Hawk's Nest

Sunday, August 21, 2005

35% blame Microsoft for latest worm outbreak, reveals Sophos polls

Actually, what this poll reveals is that 35% of business users are clueless about computer security. With the media's constant berating of Microsoft, one-third of users have bought the lie, hook, line and sinker. While the virus that took down Windows 2000 system did exploit a vulnerability in the operating system, it didn't if you had upgraded from this six-year-old OS. It wasn't even a blip on the radar screen in my enterprise. Meantime, the almighty Mac OS X had 44 patches released last week...44! And just how much press did this get? Not even close to what Microsoft suffered.

But there was no exploit, you say. You're right. The virus writers are immature youngsters with script kiddies making multiple flavors of the latest exploit because they have no original ideas and want the bragging rights. So, they always choose the biggest target. Especially if the vulnerability is explicitly spelled out for them in the interest of "full disclosure".

I'm a firm proponent of limiting disclosure. Do we need all the details out in the wild for threats to be created? Or do we need to apply the patch when it's available and then hear about the problem?

The problem last week occured not only because administrators didn't patch in a timely fashion, but they left systems exposed without firewalls, didn't screen for vulnerabilities on the edge of their networks, didn't upgrade in a timely fashion, a la Windows 2000 to Window 2003 and didn't stop whining about how hard it is to maintain their environment. Sys admins, be proactive!


Post a Comment

<< Home