Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Claims They Knew About Slammer In Advance

Posted by michael on from the marketing-ploy dept.

truthsearch writes "Wired is reporting 'Symantec claims to have identified the Slammer worm that ravaged the Internet during the last weekend of January hours before anyone else did. Symantec then shared the information only with select customers, leaving the rest of the global community to get slapped around by Slammer.' I'm not bothered I didn't know Slammer was coming, but Symantec has a moral responsibility to inform the public if it thinks millions will be affected." It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release. Update: 02/14 16:54 GMT by M : Wired has their math wrong; Symantec apparently had at most 20-30 minutes of early warning. Symantec claims in this press release that they discovered the worm "hours before it began rapidly propagating".

8 of 548 comments (clear)

  1. Moral responsability is bollocks by Akardam · · Score: 4, Informative

    At least from a "We're a company, we exist to make money" standpoint. Symantec maintains that privledged list precisely so they can make money - they offer a "tell you before I tell anyone else" service, and people are obviously willing to pay for that.

    Besides, I highly doubt Symantec is the cause of slammer, and because of that, they don't have any moral obligation to let anybody know about it. On top of that, we're talking about a matter of hours, not days or weeks. They probably told their clients "Uh, we think something's coming, so watch out". I highly doubt they would have had specifics.

    Not trying to flame here or anything, but let's be a little realistic. If anyone's to blame, it should be Microsoft, for releasing the buggy program in the first place, or the sysadmins for not applying the paches, yadda yadda yadda.

  2. Re:Doubtful. by spring · · Score: 5, Informative

    Through acquisition, Symantec has access to several firms that have deployed "sensors" in many locations around the 'net. These sensors relay actvity information back to a central location.

    Symantec correlates this information, and determines threats. They then relay this information to customers of the subscription service.

    This may be what they are referring to.

  3. Re:It's not that easy. by haplo21112 · · Score: 3, Informative

    actually thats the programmers fault not MS the programmers of windows programs being lazy assaholes are the reason that so many programs require admin rights to run properly.
    I've written tons of windows software at work and not a bit of it requires anything beyong user rights.

    --
    Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
  4. Re:So? by phil+reed · · Score: 4, Informative
    Have you even looked at those patches? Microsoft patches, especially in a system like SQLServer, have a tendency to break running code. So, you can't just fling it onto a production server. Further, the bug exists in a database component that gets installed with a whole lot of other Microsoft software (like Visio, a CAD-like program). And reading the "how to install this patch" instructions would scare off almost everybody -- it's not automated like Windows Update.


    Sorry, but installing patches is a non-trivial exercise.

    --

    ...phil
    "For a list of the ways which technology has failed to improve our quality of life, press 3."
  5. Re:Would it have mattered? by WoodSmoke · · Score: 3, Informative
    I even doubt Microsoft would have had a bug fix out in time.

    The fix was in place 6 months before the Worm came out.

    WoodSmoke

  6. Article got the time zones wrong by DaBunny · · Score: 3, Informative

    According to Symantec spokesman Yunsun Wee, Symantec issued an alert about Slammer to DeepSight Threat Management System subscribers "at approximately 9 p.m. PST on Friday, Jan. 24."

    Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th.


    Ummm..."shortly after midnight EST" is pretty damn close to "approximately 9 p.m. PST"! It doesn't sound like Symantec had much advance knowledge at all.
  7. Re:Bag of Hammers (was "Big Surprise") by lvdrproject · · Score: 5, Informative
    Ok, i haven't reached the bottom of this page yet, but i'm willing to bet a couple dozen posters made this same mistake.

    The plural of "virus" is "viruses". Aside from that, Latin plurals end in "i", not "ii". For example, "magus" becomes "magi", not "magii". The notion of Latin plurals ending in "ii" probably comes from such words as "radii" (plural of "radius"). The reason "radii" has two "i"s is because "radi-us-" becomes "radi-i-".

    "In antiquity the word virus had not yet acquired, of course, its current scientific meaning; rather it denoted something like toxicity, venom, a poisonous, deleterious, or unpleasant agent or principle, or poison in the abstract or general sense. [...] Nouns denoting entities that are countable pluralize (book, books); nouns denoting noncountable entities do not (except under special circumstances) pluralize (air, mood, valor). The term virus in antiquity appears to have belonged to the latter category, hence the nonexistence of plural forms." (taken from here) Also, "viri" is Latin for "men", so that's not it either. The word is "viruses".

    I know i'm coming off like a jerk here, and normally i don't post just to criticise someone's spelling, but "virii" is a plague. It's because of mistakes like this that we have two words for "disc", and the bizarre spelling of "Thames" (i.e. people trying to make English correspond to its Latin/Greek roots). Anyway, i just thought i'd point that out. That word really bothers me (which i guess is somewhat sad).

    Sources:
    - http://dictionary.reference.com/help/faq/language/ v/virus.html
    - http://www.perl.com/language/misc/virus.html

    PS: Otherwise an interesting post, heh.

  8. Re:Bag of Hammers (was "Big Surprise") by fishbowl · · Score: 3, Informative

    People say "virii", not because they think they are speaking latin, but because they think it
    sounds good. They think it expresses what they want to mean.

    Look at the whole damned French language for an example of what happens when people spend a few centuries speaking what they think is latin. :-)

    So the problem is not that you are right or wrong, but rather, that the people you would like to persuade do not care for your argument.

    It's like the people who wish media would stop using "hacker", or that slashdotters would use "GNU/Linux" when they say "Linux"... The argument is sound, and compelling, but is completely lost on those it seeks to influence! Not only do they not care, they actually prefer to stick with their chosen usage! You'd do just as well to argue that "virus" should be a mass noun or a possessive state of being: It has virus. (Like "milk" -- en français, il vaut mieux qu'on dit du virus).

    I wouldn't hold my breath waiting for "virii" to go away -- these people don't even CARE that some English words have latin roots!

    Hey, that makes me wonder if there is any other language whose plurals are formed with a final -i or -ii?

    Now, if someone DOES buy the argument that latin usage should influence English, I wonder if it is important to note that "virus" in latin refers to "poison"... I'm standing by my argument that it should be a mass plural, not a count plural!

    It is easy to make the case against "virii" from the latin "virus" -- it is not "virius" therefore not "virii" in the plural.

    My advice is to write and speak with proper usage, correct others when they ask you to proofread their copy, and not expect anyone else to upgrade their literacy in

    What's next on your agendum? ;-)

    --
    -fb Everything not expressly forbidden is now mandatory.