This can't be!
Microsoft has assured us that their TCO is lower than Linux!
Boeing, other companies make Microsoft 'Slammer' fix
By Dina Bass / Bloomberg News
NEW YORK -- Verizon Communications Inc., Boeing Co. and other companies installed a six-month old patch to repair a flaw in Microsoft Corp.'s database software to block a worm that slowed access to some Web sites this weekend.
Microsoft, the world's biggest software maker, said the "Slammer" worm exploits a weakness in its SQL Server 2000 and MSDE 2000 programs to replicate and flood networks with requests for data. A fix has been available since July, and Microsoft put an easier-to-install version on its Web site Saturday.
The glitch didn't harm computers, and some of the busiest Web sites including EBay Inc., Amazon.Com Inc. and AOL Time Warner Inc. reported no problems because they installed patches after the similar "Code Red" bug struck machines in July 2001, security experts said. Some companies failed to update patches because of cost and complexity, said Chris Rouland, a research executive at software maker Internet Security Systems Inc.
"Chief information officers are faced with a deluge of patches, and it becomes an issue of prioritization, and it's very expensive," Rouland said. A consultant charges about $100 an hour and takes about two hours to fix each server, he said.
There were about 1 billion attacks an hour at the peak this weekend, and about 200,000 to 250,000 machines have been affected by "Slammer," Rouland estimated.
"This is not about a wakeup call," said Simon Perry, vice president of security strategies at Computer Associates International Inc., the world's fifth-largest software maker. "The wakeup call came six months ago" when Microsoft issued the patch. "It's time for people to get out of bed."
Computer worms spread by attacking a system while a virus is spread through the exchange of files. Worms are similar to viruses because they make copies of themselves.
Verizon, the second-largest U.S. provider of fast Web access over telephone lines, had some internal systems slow, spokesman Mark Marchand said. Verizon's phone system was unaffected, and the company made the fix this weekend, he said.
Bank of America Corp. customers were unable to withdraw money from its 13,000 cash machines for a few hours Saturday because of problems related to the worm. Bank One Corp. clients couldn't view credit card account summaries on the Web for "several hours" on Saturday and it was fixed by noon that day, said spokesman Tom Kelly. He said Bank One had no problems with its ATM network.
Boeing shut 2,000 server computers over the weekend to contain the worm, said Bob Jorgensen, a Boeing spokesman. The company had been in the process of testing the patch to make sure it was compatible with Boeing systems and had planned to install it soon. The worm didn't cause production delays or delivery problems, and all computers are running, Jorgensen said.
Ford Motor Co., one of Microsoft's biggest customers, "saw signs of the worm activity," said Ford spokeswoman Christina Camilli. "But nothing major and it didn't disrupt production or critical applications."
There is no evidence that terrorists launched the worm, though it appears a person or a group deliberately targeted companies that failed to install the patch, security experts said.
"It was definitely not by accident," said Vincent Gullotto, a senior research director for security-software maker Network Associates Inc.'s Antivirus Response Team.
The Federal Bureau of Investigation is monitoring the worm and trying to identify the cause, White House spokeswoman Tiffany Olson said this weekend. The type of worm had been detected as early as May 2002 and "the onus has been on the ISPs and company systems administrators to take preventative action to keep this from happening," Olson said.
Microsoft's SQL Server, which competes with Oracle Corp.'s 9i program and International Business Machines Corp.'s DB2 software, is the most popular database for machines that run the Windows operating system, according to research firm Gartner Inc.
Microsoft is calling customers to make sure they have installed the patch, spokesman Rick Miller said. "As people were waking up, there was some concern there would be another hard hit as people came back on line. That doesn't seem to have manifested itself."
Frequent security flaws are crimping Microsoft's ability to sell more programs for running the busiest corporate networks and Web sites, analysts and customers have said. Companies who lack the time and money to apply security updates as they are released should avoid Microsoft products, Gartner has said.
Chairman Bill Gates last year ordered employees to make security their top focus in product development after bugs like Code Red and Nimda cost customers millions of dollars in 2001.
Shares of Redmond, Washington-based Microsoft fell 68 cents to $49.17 as of 4 p.m. New York time in Nasdaq Stock Market trading, the lowest closing price since Oct. 11.
Microsoft also is working to improve patches and tools for helping customers apply the fixes, Miller said. Many customers don't download patches because there are too many and most require restarting computers. Still, customers must be more careful to download important updates, he said.
"In both this case and the cases of Nimda and Code Red, it wasn't like there was a 24-hour period where people had to deploy the patch before something hit," Miller said. "These have been out for months."
Companies in South Korea had widespread slowdowns and the worm was still active Monday because they were slower than companies in the U.S. to install patches, said Steve Chang, chief executive of computer-security software maker Trend Micro Inc.
"U.S. companies are extremely sensitive, so the service providers are providing better security," Chang said. Korean companies may have focused on satisfying demand for service at the expense of protecting their systems, he said.
Security experts said it is unlikely investigators will identify the source of the worm.
"They're probably not going to know who did it unless somebody starts bragging about it, which is possible," said Marc Maiffret, co-founder of eEye Digital Security.
The culprit used a format that makes "spoofing" easy, which means the attack could have been designed to appear as if it came anywhere the creator wanted, he said.
This figure really doesn't seem the least bit credible.