Vista feature exposes beta machines
Unexpected peer-to-peer feature in the beta version of next Windows catches some testers off-guard.
After installing the first beta release of the upcoming Windows client, some testers noticed suspicious network traffic to their machines. Concerned about a possible attack, these people last week contacted the SANS Internet Storm Center.
"There was very curious traffic that did not match anything that they had seen before," said George Bakos, a security expert at the Institute for Security Technology Studies at Dartmouth College who is associated with SANS. "The concern was that this may be some new type of attack, or somebody scanning for a vulnerability we were unaware of."
The traffic was coming from computers on the Internet that, as far as the testers knew, were not supposed to be communicating with the beta machines. "It was anomalous to everything they were aware was going on," Bakos said.
After investigating the traffic for SANS, Bakos found the culprit: a peer-to-peer networking feature that is turned on by default in Vista Beta 1, released last month. The feature uses a new version of Microsoft's peer name resolution protocol (PNRP) and connects to other beta machines as soon as an Internet connection is available, he said.
That default turn-on could expose the testers' machines to some security risks, Bakos said.
It does go against Microsoft's "secure by design, secure by default and secure in deployment" principle, which the company adopted as part of its broader security initiatives. The principle calls for delivering products in locked-down mode, with features turned off.
The peer-to-peer feature is meant to enable connections between Windows computers without the need for a central server, so that they form a "peer-to-peer cloud." Multiplayer gaming is one application that Microsoft has in mind for the technology, the company has said. Third-party application makers can also take advantage of it through the use of a software development kit.
Opening in the OS
Turning the feature on by default is risky in a range of ways, Bakos said. The system opens a connection to the Internet using a protocol that has not yet been vetted for security issues. Also, the peer-to-peer service functions as a directory of connected computers and could aid attackers in finding targets.
"I recommend people be aware that (the peer-to-peer service) is there and decide if they are willing to accept the additional security risks associated with unnecessary services and protocols being used," Bakos said. "A query against the (service) may very well disclose a sizable list of Windows Vista beta users."
Also, someone concerned about privacy might be worried about having an additional identifying value associated with their machines, Bakos said. The peer-to-peer service tags the PC with a new identifier.
Microsoft does not intend to enable the peer-to-peer service by default in the final version of Windows Vista, due out late next year, said Greg Sullivan, a product manager for Windows. That means the only machines likely to be exposed by the problem are those belonging to tech-savvy beta testers, who are more able to deal with it.
"Bugs in Beta 1, well that can be expected," said Marco Drioel, a Windows Vista tester in the Netherlands. "Just disable PNRP if you think it is a threat."
Vista, previously known by its Longhorn code name, is the long-awaited successor to Windows XP. The three design goals for the operating system are better security, new ways to organize information, and seamless connectivity to external devices. Key features include a new searching mechanism, new laptop features, parental controls and better home networking.
Two other Vista beta testers said they aren't worried, though they would have liked it if Microsoft had told them about the enabled peer-to-peer feature ahead of time--which it didn't do, they said.
"If you change the default, you need to let us know about it," said Thomas Smith, a Windows Vista beta tester in Houston. Steven Bink, a tester in Amsterdam, agreed. "Notification would not have been a luxury," he said. "But testers in danger? This is a beta, you should only run it in test environments."
Bakos agreed, noting that Vista is only in beta release, and testers shouldn't expect it to be perfect. "If you are a member of a beta program, the onus is upon you to run that system in a test environment and watch it like a hawk, because there are going to be things different from what you are accustomed to," he said.
Microsoft's Sullivan said that the software giant could have been more upfront about the service being enabled, but stressed that beta releases are precisely for trying out new features.
"We do things differently in betas in order to gather information that will help us make the product better," Sullivan said. "The fact that we have a service that is turned on by default allows us to properly test it and helps make it much better."
Microsoft has conducted internal security reviews of PNRP. An earlier version of PNRP is also available in Windows XP Service Pack 1, but is not turned on by default. The company is currently in discussions with external security experts for a third-party analysis of the protocol, a Microsoft representative said.
Even before its release, the security of Vista is being scrutinized. Earlier this month, the release of sample viruses for a new command shell that was originally planned to be in Vista resulted in reports that the first viruses for the operating system had been found. However, the command shell, called Monad, won't be in Vista.