Microsoft Blames Virus Spread on Failure to Patch

By Brett Glass  |  Posted 2003-02-06 Print this article Print

Microsoft has blamed the explosive spread of the SQL Slammer worm on system adminstrators' failure to patch their systems. Also, another hole found in Internet Explorer. Link to patch inside...

Microsoft has blamed the explosive spread of the SQL Slammer worm on system adminstrators failure to patch their systems. But do users and administrators have good reason to avoid applying patches? In a short but provocative piece, OReilly and Associates editor Andy Oram explains that patches -- especially the "mega-patches" posted by Microsoft -- often leave systems unreliable or even non-functional, and that many have reacted by avoiding even necessary updates. Users are also concerned that patches -- especially ones from Microsoft -- may bring changes they do not want, such as new DRM components that limit what they can do with their machines. This essay, by Yours Truly, also delves into the issue of patches in some detail. What do you think? Is it always a good idea to patch? Join our discussion and let us know. On 5 February 2003, Microsoft announced yet another security hole in its Internet Explorer browser. The flaw, which Microsoft labels as "critical," allows a hostile Web page to take over your computer and/or extract files from it. It affects all copies of Internet Explorer from version 5 on.
The flaw is described in detail in Microsoft Security Bulletin MS03-004. (Note that, ironically, you may not be able to view the "technical details" portion of the advisory if you are using a Web browser other than Internet Explorer.) The patch, which is cumulative, also covers other security holes in MSIE and is roughly 1 to 4 mebabytes in size (depending upon which version of the browser you have).
Brett Glass has more than 20 years of experience designing, building,writing about, and crash-testing computer hardware and software. (A born'power user,' he often stresses products beyond their limits simply bytrying to use them.) A consultant, author, and programmer based inLaramie, Wyoming, Brett obtained his Bachelor of Science degree inElectrical Engineering from the Case Institute of Technology and his MSEEfrom Stanford. He plans networks, builds and configures servers, outlinestechnical strategies, designs embedded systems, hacks UNIX, and writeshighly optimized assembly language.

During his rather eclectic career, Brett has written portions of the codeand/or documentation for such widely varied products as Borland's Pascal'toolboxes' and compilers, Living Videotext's ThinkTank, Cisco Systemsrouters and terminal servers, Earthstation diskless workstations, andTexas Instruments' TMS380 Token Ring networking chipset. His articleshave appeared in nearly every major computer industry publication.

When he's not writing, consulting, speaking, or cruising the Web insearch of adventure, he may be playing the Ashbory bass, teachingInternet courses for LARIAT (Laramie's community network and Internetusers' group), cooking up a storm, or enjoying 'extreme'-ly spicy ethnicfood.

To mail Brett, visit his Web form.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel