Code Redux

I don't understand why Symantec classifies a "remote root" exploit as only "medium" damage. Code Red ^[?] is hitting cable modem networks especially hard, as the new variants scan "nearby" IP's in preference to random ones, which has apparently caused enough damage and network congestion that AT&T's residential broadband division (MediaOne) has cut off port 80 across their network to try and halt the spread of the worm, or so several submitters reported. Newsforge has a story about various reactions to the worm, and reader nettdata sent in an interesting story about the worm becoming the main course at a dinner of security specialists.

Why Symantec says that Code Red is medium.

[milkman1]

It is very emberassing for Microsoft to be responsable for the biggest true worm (as opposed to email worms which can be blocked at a small number of points) in internet history.

It is well known that Microsoft could easily crush Symantec. Almost all of Symantec's products fill holes in the Windows Family Line that do not exist in other operating systems. According to reports that I have read, the Windows XP betas have, firewall software, remote access software, older operating systems have also hurt the viablity of Symantec products.

It is clearly in Symantec's best interest to ensure that Microsoft does not add to many of these new features, and when it does to water them down or license Symantec technology. It would be very easy for microsoft to include a powerfull firewall system based on one of the BSD firewall systems. But instead they have included a weak fire wall that most security consciuos users would find lacking. Microsoft Scan Disk and Defrag are also both examples of code that have been watered down. The code for defrag is even licensed from symantec.

In the past, companies that have made Microsoft look bad have been crushed. Symantec does not want to suffer the same fate