Patch worth little security

The SQL Slammer worm causes havoc for computers worldwide

A year has passed since Microsoft Chairman Bill Gates sent a company-wide e-mail announcing Microsoft would make boosting security of its software a top priority. That e-mail either never arrived on every employee's computer, or perhaps some never took the time to open and read it.
And so, a few weeks ago a good chunk of the Net was clogged by a worm that attacked a Microsoft product. SQL Slammer, as the devastating critter is called, managed to multiply and cause damage comparable to that of Code Red.
Entire North American, European, and Asian sub-nets found themselves under the attack of a worm capable of turning some tens of thousands of servers into unknowing data spreaders, thus clogging the network, especially between Saturday night and Sunday morning.
SQL Slammer targeted machines running Microsoft SQL Server 2000 or Microsoft Desktop Engine (MSDE) 2000, two programmes that are not found on every PC but are quite frequent on servers or machines managing remote databases. Even though the Service Pack 3, recently released by Microsoft, had secured many servers, all those that had not installed the latest patch had trouble over the weekend.
The operation of SQL Slammer, which immediately attracted the attention of Microsoft Technet, is entirely based on its ability to copy itself and send queries over the networks looking for other servers, which translate into a denial-of-service attack. A task force of CERT, the Emergency Response Centre of the U.S. Government, also tackled this threat.
According to early estimates by U.S. experts, probably the hardest-hit country, in the worst phases about 20 percent of the traffic was lost.
The experts are concerned that the abilities of this worm might be used in the future for creating more dangerous variants, not limited to attacking the connectivity but with more aggressive payloads, such as file erasure and more.
Microsoft placed responsibility on computer users who failed to install a patch that had been available since at least last June. The fact is, not even Microsoft's own network proved immune to the worm, which attacked some of the company servers, compelling the staff to work around-the-clock in order to get rid of the unwelcome guest. "Microsoft was completely hosed (from Slammer). It took them two days to get out from under it," said Bruce Schneier, chief technology officer of Counterpane Internet Security, a network monitoring service provider. "It's as hypocritical as you can get."
"We should have done a better job" in protecting the company's own network, Mike Nash, corporate vice president of Microsoft's security business unit, said on Wednesday during an interview with Cnet.com. "We understood some things customers were facing and it, in some ways, helped us. It was a learning course."
"Trustworthy Computing is failing," Russ Cooper of TruSecure Corp. said of the Microsoft initiative replying on the technology portal site. "I gave it a 'D-minus' at the beginning of the year, and now I'd give it an 'F."
The computer expert acknowledges that even installing the patch and following Microsoft's advice, computers would be hit. A lot of experts criticized Gates' company for their patch policy that focuses resources on the fix rather than on the final product that comes out.
Whether this is true or not, this questions once again Microsoft's real capability to secure its products. Will this be enough to sway Windows users? Maybe not, but for sure Macintosh users must be wearing an ironic smile.

Publication Date: 2003-02-09
Story Location: http://tandemnews.com/viewstory.php?storyid=2323