On the Enterprise Side

By Ryan Naraine  |  Posted 2005-05-16 Print this article Print

On the enterprise side, Wilson argued that Microsofts patch management advances were making a "big difference" in the patch deployment cycle. "Weve done a lot of work to make sure security updates are pre-tested and customers have more confidence to test and deploy patches quickly."

But even as the MSRC is taking partial credit for the lull in network worm activity, experts warn against claiming victory.
"I think weve seen plenty of disruption over the past year. The fact that we havent seen a worm is coincidental," said Jon Olstik, senior research analyst for the Enterprise Strategy Group.

"Yes, weve seen a lapse [in worm activity] since Sasser, but that doesnt mean there is a decrease in malicious attacks. Spyware is still painful. The mail-borne attacks are still painful. Were still dealing with a bunch of identity theft issues," Olstik said in an interview with Ziff Davis Internet News.

To read more about Microsofts troubles with the SQL Slammer worm, click here. Olstik said Microsoft deserved a pat on the back for recognizing the scope of the security problem and making the necessary investments. However, his applause comes with a caution. "Security problem in general is bigger than Microsoft. There are lots of non-Microsoft vulnerabilities that could lead to worm attacks."

Microsoft analyst Mike Cherry had very much the same message. "I dont mind crediting Microsoft for improving their response and communication to security issues. My one nervousness is that while we know how long its been since the last worm, we have no idea when the next one will hit."

Cherry pointed out that Microsoft continues to issue patches for "wormable" vulnerabilities at a fast clip. Since Sasser hit in May 2004, the company has released 32 "critical" bulletins to fix flaws that could be exploited without any user interaction.

"Microsoft should avoid gloating about a worm-free year. You just never know when the next ones coming or how bad its going to be. To imply that weve turned some kind of corner is premature. Its been a long time since 9/11; does that mean we should stop inspecting people getting into planes?"

Marc Maiffret, co-founder and chief hacking officer at eEye Digital Security, doesnt think a one-year break from a major worm points to any type of Microsoft victory. "It hasnt been that long, really. The only reason we havent seen a big attack is because no one has decided to sit and write one."

Read more here about criticism Microsoft faced after the Blaster worm. "The lack of worms has nothing to do with Microsoft doing a better job. If you think about it, worms are a bad thing for the bad guys capable of writing a big worm," Maiffret said in an interview. He pointed out that worms generally only cause disruption and raise the alarm over the need to patch vulnerable systems.

"My prediction is that well see a lot less worms. The critical, wormable vulnerabilities are still going to be there. But the awareness around patching that goes along with worm outbreaks is a bad thing for the bad guys. They dont want you patching."

"I dont want to downplay Microsofts efforts around security response, because theyre improved a great deal. But I dont think one year is a really a long time in between worms. Over the last five years, weve only seen about five major worms, so thats just about the average," Maiffret added.

The question was put to Microsofts Wilson: Have we seen the last of the big network worm? "Id hesitate to speculate on that," she said after a long pause. "The exploits are becoming more sophisticated everyday. The types of exploits are constantly evolving, so its hard to predict."

"What I can tell you is that Microsoft would be more responsive and more prepared in the event of any type of attack. Were more prepared today than we were a year ago when Sasser hit, and were constantly evolving our process to keep getting better."

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel