I have the file download attached to this post. Grab it here and install it. I’ll let the transcript from Security Now! talk about it:
Steve: Oh, yes. The challenge of secure Wi-Fi just never seems to be resolved. We of course talked last week, following up from the week before, last week we were talking about this problem of how ad hoc networks, as opposed to infrastructure networks, an infrastructure being where you’ve got a base station you’re connecting to, an ad hoc network being where you just have two random, for example, laptops that are able to directly connect to each other or associate in order to create a connection, and how unfortunately Windows XP is a little misbehaving. In fact, you had that neat anecdote from two weeks ago, Leo, about how there’s sort of almost a virus, this Free Wi-Fi network virus that jumps from laptop to laptop.
Well, hearing last week’s episode where we talked about and showed on the show notes page how to go through and deliberately disable this sort of automatic ad hoc network connectivity, some sharp people over in the GRC newsgroups picked up and said, hey, Steve, did you forget about the Windows Client Update from late last year? And it’s like, uh. Then of course it rang a bell, and I remembered being aware of it, but it’s something we definitely want to talk about.
Okay, now get this, Leo. This is really annoying. A completely patched, like right up to date, XP system that includes wireless will not have a client update to the Windows ‘ it goes by various names, like Wireless Zero Configuration, WZC. But it will not have a really important update which all XP Service Pack 2 people will really want to incorporate. So it’s something that Microsoft ‘ it turns out it was on October 17 of ’06, so only a few months ago, that Microsoft released this to fix a whole bunch of holes in this Wireless Zero Configuration. But they never put it on their list of stuff that you’d like to have automatically downloaded into your machine.
Leo: Oh, so you have to specifically request it.
Steve: Yes. Yes. And it’s really important. For example, reading from ‘ and on our show notes page, of course, I’ve got links to all this. But reading under Changes for Ad Hoc Networks, it says, ‘On a computer that does not have the wireless client update’ ‘ which is what we’re talking about ‘ ‘installed, wireless auto configuration’ ‘ which is the other name it goes by, either zero configuration or auto configuration ‘ ‘automatically tries to connect to all the wireless networks in the preferred networks list that have previously been connected to.’ Get this. ‘If no infrastructure mode networks are present, wireless auto configuration sends probe requests out to try to connect to the first ad hoc wireless network in the preferred networks list. An observer could monitor these probe requests and establish an unsecured connection with a Windows wireless client.’
So literally, a laptop that someone’s just carrying around with them, when they’re not connected into a network already, every minute it’s sending out probes announcing networks that it used to be connected to or had been connected to in the past to see whether there might be a non-broadcasting network, that is, a network which is not broadcasting its SSID, its network identification, that would allow then this machine to connect to it. So it’s, literally, it’s spilling the beans. It’s sending out the names of networks that your laptop knows about. So…
Leo: Wow. Wow.
Steve: Yeah. And so, like, okay. This is not a huge security problem. But who wants their Windows machine sending out, you know, by radio, Wi-Fi names of…
Leo: Here’s people I trust. Here’s people I trust. Okay, just come on, pretend you’re one of them.
Steve: Yeah, I mean, essentially, anyone passively sniffing Wi-Fi packets will be learning about the names of the networks that the people around them have connected to in the past.
Leo: I would guess that’s how the Free Public Wi-Fi…
Steve: That’s exactly how it happens, is that a machine that has it, broadcasts it. Another machine says, oh, and connects to it. And now it has it. So the changes, on a computer that has the wireless client update installed, ‘Wireless autoconfiguration does not send probe requests to connect to newly created ad hoc wireless networks in the preferred networks list. Because many ad hoc wireless networks are created for temporary wireless connectivity’ ‘ I mean, that’s like all what you’d be using it for ‘ ‘you must use the Choose a Wireless Network dialogue box to manually initiate a connection to an ad hoc mode wireless network.’
Okay, now, that makes sense. So here’s a perfect example of Microsoft still not getting this tradeoff between privacy and security and convenience. Because the original design, even post-Service Pack 2, I mean, this is just in October, at the end of ’06. So even post-Service Pack 2, the big, much-heralded security update for Windows XP, they’re saying, oh, it’s better to err in the direction of convenience and, oh, look, it just works, than it is towards privacy and security.
Leo: Interestingly, though, this whole Wireless Zero Config, while I guess on the surface it looks more convenient, it’s caused more problems for more people. It is not, it is the opposite of convenient. I get people complaining all the time that they drop connections, and often it’s because Wireless Zero Config is kind of promiscuous.
Steve: Ah, well, actually that’s also one of the things that this update deals with is, if you end up with another network acquiring a stronger signal than the one you’ve got…
Leo: It just flips right over.
Steve: Yes, it’s able to jump networks and switch to the stronger one. It’s like, no. That’s not my network. This is not a cell phone, where I want to be jumping between cell towers. So anyway, they’ve fixed a bunch of things. We’ve got links on the show notes page to this description, to the page you can use for downloading. And just I was curious. So I, literally, I took an XP machine that had never ‘ it was fully patched, up to date. I looked at one of the main files, which is wzcsvc.dll. So that’s going to be Wireless Zero Config service dot dll. On a completely patched XP SP2 machine, its file date was 6/21/05.
Leo: That’s completely patched with critical patches, but not these optional patches.
Steve: Well, no, everything that ‘ no, not, I mean, everything that you can get automatically from, you know, as you install XP, then you go through all the Windows Update cycles over and over and over until it finally, you know, the patches have had their patches, and they’ve had their patches. so that it’s all settled down, and so okay, you’ve got everything you need, this thing is not part of that. And so only if you deliberately update, then it jumps you from a 62105 to 81806 on basically a whole set of files, which are enumerated on this page. So people will be able to look at their files, see whether this has been done for them by someone, and most likely it hasn’t been since it hasn’t been that long ago, it was in October.
Leo: I’m sure mine’s not.
Steve: And so everyone listening is going to want to run this patch because this basically locks down the wireless service, you know, this autoconfig sort of promiscuity of XP.
Leo: So once again, you’ll run Windows Update. It’s not a critical patch, though. You have to go in the optional patches. And what’s the name of it?
Steve: No no no, Leo. It’s not in Windows Update. You can’t find it there.
Leo: It’s not even there?
Steve: No. You have to deliberately go and ask for this by name.
Leo: Oh, grumble, grumble, grumble.
Steve: So the only way to find it, I mean, if you put in, for example, to Google or to Microsoft, you put in ‘wireless client update,’ I’m sure you could find it on Microsoft’s site that way. So ‘wireless client update,’ put it in the Microsoft search box, I’m sure you’ll find it. Or we’ve got links to it on our show notes. But there is no way, I mean, it doesn’t show at all through any of the normal, you know, take-care-of-me-Microsoft updates.
Leo: It’s not even an optional update. Okay.
Steve: Right.
Leo: And it is the first Google result if you do ‘wireless client update.’ And there’s a download link on that page.
Steve: Perfect.
Windows XP Wireless Update