August 13, 2003
Why does it happen?

CNN.com - Warnings did little to stop internet worm - Aug. 13, 2003

I'm not always sure why corporations get hit by these worms when patches are available. Is it clueless sys admins? Lazy sysadmins? Bad management? Bad security officer? It isn't very hard to monitor new exploits. I do it, and I update my software accordingly. I have an IDS so I know what people are trying to do on my box, and I have a firewall. I'm probably not unlike many people who have the job of keeping corp. systems secure... I keep personal things as up to date as possible. But, why do the corp. machines get left behind? I know I generally pay more attention to remote exploits than local ones. Since I know I am local, and if someone else becomes local, then it was because of a remote exploit.

From the article:


Microsoft spokesman Sean Sundwall acknowledged that the blame does not really lie with customers.

"Ultimately, it's a flaw in our software," he said.

So, is Microsloth saying it is their fault completely? If so, then they should be sued for damages. Of course, if it came to court, the spin would change to "It isn't our fault, we had a patch available for over a month. It is the customers fault." I think both are true. I think MS is at fault for not providing secure software.. ever. They have a terrible track record where security is concerned. It's not like once in a while they are like "oopsie", there are generally multiple Windows or MS product vulnerabilties each week. And, it is the consumers fault as well for not keeping up to date. When Apple has a security update, I use it. It isn't hard for Windows folks to do the same. Once or twice a week, check for updates. Not hard. When you see the oil light in your car on, you go get an oil change. If you don't, your dumb. But, when it comes to corporations, there is little excuse for it not happening in a timely manner. There should be a person or two on staff to monitor security issues, and implement the patches in a timely fashion. If a corporation was hit by this worm this past week, their security guys should be fired and replaced... they had a month to prepare and I'm curious as to why they didn't.

Posted by Kevin at August 13, 2003 07:10 PM
Comments

Farmers got all screwed up from that worm. We couldn't access hardly anything online. Really messed with us.

Posted by: MySlowGrandCherokee on August 14, 2003 3:46 PM

A lot of people got messed up with it. Some home users I know of did. I had patched our 1 PC weeks ago (no patches needed for the Mac or BSD box.. of course).

Posted by: Kevin on August 16, 2003 10:54 AM
Post a comment

Leave a comment