Joshua, a Microsoft program manager, doesn't agree that we should be trying to get lazy sysadmins to patch six-month-old holes in their software:
Sysadmins don't keep up with patches; just as the sun rises in the east. Blaming sysadmins does nothing to solve the problem.Instead, he says the reaction to this past weekend's attack shows the right way to handle it: Network providers working together to cut off traffic from such beasties; network managers putting into place plans for quickly isolating infected network segments.
Meanwhile, see what some Fusion users have to say about my calling sysadmins who didn't apply the SQL patch "dummies."
Back to CompendiumThe Slammer worm was highly visible but also extremely benign. Much more troublesome would be a worm that's essentially invisible but gathers sensitive banking info from, say, Bank of America, whose vulnerability is now obvious.
As long as they continue to use Microsoft products, sysadmins have absolutely GOT to keep their systems patched. Closing the barn doors after the horses are loose is entirely inadequate.
I lay a lot of the blame at Microsoft's feet since once you install a service pack there is no easy way to deinstall it. Installing a service pack or even a patch is always a risky proposition on SQL server and other products.
And who wants to be the first to install a newly released patch? Not me.
Although it is difficult to wade through the shear volume of patches and service packs for all products and make good decisions on what should and should not be applied, we have to do it, or face the consequences.
It would be nice if company management understood the complexity of this problem and the potential risks. However, even when you explain it to them, they do not grasp the significance.
Do we hold the networking organizations responsible for preventing attacks like this or does this clearily fall on the shoulders of the clients who fail to keep current on patches?
Posted by: Doug on February 6, 2003 08:59 AMPost a comment
