£10,000 Prize for Linux Virus Challenge Re-Issued

← Back to Stories (view on slashdot.org)

£10,000 Prize for Linux Virus Challenge Re-Issued

Posted by CmdrTaco on Saturday October 13, 2001 @03:45AM from the take-two dept.

mutantcamel writes "Eddie Bleasdale, the director of NetProject has been offering £10,000 to the first hacker to infect his Linux machine with a virus for the last two years, and so far no one has hit the jackpot. He's re-announced his challenge to virus writers following a Gartner report which told IT depts. not to trust MS server software because of recent worm attacks on their servers, but a Microsoft exec said yesterday that the hugely successful worm attacks were due to 'tardy' sysadmins."

2 of 296 comments (clear)

Min score:

Reason:

Sort:

Hope people have read the Gartner report... by SmileyBen · 2001-10-13 05:32 · Score: 5, Informative

Before people start slamming the Gartner report again, I hope they've read it. People seem to be under the impression that Gartner said that IIS simply wasn't secure and that other things are better - and that the response to this is 'duh, any machine which isn't updated isn't secure'. That isn't a valid response at all, because what Gartner very specifically said was not that IIS couldn't be secured, but that it is simply uneconomical because of the time and effort it takes to update IIS.

I.e. Just what they are saying is 'We all know you need good sysadmins to make sure systems are up to date with security patches, but in the case of IIS you'll have to employ someone to spend all their time doing this, and that simply isn't the least expensive way to go'....
Re:Have you ever worked as a real sysadmin? by warpeightbot · 2001-10-13 06:17 · Score: 5, Informative
I work in an enterprise unix environment and getting time for outages to apply patches is incredibly tough when you are running 24x7 systems that are critical to the operation of the customer.
WHAAAT?!?!
When I worked at a certain Very Large Airplane Company, we had a very simple procedure for emergency upgrades:
- Patch the backup server (you do have a backup server, don't you?)
- Fail over to the backup server (you do have a failover procedure, don't you?)
- Patch the main production server
- Fail back to main
Sometimes several days would elapse between the patch/failover/patch and the fail back.... because we had capacity planned the failover host to be able to run the production floor at full speed, and there was no use slamming things around without necessity. Besides, it was a good test for the failover machine to run for a day or three as production just to see....
Yes, most system incursions are preventable with good patching and good firewalling. Yes, this applies across ALL OSen. Yes, Microsoft code is crappy and the number of security updates is thru the roof, but that's not the point of this argument.
The point is that if you can't get an outage to apply a critical patch whose absence may cost you a full reinstall and a weeks' downtime, you have a management problem and a design problem, not a vendor problem or a sysadm problem..... and you need to be thinking (a) what's the best way to fix this, and if that doesn't give you any good answers (b) where do I want to work next. Because sooner or later somebody's going to 0wN j00, and if your ass isn't grass you'll wish it were.