A Wake-up Slap for Linux Administrators

eLABorations: New 'Slapper' worm shows the importance of diligent patching-yet again

Right now is not a good time to try and run a secure commerce Web site, at least if youre a Web administrator who forgets to patch systems.

On the heels of the late-summer discovery of security holes in both Apache and Microsofts Commerce Server, a new worm is cleverly exploiting a month-and-half-old security hole in the OpenSSL secure transactions application used by Apache and other Web servers.

The Slapper worm, which specifically attacks Linux systems running Apache and is reportedly the first to use a peer-to-peer architecture to spread itself, has had little trouble finding unpatched systems to exploit (although compared to much more virulent worms such as Nimda, Slappers progress has been characterized as slow). This is despite the fact that a patch for the hole that Slapper exploits was made available the same day the hole was announced.

It used to be that Unix and Linux system administrators were much more likely to monitor, fix and patch their systems than were their Windows servers counterparts. Generally, they had a pretty good feel for the internal workings of their systems, since they had customized so much themselves.

I guess the poor patching record that Slapper is taking advantage of is an unintended consequence of the inroads Linux has made in reaching nongeek users.

Even more confusing is that, according to the latest Netcraft Web server survey, administrators of secure Web servers appear to be less likely to update their servers than those administering standard Web servers. Given the fact that SSL is used to secure business transactions and sensitive information, this makes no sense at all.

One would think that after all this time wake-up calls are no longer necessary, but I guess thats not the case. Its a simple fact: If there is a security hole, then someone will write something that exploits it. Its much nicer to be on the side of those who have patched and are unaffected by the ensuing worms and viruses than to be one of the victims.

And for those of you who have patched and would like to do something else to stop the spread of worms like Slapper, you might want to take a look at one of my favorite utilities, LaBrea, which prevents worms from spreading.

Do administrators who fail to patch their servers get what they deserve? Let me know at jim_rapoza@ziffdavis.com.