Internet Connection Security for Windows Users
by Steve Gibson, Gibson Research Corporation
Windows Networking 101:
The networking technology built into Windows was designed to operate on small local area networks (LANs) where some amount of inter-system trust could be assumed. When the Internet "happened" this local area networking technology was quickly made to "go global" — though it was inappropriate for the job.

You have probably encountered the term "LAN", which stands for Local Area Network. The operative term here is LOCAL because the networking technology incorporated into Windows — called "NetBIOS" and "NetBEUI" and first designed more than fourteen years ago by IBM — received its first broad exposure in Microsoft's "MS-Net" product and then more widely in "Windows for Workgroups." NetBIOS and NetBEUI were designed to run on small LOCAL area networks. It was created way back before the Internet "happened" and it was meant to be used within corporations, small "workgroups", and homes where everyone with access to the computers on the LAN is playing on the same team.

As Microsoft's own Windows for Workgroups Resource Kit says:

"The primary protocol used by Windows for Workgroups is called NetBEUI
(NetBIOS Extended User Interface). This protocol was first introduced by
IBM in 1985. NetBEUI is a small and efficient protocol designed for use
on a departmental LAN of 20 to 200 workstations."  (page 1-32)

Well, I couldn't have said that better myself. Windows networking technology is based upon NetBIOS and NetBEUI, which were NEVER designed to "go global". It wasn't ever meant to cope with foreign agents, competitors, pissed off ex-employees, previously significant others, or malicious teenage computer vandals with too much time on their hands. But when you hook your Windows-based computer to the Internet, this is precisely who has access to your machine! (For some background on NetBIOS/NetBEUI and why they aren't designed for the Internet click the "TechZone" link below.)

TechZoneWhy shouldn't NetBIOS go global?

Truth & Consequences . . .

The Internet is incredibly powerful because it allows YOU to connect to "Internet Resources" located anywhere in the world. When you "browse the web" your web browser is connecting to web servers running on other people's machines and reading HTML files that have been prepared for you. But what you haven't been told is that this "Internet connectivity" is entirely reciprocal! As easily and effortlessly as you're able to connect to any other server on the Internet, anyone else's computer can connect to yours! It's true. I created this web site to demonstrate exactly this fact, to explain it, and to help you deal with the consequences.

The problem is that file and printer sharing services function by turning any PC wanting to share its files into a file and printer server. When this trusting and sharing computer is connected to a network, this "service" is naturally extended and made available to the all the other computers which are also connected to the network. But when that network is THE INTERNET, suddenly your computer is literally offering its files to every other computer in the world!

How Did This Happen?. . .

The first cause: Most home computer users never bother to password protect their own computer resources. It's annoying to have to "logon" to your own computer every time you want to use it or to provide a password when connecting to a shared directory. So the vast majority of PC users have left their passwords blank to make using their computers easier and quicker. But this means that anyone else on the same network — and that means THE ENTIRE INTERNET if your computer is connected to it! — can share your computer's resources by using the same BLANK password!

Windows NetBIOS networking technology does not require any sort of authorization to ask for and receive any computer's private "networking" names, including the name of the current logged-on user, the computer's own name and its workgroup. Such information is considered highly valuable to anyone preparing a break-in and is often used as a starting point by computer vandals planning an attack.

Secondly, it's much easier for most users if everything is turned on and "just works" on a PC. So most options are automatically set ON until you turn them OFF — even if you don't need them.

You may be amazed to learn . . .

. . . that the whole of Microsoft's "Network Neighborhood" (and the "Client for Microsoft Networks" which lies behind the icon), are completely unneeded for any use of the Internet! They are installed automatically and needlessly. They slow down your computer's startup and its operation once started. They consume precious RAM memory and critically reduce your computer's security whenever it's connected to the Internet!

As you will see on the "Network Bondage" page here, it's easy to discipline the Client for Microsoft Networks to greatly enhance the security of your computer's connection to the Internet.

While Microsoft's networking client is installed, a default setting which would have protected many millions of computers if it were normally set to OFF instead of ON is TCP/IP File and Printer Sharing. We already know how useful it is to share files and printers among the machines on our LOCAL networks. But "binding" the NetBIOS protocol to the TCP/IP protocol with this setting automatically extends your computer's file sharing services out across the entire Internet. (The "Network Bondage" page also provides a clear explanation of changing this setting if you need or wish to retain the Client for Microsoft Networks but want to prevent Internet intruders from gaining access to your computer.)

Note that recent versions of Windows present a warning message that appears during the installation of the Windows TCP/IP protocol. The message warns users about the dangers of sharing the computer's files over the Internet. But most computers arrive pre-configured, or they're upgraded from previous versions, so this message is rarely seen. (And, frankly, even when the message does appear, most people don't fully appreciate the danger that it implies.)

So the happy and casual home computing user, who has never had much to worry about, and who never bothered with password protecting his own personal computer's logon or shared resources, simply connects his machines up to the Internet . . .

" Wow, look how fast I can browse!!! This is great!!! "

Yes . . . But now anyone who happens to be passing by on the Information Superhighway can take a pit stop at your machine to wreak any havoc they choose!

To continue, please see: Am I really in any danger?

You are invited to browse these pages for additional information:

1  Shields UP! Home 
5  Network Bondage 
9  Public Forum 
2  Explain this to Me! 
6  Evil Port Monitors 
10  Be Notified 
3  Am I in Danger? 
7  Personal Firewalls 
11  FAQ 
4  What Can I Do? 
8  Further Reading 
12  Site Evolution 

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2024 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page

Last Edit: Oct 06, 2003 at 14:29 (7,499.31 days ago)Viewed 28 times per day