Internet Security Industry News
The world is grappling with virus invasions
August 20, 2003
Summer vacation, peer pressure, Swiss-cheese programming code and too-quick-to-click Internet users have combined to make the last two weeks a true adventure in computing.
The recent deluge of worms and viruses, including Tuesday's bombardment by the latest variant of the Sobig virus, may be a result of last week's Blaster worm tweaking adolescent egos, according to security experts. The same experts also slammed Microsoft and end users for the parts each played in the latest dramas. Blaster's "success" probably encouraged other malicious coders to devote the weekend to working on their own evil little creations, said Chris Belthoff, senior security analyst antivirus firm Sophos.
So combine the typical ego-ridden virus writer -- who may have more time to kill with school out -- with sloppy Microsoft code. Factor in users who are slow to patch their computers yet manage to click on virus-laden e-mail attachments, and you have inboxes laden with garbage and networks choked with nonsense. Security experts agree that ethics, better applications and educated systems administrators and users are the only way to stop virus and worm plagues.
But no one really knows how to get there from here. Microsoft, whose products have been the target of a half-dozen successful worm and viral attacks over the past two weeks, is being criticized for writing code that security experts refer to as "Swiss cheese": code that contains security holes that leave operating systems and applications open to far too many attacks. Virus writers bear ultimate responsibility for the malicious code they release, and users also need to educate themselves about safe computing, but experts said that the most effective fix would be for Microsoft to start producing significantly more-secure applications and operating systems.
"Which is easier? To get a couple thousand professional paid software engineers with at least four years of training each to follow established guidelines for writing secure code, or to get many millions of users with a wide variety of levels of technical expertise to make informed decisions about whether or not to exercise one of the functions for which the software they paid money to acquire is designed?" said security researcher Robert Ferrell. Microsoft took out a full-page ad in several major newspapers on Tuesday. In 2-inch-high block lettering, the ad shouted "Protect Your PC," and recommended that people use a firewall, install antivirus software and ensure it's up-to-date -- and use Microsoft Windows Update, which alerts users when patches are released.
"We're working hard to address this issue, but obviously we still need to do a better job of educating and informing our users and delivering patches to them," said Stephen Toulouse, a security program manager with Microsoft. Microsoft has even suggested that it will soon begin delivering and installing patches automatically, unless users specifically opt out. Currently, auto-install is an option.
But security experts said people have and will continue to refuse auto-install patches, mostly because people just don't trust Microsoft. "Microsoft's sloppy code and arrogance is coming home to roost," said network consultant Mike Sweeney.
"Anyone that remembers Service Pack 6 (a collection of security patches for system NT 4.0) will never let MS perform automatic updates on a system. SP6 was released and it promptly blew away thousands of servers, and there was not any recovery method other than a reinstall. Which is why Service Pack 6 now is SP6A."
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing