£10,000 Prize for Linux Virus Challenge Re-Issued

← Back to Stories (view on slashdot.org)

£10,000 Prize for Linux Virus Challenge Re-Issued

Posted by CmdrTaco on Saturday October 13, 2001 @03:45AM from the take-two dept.

mutantcamel writes "Eddie Bleasdale, the director of NetProject has been offering £10,000 to the first hacker to infect his Linux machine with a virus for the last two years, and so far no one has hit the jackpot. He's re-announced his challenge to virus writers following a Gartner report which told IT depts. not to trust MS server software because of recent worm attacks on their servers, but a Microsoft exec said yesterday that the hugely successful worm attacks were due to 'tardy' sysadmins."

5 of 296 comments (clear)

Does it have to be a virus? by neema · 2001-10-13 03:56 · Score: 5, Funny

Does he just want his linux box destroyed or does it have to be a virus? He can give me his address, I'll gladly fly down to his house and smash up his linux box with a bat for 10,000 pounds (that's around 14,534 dollars and 22 cents).
Have you ever worked as a real sysadmin? by dustpuppy · 2001-10-13 04:05 · Score: 5, Insightful

I agree that some of the responsibility lies with the sysadmin, but then again, the OS should be designed well enough that the patches are minimal.

I work in an enterprise unix environment and getting time for outages to apply patches is incredibly tough when you are running 24x7 systems that are critical to the operation of the customer.

Sure, we try to patch systems when we find out about security holes, but there comes a time when you cannot simply afford to take your systems down every week to apply new patches. Now I don't deal with MS stuff so I can't comment authoritively, but it seems that the number of patches with MS products is never ending. This stops being a sysadmin problem and becomes a vendor (ie Microsoft) issue. Ultimately, it's a sloppy coding issue that lies with Microsoft.
1. Re:Have you ever worked as a real sysadmin? by warpeightbot · 2001-10-13 06:17 · Score: 5, Informative
  I work in an enterprise unix environment and getting time for outages to apply patches is incredibly tough when you are running 24x7 systems that are critical to the operation of the customer.
  WHAAAT?!?!
  When I worked at a certain Very Large Airplane Company, we had a very simple procedure for emergency upgrades:
  
  Patch the backup server (you do have a backup server, don't you?)
  
  Fail over to the backup server (you do have a failover procedure, don't you?)
  
  Patch the main production server
  
  Fail back to main
  
  Sometimes several days would elapse between the patch/failover/patch and the fail back.... because we had capacity planned the failover host to be able to run the production floor at full speed, and there was no use slamming things around without necessity. Besides, it was a good test for the failover machine to run for a day or three as production just to see....
  Yes, most system incursions are preventable with good patching and good firewalling. Yes, this applies across ALL OSen. Yes, Microsoft code is crappy and the number of security updates is thru the roof, but that's not the point of this argument.
  The point is that if you can't get an outage to apply a critical patch whose absence may cost you a full reinstall and a weeks' downtime, you have a management problem and a design problem, not a vendor problem or a sysadm problem..... and you need to be thinking (a) what's the best way to fix this, and if that doesn't give you any good answers (b) where do I want to work next. Because sooner or later somebody's going to 0wN j00, and if your ass isn't grass you'll wish it were.
Windows Update? by sharkey · 2001-10-13 04:21 · Score: 5, Insightful

Microsoft exec said yesterday that the hugely successful worm attacks were due to 'tardy' sysadmins.

So the admins responsible for Windows Update are considered 'tards by Microsoft? After all, windowsupdate.microsoft.com was reportedly "hacked by Chinese" this summer.

--

--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
Hope people have read the Gartner report... by SmileyBen · 2001-10-13 05:32 · Score: 5, Informative

Before people start slamming the Gartner report again, I hope they've read it. People seem to be under the impression that Gartner said that IIS simply wasn't secure and that other things are better - and that the response to this is 'duh, any machine which isn't updated isn't secure'. That isn't a valid response at all, because what Gartner very specifically said was not that IIS couldn't be secured, but that it is simply uneconomical because of the time and effort it takes to update IIS.

I.e. Just what they are saying is 'We all know you need good sysadmins to make sure systems are up to date with security patches, but in the case of IIS you'll have to employ someone to spend all their time doing this, and that simply isn't the least expensive way to go'....