.COMmentary: Worms–Big deal

.COMmentary: Worms–Big deal

By Mike Lotz

Worms—Big deal

By Mike Lotz

Okay, take a deep breath and chill out; the Code Red worm is not that big of a deal. Well, at least not yet.

Let’s look at the facts. Code Red invades Microsoft Internet Information Services web servers running on Windows NT or 2000, and then uses that server to begin scanning for more vulnerable machines, and the cycle continues. The first version defaces the web site, while the two variants floating out there do not.

It this serious? You bet it is. Is anybody going to lose any sleep over it? I doubt it. Why the government is making such a big deal about it, I haven’t a clue.

Folks, this really isn’t a big deal. In fact, most of the vulnerable web servers out there today are already infected with at least one version of the worm.

The only thing that scares me about Code Red is what it represents: the continued passiveness in the computer community concerning patching and updating of their resources. Certainly, the one needing the most Band-Aids is Microsoft’s infamous web server, which has more cracks and holes than a Rockford street.

This isn’t a knock on the system administrators, whose job is one I don’t envy in the slightest. In most cases, sysadmins are so swamped and under staffed that virus updates and server patches drop immediately down the priority list.

If this function is not a priority for you, may I suggest the services out there from companies like ISS, AtomicTangerine and SecureWerks, who can provide you with one of two things. Either they’ll audit your resources and report the findings with a cost/benefit analysis and recommendations for the best security for you, or they’ll take the less passive approach of completely hosting your security operation and take care of the patches themselves.

Formerly, it was your responsibility to take care of this stuff because you were supposed to be a good “Netizen.” Obviously, that concept never permeated throughout, so the industry has had to take the next step; taking you to court. The new fad in this wacky world of Internet law is suing someone who’s directly responsible for sending a virus, worm or some other intrusion your way because they didn’t properly update their systems.

I think that’s the best idea so far. If you don’t take care of security yourself, and you can’t give it to someone who will, then you become liable to those you harm because of your pure negligence. Sometimes, the law does work.

If you have any questions or comments, please contact me at questions@iwebwerks.com.

Enjoy The Rock River Times? Help spread the word!