Regards, Ivan
Posted on 01/29/2003 1:54:32 AM PST by MadIvan
SEATTLE: Software giant Microsoft Corp fell victim to the weekend’s rampant Web virus when its own system administrators failed to install a simple patch that the company has urged users around the world to download.
The SQL Slammer worm infected servers at company headquarters in Redmond, Washington, and flooded Microsoft’s network with traffic late last Friday and Saturday morning, Microsoft spokesmen said Tuesday.
The worm caused havoc all over the world by replicating itself across servers and overwhelming many Internet sites with billions of false requests for data (see In.Tech, Jan 30).
The worm had been identified in July, and Microsoft made available a patch for download that fixed the vulnerability exploited by the program.
However, thousands of system administrators, including many at Microsoft itself, failed to install the patch.
The vulnerability in Microsoft was especially embarrassing since it occurred just days after company chairman Bill Gates crowed about the achievements of Microsoft’s “Trustworthy Computing” initiative, which aims to increase the security of personal computers and computer networks.
Microsoft said its failure to keep up with its own updates did not cause major problems. But security experts said the prevalence of the worm points to a severe flaw in Microsoft’s process for keeping customers’ software secure.
“It’s unreal to think that system administrators can monitor multiple applications and apply patches to them that vary from implementation to implementation,” Geoff Shively, chief hacking officer of PivX Solutions, told the technology website IDG.
Other experts said the high volume of software patches from Microsoft and other software vendors overwhelmed system administrators and left them vulnerable to attack.
Blaming the victim
Microsoft said users should have kept up to date with patches, but critics lashed out, saying that the software giant still needed to make a greater effort to plug potential holes in its products.
"I don't buy it," Bruce Schneier, chief technology officer of networking monitoring company Counterpane Internet Security said regarding Microsoft's call for system engineers to install updates to its software.
"That's blaming the victim," Schneier said.
Although the security patch, which addresses a security hole in SQL, was available since last July, many system administrators had failed to implement the fix because they often required extensive testing before installation, Schneier said.
With numerous patches for all of its products, security experts said the main objective should be to develop software that was free of patches or less prone to security flaws, not to constantly issue fixes and risk attacks from malicious programs.
While governments were still probing the source of the worms, which remained a mystery, security experts dismissed the idea that the worm might have been deliberately timed to coincide roughly with the first anniversary of Microsoft's secure computing drive.
Other security experts said software users would have to accept the fact that software, whether it be Microsoft's or any other platform, would remain buggy and nearly impossible to secure, given the complexity of modern software design.
"In their defence, they provided a patch six months ago," said Marc Willebeek-LeMair, chief technology officer of TippingPoint Technologies Inc, which developed an "inoculation" that allowed networks to shut out SQL Slammer.
"We all know that when you have millions of lines of code (the underlying instructions for software programs) there are going to be bugs," said Willebeek-LeMair. -- dpa, Reuters
Regards, Ivan
Someone is definitely going to lose their job for this down at Microsoft.
Regards, Ivan
If you conscientiously get all critical updates after every software installation (and iterate process until no more are found) then you can keep on top of it. Somehow the cobbler managed to go barefoot.
1. For all we know, the hackers who created this software might have come from China, or a trading partner of China, such as Iraq. Clinton had given the Chinese military access to the most incredible places. Then China bragged about having a special "hacker squad" that could disrupt the internet.
2. Microsoft is an important business, not only for my nation's economy, but also for our trading partners. When Clinton slapped Microsoft around iwth lawsuits, it ultimately helpedtrigger the US recession.
3. Without Microsoft's contribution to the tax kitty, the US military ultimately suffers. Then, unless England increases its military budget, tin pot dictators will spread across the world like cancers.
4. Bill Gates, for all the bad press triggered by the Clintonista, gives $9 to charity for every dollar he spends on himself and his family. When Bill Gates is victimized, even if he wasn't being 'cautious enough', and the Clintonized critics laugh at him, people in need suffer nine times more than Gates does.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.