Microsoft vs. SQL Slammer

January 29th, 2003 Comments Off on Microsoft vs. SQL Slammer

The Register published four internal memos from Microsoft detailing its fight to contain the spread of the worm (see its source code) that attacked SQL Server last Saturday.

The article also points that the fix was hard to apply. If we consider that service packs from Microsoft are prone to cause collateral effects, it’s easy to see why many administrators didn’t apply the patch. Nonetheless, that should not be used as an excuse to blame Microsoft for all troubles caused by its bugged software. If people choose a platform, it’s their responsibility to deal with its problems. On the other hand, prevention alone may not be enough to protect systems. Bruce Schneier, talking about prevention and hacking insurance, said: “The notion that you must rely on prevention is just as stupid as building a brick wall around your house. That notion is just wrong.”

Anyway, this is a major point for open source software, in my opinion. Historically, open source response to security threats has been far better than closed source responses. Also, open source users are more likely to apply patches and keep their systems updated because of higher security awareness in their communities and the better quality of patches.

But I just wonder who will get the blame the next time a worm hits a Microsoft product, and no patch is available.

Comments are closed.

What's this?

You are currently reading Microsoft vs. SQL Slammer at Reflective Surface.