.COMmentary: Worms–Big deal
By Mike Lotz
By Mike Lotz
Okay, take a deep breath and chill out; the Code Red worm is not that big of a deal. Well, at least not yet.
Lets look at the facts. Code Red invades Microsoft Internet Information Services web servers running on Windows NT or 2000, and then uses that server to begin scanning for more vulnerable machines, and the cycle continues. The first version defaces the web site, while the two variants floating out there do not.
It this serious? You bet it is. Is anybody going to lose any sleep over it? I doubt it. Why the government is making such a big deal about it, I havent a clue.
Folks, this really isnt a big deal. In fact, most of the vulnerable web servers out there today are already infected with at least one version of the worm.
The only thing that scares me about Code Red is what it represents: the continued passiveness in the computer community concerning patching and updating of their resources. Certainly, the one needing the most Band-Aids is Microsofts infamous web server, which has more cracks and holes than a Rockford street.
This isnt a knock on the system administrators, whose job is one I dont envy in the slightest. In most cases, sysadmins are so swamped and under staffed that virus updates and server patches drop immediately down the priority list.
If this function is not a priority for you, may I suggest the services out there from companies like ISS, AtomicTangerine and SecureWerks, who can provide you with one of two things. Either theyll audit your resources and report the findings with a cost/benefit analysis and recommendations for the best security for you, or theyll take the less passive approach of completely hosting your security operation and take care of the patches themselves.
Formerly, it was your responsibility to take care of this stuff because you were supposed to be a good Netizen. Obviously, that concept never permeated throughout, so the industry has had to take the next step; taking you to court. The new fad in this wacky world of Internet law is suing someone whos directly responsible for sending a virus, worm or some other intrusion your way because they didnt properly update their systems.
I think thats the best idea so far. If you dont take care of security yourself, and you cant give it to someone who will, then you become liable to those you harm because of your pure negligence. Sometimes, the law does work.
If you have any questions or comments, please contact me at firstname.lastname@example.org.