Symantec Claims They Knew About Slammer In Advance 646
truthsearch writes "Wired is reporting 'Symantec claims to have identified the Slammer worm that ravaged the Internet during the last weekend of January hours before anyone else did. Symantec then shared the information only with select customers, leaving the rest of the global community to get slapped around by Slammer.' I'm not bothered I didn't know Slammer was coming, but Symantec has a moral responsibility to inform the public if it thinks millions will be affected." It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release. Update: 02/14 16:54 GMT by M : Wired has their math wrong; Symantec apparently had at most 20-30 minutes of early warning. Symantec claims in this press release that they discovered the worm "hours before it began rapidly propagating".
Big Surprise (Score:3, Insightful)
Re:Bag of Hammers (was "Big Surprise") (Score:5, Interesting)
It's safe to say by your post that you haven't.
To post the assertion that these guys have anything to the propagation and dissemination of viruii is retarded - not only do they have to contend with regular build issues, feature requests, etc. - but they also have to keep up with the dozens of virii released into the wild on a weekly basis. The heuristics involved in developing the software necessary to *fix* an already infected (sometimes by multiple virii) is pretty impressive. There's no *good* reason why any of these engineers would intentionally create more work for themselves -- they don't need any.
Additionally, they aren't the only game in town as far as anti-virus software. They would be out of the fame in a New York minute if they were ever found to be involved in disseminating virii, intentionally or not.
Please turn off your computer and go back to your "X-Files" reruns.
P.S. - The coolest thing about the interview was when one of the Senior Engineers showed me the Quarantine Room, where they research different virii and repairing the damage.
Re:Bag of Hammers (was "Big Surprise") (Score:5, Informative)
The plural of "virus" is "viruses". Aside from that, Latin plurals end in "i", not "ii". For example, "magus" becomes "magi", not "magii". The notion of Latin plurals ending in "ii" probably comes from such words as "radii" (plural of "radius"). The reason "radii" has two "i"s is because "radi-us-" becomes "radi-i-".
"In antiquity the word virus had not yet acquired, of course, its current scientific meaning; rather it denoted something like toxicity, venom, a poisonous, deleterious, or unpleasant agent or principle, or poison in the abstract or general sense. [...] Nouns denoting entities that are countable pluralize (book, books); nouns denoting noncountable entities do not (except under special circumstances) pluralize (air, mood, valor). The term virus in antiquity appears to have belonged to the latter category, hence the nonexistence of plural forms." (taken from here [perl.com]) Also, "viri" is Latin for "men", so that's not it either. The word is "viruses".
I know i'm coming off like a jerk here, and normally i don't post just to criticise someone's spelling, but "virii" is a plague. It's because of mistakes like this that we have two words for "disc", and the bizarre spelling of "Thames" (i.e. people trying to make English correspond to its Latin/Greek roots). Anyway, i just thought i'd point that out. That word really bothers me (which i guess is somewhat sad).
Sources:/ v/virus.html [reference.com]
- http://dictionary.reference.com/help/faq/language
- http://www.perl.com/language/misc/virus.html [perl.com]
PS: Otherwise an interesting post, heh.
Re:Bag of Hammers (was "Big Surprise") (Score:4, Informative)
sounds good. They think it expresses what they want to mean.
Look at the whole damned French language for an example of what happens when people spend a few centuries speaking what they think is latin.
So the problem is not that you are right or wrong, but rather, that the people you would like to persuade do not care for your argument.
It's like the people who wish media would stop using "hacker", or that slashdotters would use "GNU/Linux" when they say "Linux"... The argument is sound, and compelling, but is completely lost on those it seeks to influence! Not only do they not care, they actually prefer to stick with their chosen usage! You'd do just as well to argue that "virus" should be a mass noun or a possessive state of being: It has virus. (Like "milk" -- en français, il vaut mieux qu'on dit du virus).
I wouldn't hold my breath waiting for "virii" to go away -- these people don't even CARE that some English words have latin roots!
Hey, that makes me wonder if there is any other language whose plurals are formed with a final -i or -ii?
Now, if someone DOES buy the argument that latin usage should influence English, I wonder if it is important to note that "virus" in latin refers to "poison"... I'm standing by my argument that it should be a mass plural, not a count plural!
It is easy to make the case against "virii" from the latin "virus" -- it is not "virius" therefore not "virii" in the plural.
My advice is to write and speak with proper usage, correct others when they ask you to proofread their copy, and not expect anyone else to upgrade their literacy in
What's next on your agendum?
makes it worth it (Score:3, Insightful)
(not that I agree with not telling everyone, that just seems to be the why)
Symantec lies (Score:5, Interesting)
I saw this first hand. When Opaserv variants were coming out almost weekly last fall, Symantec was very slow to acknowledge their existance. A few people I know sent them executables of a new variant on October 19. Finally, on October 23, they announced they "Discovered" it...4 DAYS AFTER WE SENT IT TO THEM! Those Symantec liars didn't even tell us that they discovered it, but they're working on a fix. No, they sat on the virus for 4 days! (Want proof? Check out Symantec's Oct 23 discover day for brasil.pif, here [symantec.com], and compare that with the Oct 19 date that many of us first noticed that virus on this discussion sire here. [computing.net]) And of course, following true to Symantec policy, they claimed to have released a fix either the day of discovery or the the next day...to show they're working hard for their customers.
Stupid liars.
Re:Symantec lies (Score:3, Insightful)
Liars maybe, but stupid they are not.
Re:Symantec lies (Score:4, Interesting)
About a month an a half later, I get a terse email from Symantic, stating that they already knew about sub7 and that they had had the definitions for a month now. They recommended that I should keep my antivirus updated more often. This was conveyed in a nice little way that sounded like I was some AOL newbie that couldn't tell the left from the right mouse button. Needless to say, I am no fan of Symantic now.
Re:makes it worth it (Score:3, Insightful)
Hmm.. it could of course be that Symantec, although they may have known about the worm, may not have known that it was going to be as big as it was. They probably find new worms all the time, and perhaps they saw it as "just another worm". Since the thing apparently ripped through the internet in about 10 minutes, or something ludicrous like that, it may anyway already have been too late once they realised that it was going to a big one.
Symantec... I knew about you going out of business (Score:3, Funny)
HA HA HA HA HA [silence]
HA HA HA HA HA [silence]
HA HA HA HA HA [silence]
Re:Symantec... should be more careful! (Score:5, Insightful)
I would think that they would be more careful about raising people's suspicions about their prior knowlege of absurdly fast propagating worms.
Maybe they are believers that 'any publicity is good publicity' -- even in their business.
Send us your Linux Sysadmin [librenix.com] articles!
Re:Symantec... should be more careful! (Score:3, Interesting)
That same claim can (and has) been leveled against the defense and intelligence industry for some time now. If we don't believe there to be a threat, then we (any given 'we') will not pay for a defense against that (non) threat. The point you make, however valid, isn't really all that new.
I'm not in any way trying to flame you, however...I'm just pointing it out because it seems interesting to see how once again it's the same old story (life, that is) with a new wrapper on it.
Part of the conspiracy... (Score:5, Insightful)
Re:Part of the conspiracy... (Score:4, Informative)
Devil's Advocate (Score:5, Insightful)
Re:Devil's Advocate (Score:3, Insightful)
Re:Devil's Advocate (Score:5, Interesting)
"If I witness a felony but refuse to call 911 because the victim hasn't paid me money to do so, I'm technically an accessory to that crime, not to mention a really rotten citizen."
Corporations are determined to have the same rights as citizens - then they have responsabilities too. That being said, how many times have we heard about a company trying to keep the holes in their own software secret from the security community? This isn't very different.
A company's duty to itself is to make money - but companies are allowed to exist by the government of the people - and so all companies, profitable or otherwise, have the responsability to act for some vague concept of greater good. Usually this rule can be generally ignored, after all, the fact that they generate money is good for the economy. The exception occurs they did something dead-obvious-bad. Keeping a threat to the whole internet a secret pretty much falls into that category.
But... Did They Know? (Score:5, Insightful)
Aside from the obvious question of, how could they have known, hours in advance, of a worm that took essentially ten minutes to bring down major portions of the Internet, how could they have known the extent of damage that the worm could potentially have on the Internet?
The 911 illustration is not exactly valid. If I see someone in the act of commiting a crime, I have a pretty good idea what the outcome will be. On the other hand, if I overhear someone talking about commiting a crime, the line becomes a lot more fuzzy, because I don't know if the crime will ever be committed, or if it will be successful.
You get a vague idea that there's a new Internet Worm on the loose, and you warn your customers. It's not until later that it hits you that, "Ohmygosh, this is the big one!"
Re:Devil's Advocate (Score:4, Insightful)
The same way that if I walk in their offices and pass out, I would expect them to call an ambulance and perform first aid, not to steal my wallet (to get richer).
Re:Devil's Advocate (Score:3, Insightful)
Re:Devil's Advocate (Score:3, Interesting)
On the other hand, there are laws that force senior officers of corporations to act in the interest of shareholders profits rather than for any other interests (including their own)
So, by your logic (equating laws with morals), senior Synamtec management are morally forced to keep things like this to themselves (as that way, they will get more paying subscribers to their services and make more mone for their shareholders)
OTOH, I would say that ynamtec employees have a moral (but not legal) responsibility to 'blow the whistle' and get information out.
moot point (Score:5, Insightful)
Re:moot point (Score:3, Interesting)
Re:moot point (Score:4, Insightful)
To... whom?
Let's assume that they did have a few hours rather than only 30 minutes. It was late on a Friday night in the United States and into the early hours of the weekend for the rest of the world. Who could they tell?
The news media wouldn't have reacted nor reported it any faster than they did. Even if they did report it immediately without "confirmation", it would have been heard by few people and hardly no one who could have done anything about it.
A post to their website would have only been seen by a handful of people at best. You can't force people to read your website.
What other avenue did they have? Their list of subscribers, of course. They sent out a mass email to those people as soon as they could.
What else could they possibly do?
I had them beat... (Score:5, Funny)
Moral obligation? (Score:5, Insightful)
Re:Moral obligation? (Score:5, Insightful)
Agreed (Score:5, Insightful)
So they chose the first. Big deal. Do you really think even a majority of these sysadmins would have firewalled their MS SQL server hours before it would be infected? Doubtful. If they didn't apply the patch from July of '02, then they're not going to immediately respond in a few hours to patch an impending threat.
Re:Agreed (Score:4, Insightful)
Lets say your run a business cleaning up crime scenes (Such business really do exist). You find out, hours before, that someone is going to walk into a mall and just open fire. Do you A) Tell your friends not to go to the mall, and make sure that you just happen to be around before the massacre occurs? or B) do you call the police?
Go with option A and you are an accessory to the crime and you go to jail. Even IF it was good for business.
The same thing occured here. If in fact symantec KNEW about the transimission of a crime before it occured, then they most likely broke the law by not contacting the proper authorities. Would it have prevented Slammer? Nah.. but it doesn't change the fact that YES they are completely required to share this information. The issue of morality is irrelevant, this is an issue of law.
Re:Moral obligation? (Score:5, Insightful)
"Moral responsibility" is a two-way street: if you (the company) expect me to have some, then show some towards me too.
Re:Moral obligation? (Score:3, Insightful)
Re:Moral obligation? I'd say so. (Score:5, Insightful)
Ford's service is making cars. Are you saying that Ford has a moral obligation to give me one, even though I haven't paid for it?
No - get the analogies right. If I, as a car servicing firm, knew of a part in a Ford car that could fail and cause the car to go off the road at random and I only let my best customers know, I would be sued for screwing around with peoples lives.
Not that I have any sympathy for either MS or Sympantec - Symantec gets to make money off the loopholes in MS's operating system in a strange almost parasitic relationship. The only thing that isn't clear to me is which company is the host...
Cheers,
Toby Haynes
Re:Moral obligation? I'd say so. (Score:4, Interesting)
I, as a mechanic, know that cars made by Ford had a recall (say for something like tires...). Now, of course it's in my best interest to inform *my* customers, but am I "morally obligated" to stop every passer-by on the street who's driving a Ford and tell them?
The point is, Microsoft admitted there was an issue and fixed it six months ago. Why is it Symantec's obligation to remind us all to secure our servers?
