View Full Version : Microsoft Failed To Patch Their Own Servers!

Jan 28, 2003, 04:16 PM
Didn't see this posted anywhere else, sorry if this is a repeat.

:rolleyes: Apparently they failed to patch their own servers against the Slammer Worm.


Quote: Microsoft's policy of relying on software patches to fix major security flaws was questioned Monday after a series of internal e-mails revealed that the software giant's own network wasn't immune from a worm that struck the Internet last weekend.

Microsoft urged customers to fix a vulnerability in the SQL Server 2000 software, but it apparently hadn't taken its own advice. Moreover, despite its 1-year-old security push, the software giant still had critical servers vulnerable to Internet attacks.

I'm not sure if this is funny or scary???

Jan 28, 2003, 05:17 PM
Yeah i read about that in the new york times.

The main M$ servers got the patch but some of the internal ones totally got f'ed.

Edit: SQL Slammer

Jan 28, 2003, 06:58 PM
Hehe, even M$ doubts their own software. I prefer the term SQHell over that slammer term it was given, 'tis more descriptive ;)

Jan 28, 2003, 09:37 PM
They were talking about it tonight on The Screen Savers. Their explanation was that they hadn't got around to patching them yet. They mentioned about how this may give them more of an argument for "forced or automatic patches" from Microsoft without the end users knowledge.

That's getting even more scary.:mad:

Jan 29, 2003, 11:12 AM
Is this SQL slammer thing really MS's programming fault, or the problem is the huge popularity of MS products? I mean, MS products become frequent target because they are widely used, right?

I'm wondering if the same kinda thing would happen to Mac platform when Mac becomes very very popular? I'm very curious about this.

Jan 29, 2003, 11:22 AM
There has been speculation as to why there are so very few virus' on the Mac side besides the obvious reasons of "bang for the buck."

If you're a little virus dweeb and you want to make a splash, you're going to want to attack the largest segment. I've also heard that people of this ilk have a healthy respect for Apple and avoid bothering the platform. Would that be the case if Apples' machines and OS were the majority?

Well, we'll never really know, I suppose.

Jan 29, 2003, 02:29 PM
Mac Virus Myth

There is a widespread false belief that there are fewer Mac viruses that are spread each year because there are fewer Macs than Windows PCs.

This is wrong on several levels. The only truth in that is there are fewer Macs than Windows PCs, but even that is misleading.

Take a look at the stats for PC sales versus Mac sales, and you'll see a much higher number of PC sales, however take a look at the stats for Macs in use, and you'll see that Macs on average remain in use much longer than PCs.

As a result, the number of actual Macs in use compared to PCs is much higher than Mac sales versus PC sales.

How significant is the number of Macs in use? Well, take a look at all the major software vendors and see how the overwhelming majority produce for Mac. Take a look at Download.com or VersionTracker and see how many shareware developers are producing for the Mac platform.

You'll see that the Mac platform is very much alive and well in terms of developers.

In fact, you'll see that Macs in general are more alive and well than ever before.

In other words, there are more Macs in use today and more software available today for the Macintosh than ever before in the history of the platform.

Additionally, a larger majority of these Macs are engaged in riskier behavior than ever before, with filesharing, networking, email, downloading, and not running anti-virus software.

The assertion of why there are fewer viruses spread also fails because there are NO viruses released on the Mac. There hasn't been a single outbreak of a Mac virus in several years. It's been about a decade since the last wide-spread Mac virus.

Mac OSX has been out now for a couple of years and there have been ZERO, NONE, NADA, ZILCH viruses, worms, trojan horses, etc...

Now if you're a recent Mac switcher, or otherwise don't know much about Mac history, this argument about the Mac Virus Myth might not seem convincing at all to this point. However when point in historical context, it makes much more sense.

Go back to around 1989. Go to any Macintosh lab and find one of two scenarios... Either all the Macs are running Disinfectant, Virex or Norton, or all the Macs have a plethora of viruses.

Now keep in mind, there were fewer Macs in use back then, and only a small percentage were connecting to the Internet.

Viruses were widespread during this time, although they weren't much of a problem. Most were fairly innocuous and like human viruses, the more virulent, the less likely they were to actually do damage.

As a matter of fact, most viruses could easily be removed without any 3rd party software whatsoever... A simple reboot holding down Command-Option and rebuilding the desktop, or deleting preferences files would get rid of a lot of those viruses.

