GCN Tech Blog

By GCN Staff

Blog archive

Windows Vista network stack not so new

In our feature on Windows Vista a few months back, we expressed concern about how this operating system comes with a brand-spanking new TCP/IP stack. In matters of security, such newness could be a vulnerability, analysts from Symantec Corp. reasoned. After all, Vista's new stack has not been hardened by years of daily use and aggressive probing by malicious hackers. By contrast, older versions of Microsoft Windows, we heard, borrowed a well-seasoned stack from the BSD OS.

Well, it turns out this Vista stack is not so fresh after all. Two analysts from network performance management software provider NetQoS Inc. examined the algorithms supporting the new TCP/IP stack, called Compound TCP, or CTCP. They found that CTCP actually uses a number of previously-tested algorithms, including TCP Reno, TCP Vegas, Fast TCP and High Speed TCP.

But while CTCP is in fact fairly seasoned, NetQoS still recommends testing it on a small scale before rolling it out across the enterprise, thanks to the way Microsoft tweaked CTCP to boost data transfer speeds.

According to Microsoft, CTCP can boost throughput network speeds by dynamically enlarging the transmission window where appropriate. The TCP sliding window judges the amount of network activity overall and scales transmission rates to not overwhelm that network. (The 'window' in this context is simply the number of packets a host sends out before stopping to wait for an acknowledgement by the computer with which it is exchanging packets.)

The danger here is that Microsoft's new windowing implementation does not appear, at least under initial scrutiny, to be set manually. The 'fact that it's dynamic and self-tuning means you've lost control over it ' that's a scary position for a sysadmin,' the NetQoS analysts write.

Initially, organizations rolling out Enterprise Vista may not have to worry about this problem'CTCP is off by default in that OS. But when Microsoft rolls out the Windows Longhorn server'where CTCP will be the default TCP/IP stack'administrators may want to take a hard look at how it will affect network traffic.

Posted by Joab Jackson on Dec 13, 2006 at 9:39 AM


inside gcn

  • pollution (Shutterstock.com)

    Machine learning improves contamination monitoring

Reader Comments

Fri, Dec 15, 2006 Joab Jackson

Thanks A.G.--I corrected that mistake but remain much embarrassed by the Copy Editing 101 flub' Also I enjoyed C.J.'s clarification of the algorithm versus the code. Useful distinction, that. 'joab

Fri, Dec 15, 2006 Aaron Gill DC

I liked the article. Good to know... but the editors certainly should have caught the big error in last few words of the article.1. af'fect (transitive verb) to produce an effect uponEffect in this case would mean it would be the primary cause for all network traffic (wanted and unwanted)To affect something brings about an effect on it.

Thu, Dec 14, 2006 Oliver Friedrichs CA

It's important to remember that while the Vista stack uses a number of seasoned TCP algorithms, the underlying code itself is new. This means that the nuances of the implementation are different. TCP segment reassembly for example is different. IP fragment reassembly is different. The code is what has changed, and when you have new code, you may have new bugs. Most vulnerabilities are based on code or code design flaws rather than algorithms flaws.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities