The following opinion piece was written by Jonathan Yarden in response to the recent spate of viruses. It originally appeared in the Sept. 8 edition of the Internet Security Focus e-newsletter. The opinions expressed herein do not necessarily reflect those of TechRepublic or its editors.
August was a stressful month for most computer users and administrators as numerous worms—namely MSBlast, Nachi, and SoBig.F—raged across the Internet. All of these worms caused problems, but SoBig.F surely takes the prize for being the worst of the bunch.
Unfortunately, I suspect that SoBig.F will set the bar higher for the next Internet worm. SoBig.F continues to knock mail servers offline and frustrate users with countless copies of itself. Add that to the chaos and network problems caused by MSBlast and Nachi, and you've got a lot of angry folks.
The combined financial fallout of SoBig.F, MSBlast, and Nachi will easily be in the hundreds of millions of dollars. And as of this writing, none of these worms is showing signs of stopping, even when fixes are available. This is a watershed event for the Internet, but even more so for Microsoft, as it continues to be the target for such attacks.
Security is a fragile thing
After last month, there should be no doubt in anyone's mind that simple software defects can and will cause worldwide damage. Yet there are many questions and few answers for how to prevent this type of problem.
Microsoft's "kitchen sink" approach to Windows certainly doesn't help, especially when you consider the MSBlast and Nachi worms. Why does Microsoft keep stuffing things into Windows that most people don't need?
Microsoft's effort to dominate the software market and construct artificial barriers to competition is now the company's own worst enemy. The software giant may have won the world over with Windows, but now it needs to figure out how to support the software. And I don't mean telling people they must continually upgrade Windows to get better reliability.
By this time, most of the world has noted Microsoft's cruddy software security record. The multibillion-dollar empire gets zero points for anything it does correctly, and we're back to square one when it comes to Microsoft's accountability and Windows' reliability.
Windows is still fragile: Recent worms prove once again that several years and millions of dollars later, it takes only a small rock to break a glass house.
Old worms die hard
We're still not finished cleaning up after previous worms. Nimda, Code Red, and SQL Slammer regularly make appearances on the firewalls where I work, and they occasionally nail poorly maintained customer systems.
But keeping software up to date is a problem in itself on a number of levels. Microsoft is so frustrated that it's considering making software updates automatic. I'm sure that's a comfort to some, but I think it's a terrible idea—and it won't work anyway. When you're talking about tens of megabytes for service packs, a 56K modem isn't going to cut it as a link for downloading such updates.
August 2003 will go down in the record books as the worst month for Internet security since the Melissa worm. That is, of course, until the next worm comes around and does even more damage.
So how do you fix the problem? In my opinion, you can't really fix it because there are too many older Windows installations in the world, poorly maintained and in dire need of service packs.
But I have a simple solution that I think would work. Why doesn't Microsoft spend some of its multibillion-dollar cash chest and distribute Windows service packs free on CD? Don't charge anyone; just put boxes of self-booting CDs in stores nationwide. Users could simply put the CD in their computer, and the fix would automatically run. Once they restarted their computers their problems would be taken care of.
But then again, if Windows didn't have bugs, nobody would upgrade.