02:55 PM
Connect Directly
Repost This

Blame Game: Patch Complacency Behind Zotob Success

After a tough week for system administrators, now they're getting blamed for lackluster patch management and contributing to the success of this week's bot worms attacks on Windows 2000 machines.

Complacent network administrators are partly to blame for the success of this week's bot worms attacks on Windows 2000 machines, a Gartner analyst said Friday.

"I'd have to blame the software developer first of all," said John Pescatore, a Gartner research director. "What's the point of pointing blame at hackers, who are, after all, criminals? There will always be criminals. None of these attacks would have been successful if the vulnerabilities had been caught during development."

But next on Pescatore's list is a complacent "it won't happen" attitude among system administrators, a slow patch process, and a resulting window of opportunity for hackers.

"Since we haven't had a major worm since last year's Sasser, enterprises have slacked off," Pescatore argued. "'Nothing bad this month, nothing here,' they've been saying as Microsoft rolled out monthly patches.

"It's like someone saying, 'it's not rained in two months, so I'll hold off fixing the roof.'"

Such complacency has struck before. In 2002, the year after the destructive Nimda and Code Red worms, there wasn't a single major outbreak. "People started to relax then, too, and when 2003 hit with Slammer, they weren't ready," said Pescatore. During the last round of big-time attacks -- the 18 months running from early 2003 with SQL Slammer to late spring 2004's Sasser -- companies pulled out the stops to secure their networks, said Pescatore. "They authorized overtime to push patches out as quickly as possible, got critical patches down to just two business days, and all patches down to five days."

But then patching got lax again.

"You can't relax," said Pescatore. "You have to pay attention to vulnerability management, and patch as quickly as you can."

Joe Wilcox, an analyst with JupiterResearch, wasn't as quick to blame administrators. "Deployment of patches can take time, but unfortunately, that time may not be available," he said. "Businesses aren't consumers, who can just automatically have Windows install patches. Businesses have to take time testing the patch for compatibility. Patching is a big chore. What's needed are better [patch management] tools.

"I'd blame the criminals, the hackers, definitely," said Wilcox.

Microsoft, he added, is in a damned-if-they-do, damned-if-they-don’t position.

"A lot of viruses appear after Microsoft releases information," he said. "That alerts hackers to an opportunity. But to keep the vulnerability secret, that's not in the best interests of customers, either. Microsoft's doing the right thing by releasing the information, but only when a patch is available."

On Thursday, U.K.-based security firm Sophos released the results of a poll in which 35 percent of the 1,000 respondents blamed Microsoft for the Zotob troubles, 45 percent pointed fingers at the hackers, but only 20 percent said that the successful attacks were due to slow patching by administrators.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.