Comments on: SQLSlammer takes its toll on the ‘Net

By: Anonymous

Anonymous — Tue, 28 Jan 2003 19:05:12 +0000

The ice cream truck is a disaster all on its own…

By: Anonymous

Anonymous — Tue, 28 Jan 2003 17:28:11 +0000

So that my last comment makes sense (my HTML-like epilogue was dutifully clipped): this is obviously an inside joke. So inside that Dave hasn’t even told me what the ice cream truck is all about…

By: Anonymous

Anonymous — Tue, 28 Jan 2003 04:51:34 +0000

I dunno, Dave. Could you add an ice cream truck to that disaster recipe?

By: Anonymous

Anonymous — Tue, 28 Jan 2003 04:40:46 +0000

There were "cumulative" MS patches that were less than cumulative, and if you installed the patch they didn't include, you broke the security fix, yes. And the patches, up until Sunday, were a pain to install.

But Dave and Joe are right: One of NT's selling points has been that basically any idiot can install it and very quickly have something that works. Systems with a steeper learning curve force you to know your system pretty well. I'll admit, learning Linux was a very painful experience for me, and sometimes I still get in over my head, but I know a whole lot about how the system functions. And the main reason I know about NT's internals is because I learned OS/2 first, and OS/2 had a lot less handholding but since NT was descended from it, that stuff applied.

So NT's selling point has been a problem for it also. Lots of people administering those systems who really ought not be sysadmins.

But while the server is easy to set up, it was very difficult to install the original version of this particular patch. Without a good grasp of the command line it was a royal pain to do.

Take all that and throw in cryptic documentation, and I have a hard time coming up with a better recipe for disaster.

By: Anonymous

Anonymous — Tue, 28 Jan 2003 00:36:38 +0000

I thought that to some extent these things (administering systems) were NOT supposed to be easy. Or is it that the MS patches for SQL Server were breaking precvious fixes?

Or is it a combination of the two?

By: Anonymous

Anonymous — Mon, 27 Jan 2003 19:29:57 +0000

To be fair, even if MicroSoft has changed their tune on security it will take years for this to really take effect. This most recent attack and the nimda one before it are as much an attitude problem as a problem with the software. Neither of these attacks should have been nearly as effective as they were. Reminds me of a study I did while at Nasa in the early 90's where we went and tried to break into the unix servers using the default admin passwords. We were able to get into almost 70% of all the servers just using the password the boxes were delieverd with.

I believe a big part of the problem is MS servers, especially SQL Server, are just too easy to setup and get running with reasonable performance. I know many companies that run SQL Server databases that are administered by Programmers/Managers with no admin experience while nobody would consider running an Oracle database without a trained and dedicated administrator at least on call (I work for one of these companies). You can get away with this because SQL Server setup is pretty much point and click and what you will get will work pretty well for most people and with 2000 its auto tuning feature actually works pretty well. Meanwhile if you don't tune your Oracle box well you will end up with one lousy performing box.

By: Anonymous

Anonymous — Sun, 26 Jan 2003 17:03:51 +0000

Everyone seems to have neglected a very important point about security that this worm brings to light. A bunch of "professionals" who should know better have their SQL Servers effectively connected to the Internet directly. There are worse things that could happen. Like hackers could access (or change) the data on those SQL Servers.
What is to stop the hackers from doing so?

1. The hackers don't know the servers are out there.
2. The hackers don't know the user names and passwords
required to access the data.

Given that this worm causes the servers to advertise their vulnerability, now everybody on the net knows where they are. Aren't we glad that users always choose secure passwords that can't be easily guessed? (Oops, they don't, do they?)

By: Anonymous

Anonymous — Sun, 26 Jan 2003 05:05:46 +0000

To be fair, back around 1988 (give or take) was the big rtm worm that rode roughshod through the internet and the mostly open UNIX boxes of the day. It did shut down the Internet for several days.

But even at that, it doesn't really compare to Nimda, Code Red, Klez, etc. that seem to pop up quarterly.