activate the copy on the second computer over the Internet, you will receive a message telling you that it can't be done. If you try to do it by phone, you may or may not be given an opportunity to purchase a second copy. Microsoft will know that your copy was already activated on another computer. In addition, after XP is installed and activated, every time you boot, it will check the encrypted file against your installed hardware to be sure that it is still running on the original computer.
This activation problem will affect mostly home users and small office/home office (SOHO) users. The large corporations that buy XP licenses in bulk won't have to worry about activation. They also get a price break on the quantities they buy. However, there are no plans announced to allow users with more than one computer, but say less than 10, to get any kind of a price break. It will be a straight $100 or $200 per copy, and strictly one copy per computer.
There has been some questions raised about whether or not the information being sent to Microsoft for the Product Activation violates individual privacy rights. There have been several in depth analyses of the information involved in Product Activation. Here is the list of items that are included in the hardware identification string that is sent to Microsoft:
Windows XP product key
Volume serial number string of system volume
Network adapter MAC address string
CD-ROM drive hardware identification string
Graphics adapter hardware identification string
CPU serial number string
Hard drive hardware identification string
SCSI host adapter hardware identification string
IDE controller hardware identification string
Processor model string
RAM size
Dockable or non-dockable
The raw values for these strings are not transmitted. Instead, they are all "hashed". In other words they are altered mathematically and then converted to binary values. As you can see, there is no personal information contained in these hardware values. Only if you "register" the software, in addition to the activation, do you provide Microsoft with any personal information.
The next question is what happens when you change or upgrade any hardware in your system. It appears that you can make up to six changes without having to re-activate your copy of XP. However, this may change when the final product hits the shelves. The other side of this is that a Microsoft representative has stated that they will allow reactivation of a system that had substantial changes up to four times a year. That probably means a phone call to Microsoft.
So what can you change? Just about anything except the motherboard. Changing the motherboard seems to bring up a blue screen which doesn't permit you to go any further. There may be a work-around for this, other than installing the previous version of Windows, but I haven't found it yet. You can change a hard drive, CD or DVD-ROM, graphics card and/or sound card without having to reactivate. However, changing six components, either at one time or sequentially, does bring up a request to reactivate your system. All in all, the changes required for reactivation seem to be rather lenient. So, for most people it won't be a problem. And, for those who buy new systems with XP installed, activation will probably have been done by the manufacturer. Only the upgraders will have to deal with product activation.
It does appear that Windows XP is a considerable improvement over earlier home versions. Testers have stated that it is very stable, running for a month or more without having to be re-booted. This makes it comparable to Windows 2000 in stability. That is not surprising as it is built on the Win2000 core. It also has some interesting additions. One is a built-in CD burner. It also comes with a new version of Windows Media Player and with a built-in firewall application. However, it is only a one-way firewall. It blocks incoming hackers, but has no capacity to block outgoing. So if your system has already been invaded, this firewall won't help you at all. My suggestion would be to stick with ZoneAlarm.
The one unanswered question is that of raw socket support. This is a very technical topic that is covered quite well on Steve Gibson's Website: http://grc.com/dos/winxp.htm. Microsoft has made a change in XP, which adds a number of powerful and completely unnecessary networking features. These features, although found in other operating systems such as Unix & Linux, are normally restricted to the network administrator level. In XP they are accessible by any user. In previous versions of Windows, the sockets were protected. In XP, the change is to an unprotected raw socket. To quote from Gibson's page: "No previous version of Windows (9x, ME, or NT) had, or needed, full raw socket support. Those systems worked seamlessly on the Internet. While there are valid uses for advanced raw-IP packet generation by system level processes (NAT routing, IPsec support, etc.), there is no valid use for raw sockets by end-user software. The only applications are Internet Research or the exercise of malice. Therefore, this new danger is without justification." And "full Raw Socket support is absolutely unnecessary for the use of ANY benign Internet applications."
The following quotations were taken from a hacker Website and refer to a trojan that can be used by anyone interested in setting up a Denial of Service attack on Web servers (emphasis added).
"Skydance 3.03 is a DDoS for win32 using RAW sockets. source includes this features: - communication with ICMP, including a simple std-windows-"abcd..." ping attack - can not be found with netstat -a (ICMP:) - can not be found with usual Port-Scanners (RAW:) - on win2k-systems communication and attacks are spoofed (IP_HDRINCL:) - server size can be packet to 17 K - client-source can be ported to unix because it is done as console app. - (ICMP tunnel) file(65kb) can be sent within a spoofed ICMP packet, executes it after receive.
Some words about DDoS from Windows OS. The new feature IP_HDRINCL that comes with win2k can make windows to a powerful DDoS server because it enables IP-spoofing! IP_HDRINCL in source: - setsockopt(ssock, IPPROTO_IP, IP_HDRINCL, (char *)&bOpt, sizeof(bOpt)); - That means win2k-servers will become a base for DDoS that is equal to *nix servers."
You can check the address for yourself: http://www.megasecurity.org/trojans/skydance/Skydance3.03.html. This megasecurity URL also lists several hundred downloadable Trojan software packages.
These notes specify that Win2000 or Unix (Linux) systems are susceptible to this type of hacker attack. The same will be true of Windows XP as it provides the same full raw socket availability at the user level. According to recent statistics, 42% of all U.S. homes have computers with Internet access. Considering the number of home computers currently running Windows that may convert to XP (10 million?), the possibility exists of very large numbers of machines being invaded by trojans. These numbers could easily be used to bring down the Internet. To me, this prospect is very worrisome. As we already know, not every computer is protected by firewalls that will block incoming and outgoing traffic. I believe Steve Gibson is absolutely correct, the major beneficiaries of this raw socket change will be the hacker community.
So, will you be upgrading to Windows XP? I suspect that I will keep Window 98SE as my main OS for some time to come. And, if the proper application software becomes available, I may even convert to Linux using both software and hardware firewalls.
*Dr. Lewis is a former University and Medical School professor. He has more than 20 years of experience working with personal computer hardware and software. He can be reached via e-mail at brian_klewis@hotmail.com or voice mail at 941-925-3047. :
Copyright 2001. This article is from the October 2001 issue of the Sarasota PC Monitor, the official monthly publication of the Sarasota Personal Computer Users Group, Inc., P.O. Box 15889, Sarasota, FL 34277-1889. Permission to reprint is granted only to other non-profit computer user groups, provided proper credit is given to the author and our publication. We would appreciate receiving a copy of the publication the reprint appears in, please send to above address, Attn: Editor. For further information about our group, email: admin@spcug.org/ Web: http://www.spcug.org/The Sarasota Personal Computer Users Group, Inc. has 1,300+ members and was established in 1982. We are members of the Assoc. of PC User Groups (APCUG), the Florida Assoc. of PC Users Groups, Inc., and we are members of the America Online Ambassador Program.
See http://www.spcug.org for all reviews from the Sarasota PC Monitor, go to the Newsletter Section.