Re:Moral obligation? (Score:3, Funny)
"GIVE US THE LOOT, OR YOUR PC WILL NOT BOOT!"
Prosecute them.
Wrong, moron (Score:3, Troll)
Re:Moral obligation? (Score:5, Insightful)
Do you hold your friends or family to such low standards?
Do you hold other members of your community to such low standards?
Do you hold your elected officials and their appointees to such low standards?
This came up during the hearings for Edwin Meese for Attorney General. The Attorney General is the highest Officer of the Law in the land. For him to merely say, "I have been convicted of no crimes." is not ANY sort of endorsement for the office. It's barely a qualification.
When we rant against the poor and welfare, we argue that putting a safety net under these people will encourage them to fall into it, and not try to better themselves.
Isn't the law really an ethical and moral safety net? So is it any wonder that *some* sink to the net, just like some poor do with welfare? But the real problem comes when we EXPECT people and corporations to sink to the net, take for granted that they will, and dont' see a problem with that situation.
Businesses are a member of the community, too. I'd expect them to behave as ethically and civilly as any person. With a business, I only have my words and money as tools to 'encourage better behavior.'
Re:Moral obligation? (Score:3, Insightful)
Protection racket.
Let the onslaught begin! (Score:3, Informative)
It's more likely that their customers, since they must have some interest in security, had already installed firewalls and not left SQL server open to the entire internet though...
How does this announcement gain Symantec? (Score:4, Interesting)
They didn't quite say that (Score:5, Insightful)
It's a fairly fundamental difference.
Timezones? (Score:5, Insightful)
"According to Symantec spokesman Yunsun Wee, Symantec issued an alert about Slammer to DeepSight Threat Management System subscribers "at approximately 9 p.m. PST on Friday, Jan. 24."
Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th."
Accounting for timezone differences between EST and PST, would this not make the two times much closer to each other?
Re:Timezones? (Score:5, Insightful)
Shame on Symantec. Shames on Wired. Good thing we have the good folks at Slashdot to keep the news in perspective.
Re:Timezones? (Score:3, Interesting)
Re:Timezones? (Score:3, Informative)
Re:I'm a Idiot (Score:3, Informative)
Now, I've not always considered myself and idiot, but lately I've come to believe that's the case. For example, I find myself monitoring the North Korean News Agency [kcna.co.jp] and actually expecting to find news. I did, however, find this:
Symatic Antivirus Policy Flailed
Pyongyang, February 14 (KCNA) -- The DPRK calls upon the Symantic "corporation" to behave itself. Unchecked viral aggression under the guise of helpful support is obvious to all but the US warmongers. The peace of all nations is it at stake, and it should be noted that the so-called "Slammer" worm was an effort by imperialists to stifle the peace-loving livelihoods of the DPRK.
Now that the guise is unmasked, no one but war mongers see the clear provocations. The DPRK reminds the US that such clear efforts to undermine stability on the peninsula by allowing servers to go "unplugged" and "unfixed" merely underscore the fragile nature of the current nuclear-war situation.
So? (Score:5, Insightful)
I don't mean to sound like a troll or the least bit insensitive, but if the Windows sysadmins aren't keeping their servers patched then that's the sysadmin's fault. The finger of blame should be pointed right at the mirror. Keeping their servers updated and safe is their JOB, unless they have a security specialist, in which case it's their job.
Re:So? (Score:4, Informative)
Sorry, but installing patches is a non-trivial exercise.
Re:So? (Score:3, Insightful)
And plenty of unix admins still running insecure versions of apache, ftpd, and openssl.
MSFT has no monopoly on laziness, percieved or real.
A big part of it is the propellerheads releasing the MS-hotfixes or OS-patches dont realize that in an enterprise environment you dont always have the time to bounce a server, apply the patch, test, validate all code that was running prior to the patch.
Re:So? (Score:3, Interesting)
My guess is that the vast majority of Windows administrators do not subscribe to Microsoft's security advisories list and were not aware that they needed to fix a problem. This is probably due to shear ignorance and/or lack of responsibility.
Furthermore, tons of Windows servers are sitting out there which don't have anyone administrating them and keeping them up-to-date.
A lot of small companies simply don't want to pay someone a service contract to maintain such things, but GOD FORBID they don't get to have their expensive Exchange/File/Print server.
Re:So? (Score:3, Interesting)
Most admins are pretty trusting with Apache patches. Give them ten minutes of testing, mainly insure you didn't overwrite something during the install, and you're ready to go live. MS patches are larger and unwieldly. MS software also tends to have more unpredictable interactions than unix software. As a consequence, Unix admins who patch at all, tend to trust updates and patch more quickly. Of course not everyone will patch, many people have toy webservers they don't really admin, but that's beyond the scope of this.
Unix software also tends to be smaller and call other programs instead of doing everything in one executable. As long as the interface between the two works, you can keep your bug testing isolated to the segment you're patching. (Upgrade PHP, run PHP tests, not full webserver-and-CGI tests.)
Don't forget that MS themselves weren't in full compliance with this patch. There's the ability to auto-install updates, but they didn't for some reason. You'd think their admins would be the best, that they'd know all the tricks.
Gotta agree with the poster... (Score:5, Insightful)
Hmm.. (Score:5, Insightful)
I have wondered why a lot of these Microsoft-worms never seem to have a destructive payload. If you imagine a script-kiddie working hard in his mom's basement, you'd think he'd add a payload of some sort.
(hell, if I had the inclenation and the time to create a virus, I'd atleast change the Windows statup
It's almost like these Microsoft-worms were desingned to create panic and purchasing action, but no legalally actionable damage.
Just a rambeling thought.
Re:Hmm.. (Score:5, Insightful)
1) It was done for hack value, not vandalism.
2) With how many Windows computers there are out there, a simple worm has the ability to cause more than enough trouble.
As for Slammer not having a payload, that's because it was designed to fit in a single 505-byte UDP packet. There wasn't room for a payload.
Re:Hmm.. (Score:5, Interesting)
I always say when something like this happens - at least the attacker wasn't going for raw damage.
very intriguing (Score:3, Interesting)
How many windows users that you know that have virus protection software that came with their pc and has never been updated? They won't upgrade their virus software until they learn that it is necessary.
When do they find out it is necessary? When someone hits the web with a massive worm/virus. If nothing massive happens for a while, I'm sure antivirus companies are losing money. What better way to spike sales than by creating panic?
9PM PST == 12AM EST (Score:5, Insightful)
So explain to me again how they knew about it before anyone else? -kaos
Moral responsability is bollocks (Score:5, Informative)
Besides, I highly doubt Symantec is the cause of slammer, and because of that, they don't have any moral obligation to let anybody know about it. On top of that, we're talking about a matter of hours, not days or weeks. They probably told their clients "Uh, we think something's coming, so watch out". I highly doubt they would have had specifics.
Not trying to flame here or anything, but let's be a little realistic. If anyone's to blame, it should be Microsoft, for releasing the buggy program in the first place, or the sysadmins for not applying the paches, yadda yadda yadda.
PST vs. EST (Score:3, Insightful)
Symantec issued an alert about Slammer to DeepSight Threat Management System subscribers "at approximately 9 p.m. PST on Friday, Jan. 24." Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th.
For those of you who don't know the difference, EST is 3 hours ahead of PST. Thus DeepSight identified Slammer at about the same time as the 'rest of the Internet'Troll? (Score:5, Insightful)
Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th."
Uhh...that's about the same time isn't it Sparky?
Would it have changed anything? (Score:5, Insightful)
The people who paid for the warning are going to take it very seriously, but aside from that, I would wager that there would be enough doubt about the validity that measures wouldn't have been taken anyway. Patching the server has the obvious implication for many mission critical databases of a potential restart and potential for undesired change in functionality, so patching in many cases would require a testbed server and evaluation, which this warning provided insufficient time for. Blocking the port, or disabling that part of SQL server, for those with it enabled without needing it, means they need to understand what it does or does not do for them. If they already knew, they would have disabled it sooner, so you can't say they would immediately realize and shut it down.
no morals (Score:4, Insightful)
Magic Eight Ball Says... (Score:5, Funny)
How can you know this stuff Magic Eight Ball!!
Article got the time zones wrong (Score:3, Informative)
Ummm..."shortly after midnight EST" is pretty damn close to "approximately 9 p.m. PST"! It doesn't sound like Symantec had much advance knowledge at all.
They knew nothing (Score:5, Insightful)
Obligations (Score:3, Insightful)
If Symantec had a moral/ethical obligation to warn the rest of the world about Slammer before it was released, don't they also have an obligation to warn the rest of the world that if you're using a POS, buggy, perpetually frought with nastiness operating system that you're bending over and just asking for it anyway?
Fact is, even if they had said something, 50% of the world would have laughed because they're not running Windows, 5% of Windows sysadmins would have been at the consoles sweating it, and the rest of the world would have stayed in the recliner because they don't keep up with security updates anyway OR they have their heads so far up Gates' ass that they couldn't possibly believe it.
Personally, I sat back and laughed. How about you?
Symantec.... (Score:5, Insightful)
The same Symantec who's Norton Anti-virus product is prominently featured in a rash of spams in my inbox?
The same Symantec who claims to follow up on reports of this to spamwatch@symantec.com? That never seems to lead to any sort of actions?
The same Symantec who just changed their auto-renewal to cost people more money IN THE MIDDLE OF THE RENEWAL CYCLE?
Huh, who'd'a thunk it?
Glad I use somebody else's [redhat.com] anit-virus software [linux.org].
Michael's Added Statement (Score:3, Informative)
Libel - A false publication, as in writing, print, signs, or pictures, that damages a person's reputation. The act of presenting such material to the public.
Michael,
I know you're pretty opinionated and think highly of yourself, but you may want to reconsider posting such statements as it could adversely affect you and your employer.
Not enough time anyway.. (Score:3, Interesting)
The worm spread around the entire globe in minutes. And Symmantec didn't know about the worm in advance, they are simply saying that they knew about it before anyone else. (Which other posters have pointed out is BS - apparently journalists and corporate managers don't understand time zones)
Which leaves us with this simple fact: even if a sysadmin had gotten and read symmantec's message immediately, it is unlikely they would have had time to block the port and/or patch their server in time anyway! They may have already been hit in the time it took them to read the virus alert.
The fact that symmantec noticed it was happening is hardly surprising, they make money by detecting and stopping viruses. Of course they would notice when a ton of traffic on a certain port started inundating the internet.
This whole story is a load of crap. Hopefully wired will be more do a little more research in the future into the stories they display, but somehow I doubt it.
Symantec's claim makes NO sense (Score:3, Informative)
An "hour" before is a preposterous claim. They might have gotten in 10 seconds before, or even a minute if the first couple of copies were on bad links, but an hour is total, complete, and UTTERLY ridiculous claims to make.
The only way they could make the claim is if they found an extra-buggy, prerelease version. IF so, we need to know about it as it aids in understanding the author.
My bet is they saw some unrelated script-kiddie scanning (we saw some of this in our OWN data sets) and someone in marketing is trying to say that they saw the worm 2 hours ahead of time.
From the Symantec Web Site (Score:3, Insightful)
For example, the DeepSight Threat Management System discovered the Slammer worm hours before it began rapidly propagating. Symantec's DeepSight Threat Management System then delivered timely alerts and procedures, enabling administrators to protect against the attack before their environment was compromised. This combination of comprehensive up-to-the-minute attack data combined with effective solutions, patches, and countermeasures enable corporations to protect information infrastructure while avoiding downtime and lost productivity.
It sounds to me like a Tech Security company trying to boost sales of their new Threat Management System and Alert Services by stretching the truth. And we all know the sales and marketing folks would not blink an eye at fudging facts to sell their products.
Does this mean Symantec had anything to do with the Slammer virus (as Michael alluded to), I don't think so (and honestly to make an accusation like that is just plain ignorant).
Just my take. Now let the negative modding begin.
Moral Responsibility??? (Score:3, Insightful)
Symantec does not have a moral responsibility to inform the public. Symantec isn't a publicly funded corporation, or a government agency.
You do not have a right to benefit for free from the hard work of others. Symantec's ONLY moral responsiblity is to increase value to their shareholders. This isn't the late 1990's where you can create a technology company based on the idea of giving things away for free and expect that to fly.
