Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Users Blast Microsoft Over Worm Response

    By
    Dennis Fisher
    -
    August 17, 2003
    Share
    Facebook
    Twitter
    Linkedin

      While it was snarling corporate networks and causing headaches for IT staffs, the Blaster worm that tore through the Internet last week also appears to have burned up much of the goodwill Microsoft Corp. was beginning to accumulate in the security community.

      Widespread problems with the Blaster patch, issues with the Microsoft-supplied workaround, and a general dissatisfaction with the way the vendor handles updates have led administrators and security experts to lay much of the blame for the worm at Microsofts feet.

      Blaster, which hit the Internet last week, infects PCs running Windows 2000 or XP by initiating a TCP session on one of several ports. It then connects to a remote TFTP server, downloads the actual binary containing the worm and then begins scanning the Internet for other vulnerable machines. The worm is also set to launch a DDOS attack against the Windows Update site Aug. 16.

      As far back as the Code Red worm in 2001 and as recently as the Slammer outbreak in January, IT personnel were more apt to take some blame for failing to apply available patches. But all that has changed as admins tire of the criticism and of having to clean up vendors problems.

      “There is no good way to know whether every machine on a network is patched. At one point, you couldnt install the patch on Windows 2000 Service Pack 2,” said Paul Schmehl, adjunct information security officer at the University of Texas at Dallas, which was hit hard by Blaster. “There are myriad reasons for these things, and almost none of them fall into the category of laziness or incompetence. Those who criticize admins in these circumstances either have no experience in a corporate network or are fortunate enough to be in one that has enough money to fund expensive solutions to these problems.”

      Schmehl said he also believes that Microsoft has a responsibility to build into Windows a patch discovery and delivery tool that would give IT staffs a head start on keeping their networks updated. “The only way its going to happen is automation,” he said. “Microsoft should provide this free.”

      Through its Trustworthy Computing initiative, Microsoft has spent much of the last 18 months focusing on security in its products. The effort has drawn praise from around the industry, but the problems brought on by Blaster have set the companys security image back years.

      Officials at Microsoft, in Redmond, Wash., have acknowledged the problems with their patching infrastructure, but say that there is only so much the company can do to encourage customers to install the fixes.

      “Our best advice is still to install the patch when it comes out,” said Stephen Toulouse, security program manager at the Microsoft Security Response Center.

      But getting the Blaster patch has been a problem. Users report that the Windows Update site was unreachable for long periods as millions scrambled to download the patch. The mad dash to patch so many machines exacerbated long-simmering problems with the variety of Microsoft tools users employ to check patch levels. The Microsoft Baseline Security Analyzer and the Windows Update site are often unclear about whether certain patches have been applied.

      “Between MBSA and Windows Update, you have to watch the files version for yourself, it seems,” said Mark Deason, director of IT at Silverside Equipment Inc., in Reno, Nev. “Ive been doing this for a while, so Ive seen the promise and the delivery. Microsoft is really getting better. Unfortunately, the current reality of patches and patching systems is disruptive to systems and personnel, especially when delivery is faulty.”

      And, for users who couldnt get the software fix, Microsoft recommended a workaround of disabling the RPC DCOM (Distributed Component Object Model), the interface that Blaster exploits. However, that method doesnt work on machines running Windows 2000 Service Pack 1 or 2, which also led to confusion and anger.

      “[Microsoft] messed this up,” said Marc Maiffret, chief hacking officer at eEye Digital Security Inc., in Also Viejo, Calif. “We told them about it [before the worm appeared].”

      On top of these problems is even more frustration for Windows XP users. When the RPC service in XP fails, as it does during a Blaster attack, the default response is for the machine to reboot. So, XP machines infected by Blaster are forced into a continuous reboot cycle that is difficult to stop long enough to clean and patch. The reboot response can be changed manually, but most home users and many corporate users arent confident enough to make such a modification.

      “Most of the calls weve gotten have been from XP users whose machines are failing right in front of them,” said Art Manion, Internet security analyst at the CERT Coordination Center at Carnegie Mellon University in Pittsburgh. “They dont know how to get out of that reboot loop.”

      Dennis Fisher

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×