Slashdot Mirror
Symantec Claims They Knew About Slammer In Advance
truthsearch writes "Wired is reporting 'Symantec claims to have identified the Slammer worm that ravaged the Internet during the last weekend of January hours before anyone else did. Symantec then shared the information only with select customers, leaving the rest of the global community to get slapped around by Slammer.' I'm not bothered I didn't know Slammer was coming, but Symantec has a moral responsibility to inform the public if it thinks millions will be affected." It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release. Update: 02/14 16:54 GMT by M : Wired has their math wrong; Symantec apparently had at most 20-30 minutes of early warning. Symantec claims in this press release that they discovered the worm "hours before it began rapidly propagating".
I can see them spending a lot of time in court issuing statements like that. Since the worm cost [insert random() x billion] dollars in lost business according to the press litigation seems inevitable.
It's more likely that their customers, since they must have some interest in security, had already installed firewalls and not left SQL server open to the entire internet though...
Code, Hardware, stuff like that.
From the article: Symantec issued an alert ... at approximately 9 p.m. PST on Friday, Jan. 24. and Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th.
Aren't these the same time once timezones are factored in?
At least from a "We're a company, we exist to make money" standpoint. Symantec maintains that privledged list precisely so they can make money - they offer a "tell you before I tell anyone else" service, and people are obviously willing to pay for that.
Besides, I highly doubt Symantec is the cause of slammer, and because of that, they don't have any moral obligation to let anybody know about it. On top of that, we're talking about a matter of hours, not days or weeks. They probably told their clients "Uh, we think something's coming, so watch out". I highly doubt they would have had specifics.
Not trying to flame here or anything, but let's be a little realistic. If anyone's to blame, it should be Microsoft, for releasing the buggy program in the first place, or the sysadmins for not applying the paches, yadda yadda yadda.
Through acquisition, Symantec has access to several firms that have deployed "sensors" in many locations around the 'net. These sensors relay actvity information back to a central location.
Symantec correlates this information, and determines threats. They then relay this information to customers of the subscription service.
This may be what they are referring to.
actually thats the programmers fault not MS the programmers of windows programs being lazy assaholes are the reason that so many programs require admin rights to run properly.
I've written tons of windows software at work and not a bit of it requires anything beyong user rights.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
Sorry, but installing patches is a non-trivial exercise.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Ummm..."shortly after midnight EST" is pretty damn close to "approximately 9 p.m. PST"! It doesn't sound like Symantec had much advance knowledge at all.
Now, I've not always considered myself and idiot, but lately I've come to believe that's the case. For example, I find myself monitoring the North Korean News Agency and actually expecting to find news. I did, however, find this:
Symatic Antivirus Policy Flailed
Pyongyang, February 14 (KCNA) -- The DPRK calls upon the Symantic "corporation" to behave itself. Unchecked viral aggression under the guise of helpful support is obvious to all but the US warmongers. The peace of all nations is it at stake, and it should be noted that the so-called "Slammer" worm was an effort by imperialists to stifle the peace-loving livelihoods of the DPRK.
Now that the guise is unmasked, no one but war mongers see the clear provocations. The DPRK reminds the US that such clear efforts to undermine stability on the peninsula by allowing servers to go "unplugged" and "unfixed" merely underscore the fragile nature of the current nuclear-war situation.
It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release.
Libel - A false publication, as in writing, print, signs, or pictures, that damages a person's reputation. The act of presenting such material to the public.
Michael,
I know you're pretty opinionated and think highly of yourself, but you may want to reconsider posting such statements as it could adversely affect you and your employer.
Slammer hit so hard and fast (doubling every 8 seconds, peak scanning rate in 3 minutes, analysis.
An "hour" before is a preposterous claim. They might have gotten in 10 seconds before, or even a minute if the first couple of copies were on bad links, but an hour is total, complete, and UTTERLY ridiculous claims to make.
The only way they could make the claim is if they found an extra-buggy, prerelease version. IF so, we need to know about it as it aids in understanding the author.
My bet is they saw some unrelated script-kiddie scanning (we saw some of this in our OWN data sets) and someone in marketing is trying to say that they saw the worm 2 hours ahead of time.
Test your net with Netalyzr
Symantec didn't notify their customers hours before. According to the article, Symantec sent out a notice at 9 pm PST on 1/24. The article says the virus started propogating at 5:30 am UTC 1/25, which is 9:30 pm PST on 1/24. They also say that the rest of the internet started noticing the virus at about midnight EST 1/25, which is also 9 PM PST 1/24. I'm not sure who is changing all the times to make it sound like there is a large window of time, and I don't understand how the virus could propogate so quickly, yet people saw it before it started propogating -- and not just Symantec according to the article's time frame -- but Symantec did not beat the virus by hours.
The only thing I hate more than hypocrites are people who hate hypocrites.
Amazingly enough, Delphi 6 runs just fine on my machine without admin rights.
it's the popularity of the software.
You so sure? According to the latest Netcraft survey Apache has 62% of the server market while all versions of Windows have only 27%. And you still see more Windows server viruses appearing (Slammer exploited bugs in the SQL server). If you want to talk about end users and desktops though, you'll have to find a email client that runs programs automatically with root-like priv's, then I might believe you.
Orange
True, but how many servers do you need per desktop machine?
For http it's a couple of thousand or even hundred thousand and most people running unpatched and without firewalls are going to be the home users.
Davo -- Free speech, free software, AND free beer.
Delphi 5+ all run fine without Admin rights, although they must be installed by someone with those rights.
One does have to do some jiggering to get the debugger to work without Admin rights, but go figure -- you don't want just any user to have the ability to hook a random process, peek into it's every detail, and have the ability to modify it's contents.
Now, software like Nero needing special rights for users in order to work is just bad design.
The plural of "virus" is "viruses". Aside from that, Latin plurals end in "i", not "ii". For example, "magus" becomes "magi", not "magii". The notion of Latin plurals ending in "ii" probably comes from such words as "radii" (plural of "radius"). The reason "radii" has two "i"s is because "radi-us-" becomes "radi-i-".
"In antiquity the word virus had not yet acquired, of course, its current scientific meaning; rather it denoted something like toxicity, venom, a poisonous, deleterious, or unpleasant agent or principle, or poison in the abstract or general sense. [...] Nouns denoting entities that are countable pluralize (book, books); nouns denoting noncountable entities do not (except under special circumstances) pluralize (air, mood, valor). The term virus in antiquity appears to have belonged to the latter category, hence the nonexistence of plural forms." (taken from here) Also, "viri" is Latin for "men", so that's not it either. The word is "viruses".
I know i'm coming off like a jerk here, and normally i don't post just to criticise someone's spelling, but "virii" is a plague. It's because of mistakes like this that we have two words for "disc", and the bizarre spelling of "Thames" (i.e. people trying to make English correspond to its Latin/Greek roots). Anyway, i just thought i'd point that out. That word really bothers me (which i guess is somewhat sad).
Sources:/ v/virus.html
- http://dictionary.reference.com/help/faq/language
- http://www.perl.com/language/misc/virus.html
PS: Otherwise an interesting post, heh.
People say "virii", not because they think they are speaking latin, but because they think it
:-)
;-)
sounds good. They think it expresses what they want to mean.
Look at the whole damned French language for an example of what happens when people spend a few centuries speaking what they think is latin.
So the problem is not that you are right or wrong, but rather, that the people you would like to persuade do not care for your argument.
It's like the people who wish media would stop using "hacker", or that slashdotters would use "GNU/Linux" when they say "Linux"... The argument is sound, and compelling, but is completely lost on those it seeks to influence! Not only do they not care, they actually prefer to stick with their chosen usage! You'd do just as well to argue that "virus" should be a mass noun or a possessive state of being: It has virus. (Like "milk" -- en français, il vaut mieux qu'on dit du virus).
I wouldn't hold my breath waiting for "virii" to go away -- these people don't even CARE that some English words have latin roots!
Hey, that makes me wonder if there is any other language whose plurals are formed with a final -i or -ii?
Now, if someone DOES buy the argument that latin usage should influence English, I wonder if it is important to note that "virus" in latin refers to "poison"... I'm standing by my argument that it should be a mass plural, not a count plural!
It is easy to make the case against "virii" from the latin "virus" -- it is not "virius" therefore not "virii" in the plural.
My advice is to write and speak with proper usage, correct others when they ask you to proofread their copy, and not expect anyone else to upgrade their literacy in
What's next on your agendum?
-fb Everything not expressly forbidden is now mandatory.