Part of that responsiblity is to treat their customers right. Given a limited timeline, and the need to provide the most value possible, they chose to send an alert to some of their (presumably) biggest and best customers. I believe that Symantec worked in a very appropriate manner in this case.
Note: I didn't read the article. I did read quite a few articles yesterday when the link was posted on hardocp.com however.
Re:Moral Responsibility??? (Score:3, Insightful)
I think you're confusing moral responsibility and legal responsibility.
Warnings Are Useless (Score:4, Insightful)
Network Operations had to manually disconnect MANY servers which were just saturating the network. After doing this we got calls days later from people saying "My students are complaining that they can't access my server, any idea why this is?" So if you're expecting that every server has some crack squad of administrators scouring the net to make sure it's updated to the fullest - well sorry, it takes some people days to notice that their server isn't even on the network anymore.
I mean you'd think people would turn on CNN and see SQL WORM RAVAGES INTERNET, and think, gee don't I have a machine running an SQL server, maybe I should check up on that? But no.
The reality is that there was a patch available for this months before and nobody bothered to install it, I don't think a few more hours would have made much of a difference at least where I work.
Wake up people! (Score:3, Insightful)
Re:Imagine if CNN knews about 9/11 (Score:3, Insightful)
Re:Imagine if CNN knews about 9/11 (Score:3, Insightful)
Re:Doubtful. (Score:5, Informative)
Symantec correlates this information, and determines threats. They then relay this information to customers of the subscription service.
This may be what they are referring to.
Re:Doubtful. (Score:5, Insightful)
Virus writers are like vandals -- nobody is going to make graffiti where it doesn't get lots of public exposure.
Re:Doubtful. (Score:4, Insightful)
Time for a new theory
Re:Doubtful. (Score:4, Insightful)
While attempts with viruses and worms may be more due to populartiy, there are other factors [infoworld.com] that result in an insecure system.
Just saying that viruses and worms are more popluar because of Microsoft's success is mearly a cop-out. Their success should be a benefit to their security (more resources should be dedicated to it), not an excuse for it.
Re:Doubtful. (Score:3, Informative)
You so sure? According to the latest Netcraft survey [netcraft.com] Apache has 62% of the server market while all versions of Windows have only 27%. And you still see more Windows server viruses appearing (Slammer exploited bugs in the SQL server). If you want to talk about end users and desktops though, you'll have to find a email client that runs programs automatically with root-like priv's, then I might believe you.
Orange
Re:Doubtful. (Score:3, Interesting)
Indeed, that was also my first thought. The graphs I have seen over the activity for the first minutes looked like exponential growth with a doubling time of less than one minute. That would give at most half an hour between the very first infection and worldwide spread. If Symantec notified their customers hours before, that would be before the worm was released. Of course it is theoretically possible, that the author notified Symantec prior to release.
It's not that easy. (Score:3, Interesting)
MS Linux like OS X would be good. Windows isn't that bad of a UI it's just a piss poor backend that causes problems.
Re:It's not that easy. (Score:4, Informative)
I've written tons of windows software at work and not a bit of it requires anything beyong user rights.
...programmers' fault not MS... (Score:3, Insightful)
For years, features and fast development were up-front priorities on Windows, and security hadn't hit the radar screen. This encouraged sloppy programming, to get flashy new stuff out the door quickly. Somewhere in there, compatibility rose in the priorty scheme, as MS became a victim of its own success. Once upon a time, breaking old software was a way to encourage new software purchase. Now, breaking old software discourages new platform purchases, so compatibility has become necessary.
So old software, written in the days when security wasn't even an afterthought has to run on the new platform, or the new platform won't sell. At the same time, the new platform must be more secure.
Not an easy problem.
Someone mentioned sudo, but I guess that's got the commie pinko GPL on it.
Re:It's not that easy. (Score:3, Interesting)
Re:It's not that easy. (Score:5, Insightful)
Re:It's not that easy. (Score:3, Informative)
Re: (Score:3, Insightful)
Re:Doubtful. (Score:4, Flamebait)
There are as many 'hotfixes' and 'service packs' for linux based software, they just call them patches and releases.
Linux just isnt ubiquitous enough to be a worthwhile target. Yet.
