22 08 2005

35% blame Microsoft for latest worm outbreak, reveals Sophos polls

Actually, what this poll reveals is that 35% of business users are clueless about computer security. With the media’s constant berating of Microsoft, one-third of users have bought the lie, hook, line and sinker. While the virus that took down Windows 2000 system did exploit a vulnerability in the operating system, it didn’t if you had upgraded from this six-year-old OS. It wasn’t even a blip on the radar screen in my enterprise. Meantime, the almighty Mac OS X had 44 patches released last week…44! And just how much press did this get? Not even close to what Microsoft suffered.

But there was no exploit, you say. You’re right. The virus writers are immature youngsters with script kiddies making multiple flavors of the latest exploit because they have no original ideas and want the bragging rights. So, they always choose the biggest target. Especially if the vulnerability is explicitly spelled out for them in the interest of “full disclosure”.

I’m a firm proponent of limiting disclosure. Do we need all the details out in the wild for threats to be created? Or do we need to apply the patch when it’s available and then hear about the problem?

The problem last week occured not only because administrators didn’t patch in a timely fashion, but they left systems exposed without firewalls, didn’t screen for vulnerabilities on the edge of their networks, didn’t upgrade in a timely fashion, a la Windows 2000 to Window 2003 and didn’t stop whining about how hard it is to maintain their environment. Sys admins, be proactive!




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: