If the ‘Net was slow today, it was because of a new worm, called SQLSlammer, that infected vulnerable Windows servers running Microsoft’s SQL database.
The exploit it used was old, but it was made possible because Microsoft’s cumulative hotfixes not being cumulative, and one of the patches not included, if applied afterward, reverted the server back to its vulnerable state. This was not mentioned clearly in the documentation for the hotfixes. Probably Microsoft didn’t know–until it was too late.
But in some cases it’s not Microsoft’s fault. Try getting a pointy-haired boss to give you 15 minutes’ downtime per server so you can roll necessary security patches across your enterprise. Since many people who ultimately make IT decisions never actually administered a Windows server in their careers, a lot of bad decisions get made and servers stay unpatched, as a matter of policy, either out of fear that a patch that closes a security hole might create a new bug, or that some remote VPN user in Kenya might be trying to work during that proposed scheduled time.
Linux got a bad rap in the security press last year because it allegedly had more security vulnerabilities than Windows did last year–never mind that a vulnerability in, say, BIND would get counted several times because it’s included in every Linux distribution, so whereas a vulnerability in IIS would get counted once against Windows’ total, a vulnerability in BIND might get counted 8 times.
We’ll ignore that. Fine. Linux has a larger number of security problems and vulnerabilities than Windows does. Fact. Undeniable. Fine. Answer this question then: Has any worm affecting Linux ever had the devastating effect that SQLSlammer had? That Nimda had? The most notorious worm that affected Linux was called Slapper. Do you remember it? More than 60% of the servers on the ‘Net run on Apache. A worm affecting Apache should have been huge. It wasn’t.
Statistics are, well, statistics. Just because I can find you a set of numbers that suggests the sky is pink doesn’t make it any less blue.
Why anyone, anywhere, has a Windows server on the ‘Net with anything more than port 80 exposed is beyond me.
Trustworthy Computing? Nice buzzwords. Billy Gates has yet to put any meaning into them.
And incompetence rises. Managers didn’t learn from Nimda, so they won’t learn from this either.
Great combination. What does it mean? History will repeat itself. Something like this will happen again. Probably sooner rather than later.