On Wed, 24 Jan 1996, Russ .
Cooper @
RC .
Toronto .
on .
ca wrote:
> There are known issues with Microsoft's TCP/IP stack that would force
> anyone trying to do anything substantial with IP on NT to do certain things
> to avoid some of the pitfalls present in their stack. WebSite, from
There are also siginificant issues with NT's multi-tasking capabilities
that were fixed by Tektronix for their WinDD product. Let's see... if
the stack stinks and the multi-tasking stinks, then I wonder about the
rest of the operating system! Especially one by a company whose other
operating systems as memory management as an ADD-ON!
> O'Reilly and Associates, found a timing issue with the stack and had to
> write a workaround of their own to ensure the performance of the Webserver.
> As we all know, Microsoft's commitment to the Internet is evolving, rather
> more quickly now than before, but having to start life from the perspective
> "our strategic protocol of choice is IPX", means that Internet-related
> Microsoft Product Manager's are pulling their hair out.
Irrelevant! If they are committed, then move in that direction!
This is why I cannot trust or endorse NT, at least for now (yes, I've
run my own tests on it to see it fail miserably). Microsoft's
commitment to a quality product, in their culture, leaves much to be
desired. Up until now, if you wanted TCP/IP on that type of platfor,
you either had to go to another vendor or get a version of Unix. Now
that the Internet and the "Information Superhighway" is the buzzword of
the day, they can't handle it because, as I and others have said in the
past, it is not a standard they invented--and they have a hard time
dealing with standards they don't invent.
> So implementing hardware drivers, or even their own TCP/IP stack, does not
> detract from their use of NT in my opinion. To me, the bigger question is
Why? If the stack is part of the OS, then we're getting into the
situation we had before: third party add-ons. So why buy NT to start
with? If you're re-writing significant portions of the OS, then what's
the use?
> how they interact with the Security Reference Monitor, which is used by all
> applications running on NT to determine whether or not they can interact
> with any other aspect of NT based on rights granted to the
> user/service/thread. I'm more concerned that if improperly implemented, an
> application could simply step around the security rules and go directly to
> the HAL or another driver itself.
I would almost bet real money that these firewall vendors are not using
the Security Reference Monitor. In assisting someone who is trying to
port FWTK to NT, we found we were better off writing our own apps and
finding ways of dealing with it rather than through the SRM. What a
kludge to deal with!
> It really is too bad that no Raptor or Firewall-1 representative is willing
> to speak out on this topic. I'm sure that some might think it marketing to
> talk about their product, but if done at a technical level, I believe the
> list would be interested. Correct me if I'm wrong list!
I would be very interested, too. I think both would help clear up any
possible misconceptions *any* of us may have as to using NT for TCP/IP
netowrking or even implementing traditional Unix functionality not under
Unix.
scott barman
--
scott barman DISCLAIMER: I speak to anyone who will listen,
scott @
disclosure .
com and I speak only for myself.
barman @
ix .
netcom .
com
"Micro$oft and Windoze/NT will be the cause of the de-evolution of
network security just as the original PC and BASIC was the cause of
the de-evolution of programming." - scott barman
References:
-
RE: NT Firewalls
From: "Russ .
Cooper @
RC .
Toronto .
on .
ca" <Russ .
Cooper @
RC .
Toronto .
on .
ca>
|
|
