Michael Bacarella mbac@netgraft.com
Wed Jan 29 15:46:52 PST 2003

> While it's fun (however unsporting) to blast away at Microsoft for its
> security deficiencies, IMO the free software world should view the
> Sapphire / Slammer worm as more a cautionary tale.  This is the sort of
> attack which _could_ potentially hit GNU/Linux or another 'Nix.  I feel
> that the likelihood is lower than that for legacy MS Windows, though
> there are a large number of likely poorly maintained GNU/Linux and other
> 'Nix systems live on the Net.

There are definitely reasons to blast Microsoft:

    1. They no doubt dismiss responsibility and blame it on the
       lazy sys admins who don't keep up to date with patches.

       Then it turns out they're infected with the worm themselves.

       I'm waiting for them to admit which is it, they have lazy slob
       sys admins too and are in no position to lecture, or that their
       products are too difficult to keep secure?

    2. Colleagues who are trying to apply this patch remark about how 
       darn huge it is and how difficult it is to apply.  If you have
       dozens of these machines, the time it takes to secure them
       by click 'n drooling at each machine is enormous (especially
       compared to a Linux/UNIX system).

    3. I've heard that while Windows Update will quickly notify you of
       newer, privacy invading editions of Windows Media Player, it is
       completely and utterly silent on MS SQL Server updates.

    4. Each patch that comes out is so huge and complicated that most
       people take a reactionary position towards applying them, instead
       of a proactive one.

    5. Would it really kill them if the default setting of MS SQL Server
       only accepted connections from local sockets?  Most of the
       hosts that have tried to infect me were clearly from residential
       connections, which to me says students, hobbyists, etc. installed
       it months/years ago to play with it, and have since forgotten it
       running on their machines.  A default ignore-network setting would
       have gone a long way into taking these people out of the worm's

Michael Bacarella                  24/7 phone: 646 641-8662
Netgraft Corporation                   http://netgraft.com/
      "unique technologies to empower your business"

Finger email address for public key.  Key fingerprint:
  C40C CB1E D2F6 7628 6308  F554 7A68 A5CF 0BD8 C055

More information about the linux-elitists mailing list