Is Microsoft to Blame for SQL Slammer?

Microsoft and its customers need to take joint responsibility for such security issues, several large enterprises said at the TechEd conference on Monday.

DALLAS—Microsoft Corp. and its customers need to take joint responsibility for security issues such as the SQL Slammer worm, which brought down systems all across the world earlier this year, several large enterprises said here at the TechEd conference on Monday.

During an enterprise customer panel, Nathan Hanks, the managing director of technology for Continental Airlines, admitted that the worm hit the company hard as it brought down its gate check-in systems.

"We cannot have undocumented servers that are responding to anonymous queries on DDP that allow buffer overruns. CIOs need people in place to figure out why port 1434 is open on publicly exposed firewalls.

"If those ports werent open, slammers would be a non-event. We have MSDE on every single gate PC in our hubs. We immediately failed at putting people on planes. Thats the issue at hand. Microsoft needs to fix that, and we truly believe that they will," he said.

But, at the same time, the airline has to own up to its responsibility and the fact that those open ports were exposed and that the worm penetrated its firewall. As any developer can write bad code, this is not necessarily Microsofts fault.

"My Linux server at home has three times the number of critical updates than my Windows XP box, which sits right next to it. Its just a fact that all the guys hacking Microsoft are Linux guys, thats the game here," Hanks said.

Gafar Lawal, the director of architecture at financial services firm Merrill Lynch agreed that the Slammer worm was not just Microsofts fault. "It [the SQL Slammer Worm] is Microsofts fault. It is our fault also," Lawal said. "We took it seriously that we did not install the patches that were required. We also took it seriously that Microsoft had such a flaw in their code," he said.

The issue is what processes customers took to address the issues that occurred. "We immediately started taking steps to make sure patches were applied on time," Lawal said.

Stan Sorensen, a director for SQL Server management, told eWEEK in an interview on Monday that both Microsoft and its customers have learned a lot from Slammer. In a series of customer feedback sessions following the worm, Microsoft learned a number of things.

"Many customers told us they were not aware of all the places that SQL and MSDE were in their environments. We found that those customers who had really locked down and monitored their systems had less issues with the worm," he said.

Customers also told Microsoft in no uncertain terms that they want help going forward to ensure that their systems are truly locked down. They also want an easier way to deal with and install the volume of patches coming from the company.

"There are currently a lot of ongoing discussions around this and what we can do to improve monitoring and management," he said.

More TechEd News: