[Reader-list] Re: WB Govt ties up with MSFT

Menso Heus menso at r4k.net
Sun Aug 5 17:45:49 IST 2001 

On Sun, Aug 05, 2001 at 12:23:59PM +0530, Raju Mathur wrote:

> 1.  Security.
> 
> Microsoft products have time and again demonstrated a regrettable lack
> of basic security features.  Recent incidents which have affected a
> sizeable portion of Microsoft-based servers and client systems on the
> Internet have served to highlight the fact that Microsoft makes
> Insecure Products.
> 
> The Code Red worm (computer virus) infected millions of servers on the
> Internet in June 2001 and coordinated them (without their
> administrators consent) to simultaneously attack the US White House
> web site.  The worm is still alive though dormant and no one knows
> exactly where and when it will strike again.  Needless to say, this
> worm only affects computers running Microsoft's most popular web
> server.

The patch for the Code Red worm was already available a long time before
the worm started to spread. If one would have followed the IIS 5 Security
checklist the server wouldn't have been vunerable in the first case. This
checklist got released I think at the same time as IIS 5 got released. 

So then, is this a problem in "Microsoft software"? I think not. The list 
for patches that comes for Unix/Linux systems is quite as long, bugs in 
bind, sendmail and apache would not make anyone happy either.

The situation is comparable to finding a bug in linux, releasing a patch 
and then not running this patch. The same would happen as happened now 
with the Code Red worm. 
In fact, the first worm ever written, back in in the days, targetted 
Unix machines. I do not find this a convincing argument. 
 
> Only a few days after the infamous Code Red attacks (on August 5,
> 2001), another worm which infects Microsoft-based web servers has been
> discovered and is at the time of writing being analysed to discover
> its potential to disrupt the world's computing and networking
> infrstructure.

Making use of the same hole? The problem here is not so much the security
hole as the 'smartness' of the person who wrote the worm. Especially now 
that the world is hanging together on fiber and data travels fast it is 
a matter of hours before the world is infected. 
 
> The SIRCAM virus which replicates itself using e-mail as the medium
> has been deemed such a major threat to computing infrastructure that
> Microsoft and the FBI have taken the unprecendented step of releasing
> a joint warning notice against it to all computer users in July 2001.
> Again, the SIRCAM virus only affects e-mail users who use Microsoft's
> products -- all other software is immune to this threat.

I had a discussion about email virusses once before on the nettime 
mailinglist. I then argued that a virus such as this could just as 
easily been written for linux systems for example yet that it is a 
bit more hassle there to get the user to actually execute the virus.

In Outlook people just click and pray for the best, with linux/unix 
systems one would have to save the file by hand first and then give 
it execute permissions. The person doing this is most likely also
the person that reads through the file first before doing so.

The problem as I see it is not as much with the Microsoft software 
which contains as much bugs as any operating system out there, but 
with the level of knowledge on the operating system a user uses. 

For some reason people find that they should not read any books on 
computer subjects since "everything just works". With an out of the
box install of Windows this is mostly the case and this works fine 
in a non-networked world. 
However, it still remains the responsibility of the user in my opinion
to take appropriate security meassures once they hook up their system
to a hostile environment such as the internet. 
People who lack to do so get what they deserve and sysadmins who lack
to do so get the same. 

When huge amounts of rogue traffic travels across the network, the 
network will have problems with this, whether this is a 'virtual sit-in' 
*cough* or a virus trying to spread itself. Both are bad. 

In the end it's all a matter of knowing what you're doing, whether you
run a Linux server or a Windows 2000 or own a Windows 95 desktop machine.
The problem is, unfortunately, that not a lot of Windows users seem to
know what they are doing. It is the job of the sysadmin to prevent misuse
then by setting up the network in a correct way and installing virus 
scanners on the network. Unfortunately, with Code Red, we have also seen
that there are a lot of sysadmins out there who do not understand there
job. And that, my friend, is the origin of the problem.

Menso

-- 
---------------------------------------------------------------------
Anyway, the :// part is an 'emoticon' representing a man with a strip 
of sticky tape across his mouth.   -R. Douglas, alt.sysadmin.recovery
---------------------------------------------------------------------

More information about the reader-list mailing list