John Norstad deserves a lot of credit for reducing the virus risk on Macs. His free software was widely distributed, easy to use, and almost never interfered with normal operation of your Mac. Sure you were *supposed* to disable it before installing stuff, but I intentionally never did to see if it would interfere with anything, and I never once had a problem with it.

Contrast this with the expensive, difficult to use, difficult to maintain, and constantly interfering anti-virus software for the PC today.

Now skip forward to 1991. System 7 comes out and Apple did something really great. They altered the Desktop Database. This was how many viruses were spread. As a result almost all viruses for pre-System 7 no longer could spread, and those that could didn't do any damage.

Soon after, Apple changed the Desktop Database again, and then yet again, and soon Apple had an OS that there were no viruses for.

There were some viruses produced, but they were pretty well contained or were application specific stuff that were fixed easily with patches so they didn't spread much.

Imagine an OS upgrade that eliminates the ability of known viruses to attack, what a concept!

Now skip forward to OSX. Have you noticed how you need to enter a password to do pretty much anything that directly involves changes to your system? This is just one thing about OSX that helps provide security. Likewise there are things like a built-in firewall and so forth that make the Mac much more secure and protected against a variety of attacks.

Again, there are many more Macs in use today. There is a much larger percentage of them connected to the Net, sharing files, downloading and NOT RUNNING VIRUS PROTECTION.

Propagating a Mac specific virus today would be much easier than ever before, although creating the virus would be much more difficult.

Who creates viruses?

Virus creators fall into two camps. Most are script-kiddie-like. They don't create a virus, they simply alter an existing virus. While these are clearly wannabe losers, they do end up causing major havoc and damage. It's extremely easy to alter an existing virus for Windows, hence the number of the virus variants.

The second type of virus creator is much rarer. Unlike the wannabe, they typically aren't looking just to cause havoc. They are really trying to achieve something. They have something to prove. For them, there is a prize of knowing they exploited a vulnerability. If they do something unique, creative, and exploit an unknown vulnerability, they are self-perceived as Gods.

Keep in mind, Macs have a much smaller percentage of users running anti-virus software as compared to PCs. I wonder if there are more "unprotected Macs" in use than "unprotected PCs" in use... Unprotected meaning, no 3rd party anti-virus software.

So think about it...what would be the biggest prize? Attacking Windows and being perceived as yet another script kiddie, or being the first person to attack OSX?

BTW: I'm not saying that there won't be attacks on OSX. I think it's very wise to take some of the same basic precautions against attacks as those recommended to Windows users. The one major exception is that while on Windows, anti-virus software and constant updating is absolutely required and should be budgeted and scheduled, Mac OSX anti-virus software is a scam and should not be purchased.

BTW2: Part of the Mac Virus Myth comes from people with Macs taking their computer to a PC based technician when they're experiencing a problem. In the PC world, viruses are so common that when techs can't see a hardware problem, they naturally assume it's a virus.

I've heard numerous people say "their Mac had a virus", but when I ask what the name of the virus is, I get no answer. I ask what the problem was and where they took it, and upon investigation find that it was a simple user error, but the tech being PC based didn't know how to deal with something simple like opening the System Preferences Panel and change a setting, so instead they reformatted the hard drive (losing valuable data), re-installed the system software (which reset things back to a default setting), sell the customer a useless anti-virus program, and then send them on the way with a big fat bill.

My own father (a PC tech) once shouted that the behavior of a particular Web page was the result of a virus on my sister's Mac... "Uh, dad, did you consider that maybe it was just bad HTML?"

Jan 29, 2003, 03:46 PM
Virus creators fall into two camps. Most are script-kiddie-like. They don't create a virus, they simply alter an existing virus. While these are clearly wannabe losers, they do end up causing major havoc and damage. It's extremely easy to alter an existing virus for Windows, hence the number of the virus variants.

Nice explanation on virus creators. I sometimes wonder about the mentality of some people. You got to know that these people surf the web and are as susceptible to viruses as "normal" people are. For instance did the Slammer Worm creator decided that he wasn't going to go on-line this weekend, so lets try to bring down the internet?? I get this mental image of people that enjoy shooting themselves in the foot.

On a side note: I once crashed my computer installing a backup program. Lost a decent amount of data. Ah, the irony of it all.:rolleyes: Wasn't a Mac, I'm still Mac-less. It was running Win98. After that fiasco I put W2K on instead. It's a lot more stable, but I still have to kill a program or reboot several times a week. Hopefully I'll get to leave the Windows world behind one of these days.

Jan 29, 2003, 04:53 PM
What a fascinating and informative post, MacSlut. Thank you. :)