All the bragging and dipshittery that uninformed OS fanboys are doing will bite them in the ass in a big way if linux is adopted into the mainstream.
Re:Doubtful. (Score:5, Insightful)
Re:Doubtful. (Score:4, Interesting)
Let me assist you in finding your clue: You can't remember the names of those worms because they had no discernible impact compared to Code Red or Slammer.
Everyone knows about Code Red and Slammer because they were frightening worms that caused a massive amount of damage. Hell, Gartner is telling people to not use IIS and migrate away because it is so damn buggy!
People do not hate IIS because it isn't *cool* they hate it because it is shit software that has caused millions and millions in damages.
Re:Doubtful. (Score:3, Interesting)
AND when the people who wrote that interface call and tell you to remove the patch so that their interface will work again.
You were saying something about keeping up with all the hotfixes, or should I worry about the business being able to have systems that talk to each other?
This really is a serious issue and I think it happens more often than people expect. In this case the client program should have been fixed, but corporate politics were used to force me to make the change to the database instead of them changing their client program.
But the main point is that only better software right out of the gate, without the need for a gazillion patches is the answer. Once you've been burned by a patch breaking your previously working systems, you get very wary of future patches.
God I hate SQL Server.
Re:Doubtful. (Score:3, Informative)
These bugs are biting Microsoft servers and in the enterprise Microsoft is a lonely little niche player. Linux/Unix dominate the server market *right now* and you just do not see these kind of internet threatening bugs/worms/viruses. Time to stop the excuses here people
Re:Doubtful. (Score:3, Informative)
Slammer was "self-propagating malicious code that exploits *multiple vulnerabilities* in the Resolution Service of *Microsoft SQL Server 2000*".
And if you believe that because the VMS people worked on the development of NT, NT is VMS based, you are the one talking out of the side of your neck with just enough knowledge to be dangerous. Even if it was the case where NT was completely based on VMS to the core, this doesn't change the fact that NT's security people have been sound asleep for years.
Pointless MS bashing does nothing but brand us zealots. But when a worm caused by bugs in Microsoft code, and probably (I'm not sure about this one) propagated by the incorporation of everything into the OS (much like the other worms having access to everything including your addressbook, etc) wreaks havoc all over the world, I think MS is fair game for bashing.
-bm
Re:Doubtful. (Score:3, Insightful)
Besides, NT is based on VMS, which is considered an equal to Unix.
Huh? just because Microsoft pirated Dave Cutler for the NT kernel doesn't make NT a VMS equivalent. Besides, being secure and fairly bug-free isn't a matter of what extant OS NT most resembles. It's a matter of priorities. MS values speed over quality, so we get video drivers in the kernel context, remote root exploits out the wazoo from SQL server, Exchange, and the other MS server software, a dotNet Beta that installs and activates enough IIS to propagate the IIS worm du jour, and, to top it all off, MS security patches that roll back previous patches, install new software, include draconian EULAs, or just hose your machine.
But really, we're just being petty.
Re:Unix is inherently better. (Score:3, Insightful)
<Homer Simpson>
I agree with you! In theory.
Communism works! In theory.
</Homer Simpson>
You are comparing the amount of time that UNIX (a common name for a wide number of totally different and constantly changing operating systems with different kernels, tools, applications, and philosophies) been tested to the release schedule of Windows (which is a product sold by a single company, generally released once every 1-2 years and patched just as frequently as any UNIX system that actually has a wide variety of useful software installed) and making a judgement on security. You know what? My television gets more miles to the gallon than the amount of electricity my grapefruit uses.
I agree with your subject line, but your content makes no sense. Then again, any old install script on UNIX can make anything setuid root, world-writeable, and world-executable, if you run it as root. The only way UNIX is more secure is if you read every line of code and every line of every script you run as root, and do everything else in a chroot-jailed sandbox. To be quite honest, that kinda thing would greatly decrease my productivity in any operating system, so I just backup my stuff frequently.
Re:Would it have mattered? (Score:3, Informative)
Re:Bah (Score:3, Interesting)
Re:Conspiracy Theory (Score:5, Funny)
That would be like having the US selling WMD technology to other countries and then invading them
later for having it. What responsibly sane organization would do that?