Tuesday, January 28, 2003 |
11:16 - Redmond Justice
http://finance.lycos.com/home/news/story.asp?story=31168037
|
(top) |
Ahh, now this is the kind of thing that puts a twisted smile on my lips. It's only a partial consolation for the network's damage at the hands of the SQL Slammer worm; but it does melt the ice surrounding my wrought-iron heart just a little.
Microsoft Corp. itself was exposed to the virus-like attack that crippled global Internet activity last weekend because it failed to install crucial fixes to its own software on many Microsoft computer servers.
Although Microsoft contends its failure to keep up with its own updates did not cause major problems, security experts said it points to a larger issue: Microsoft's process for keeping customers' software secure is hugely flawed.
The virus-like attack, called "slammer" or "sapphire," exploited a known flaw in Microsoft's "SQL Server 2000" database software, used by businesses, government agencies, universities and others around the world. Microsoft had issued a patch for the flaw in July, but many _ including some units within Microsoft _ had failed to install it.
The result was that the attacking software scanned for victim computers so randomly and so aggressively that it saturated many of the Internet's largest data pipelines, slowing e-mail and Web surfing around the world.
Microsoft spokesman Rick Miller declined to say which areas or how many computers at Microsoft were affected. He acknowledged that some servers were left unfixed because administrators "didn't get around to it when they should have."
Not that this will do anything in the long term to change anybody's approach to proper administrative habits. Oh, sure, it'll put the fear of God into a few IT guys, for a few months. Lots of techs will get sent to security training seminars; lots of consultants will make lots of money.
But sooner or later, everyone will go back to the tried-and-true method of using whatever software came preinstalled on their servers, hiring MCSEs to maintain it who follow little flowcharts and leave root passwords on Post-it Notes stuck to their monitors, and relying on service contracts and lawsuits to cover their asses in the event of anything bad happening.
It's cheaper that way, of course. It's how the insurance industry works. Hope for the best, but pay a tax and gamble that it'll explode, because someone else will take care of it if it does.
Meanwhile, we on the Internet get stuck in traffic jams behind massive auto pileups, and nobody's raising the premiums.
|
|