Symantec Claims They Knew About Slammer In Advance

truthsearch writes "Wired is reporting 'Symantec claims to have identified the Slammer worm that ravaged the Internet during the last weekend of January hours before anyone else did. Symantec then shared the information only with select customers, leaving the rest of the global community to get slapped around by Slammer.' I'm not bothered I didn't know Slammer was coming, but Symantec has a moral responsibility to inform the public if it thinks millions will be affected." It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release. Update: 02/14 16:54 GMT by M : Wired has their math wrong; Symantec apparently had at most 20-30 minutes of early warning. Symantec claims in this press release that they discovered the worm "hours before it began rapidly propagating".

Moral obligation?

[nakhla]

Since when does Symmantec have a moral obligation to do anything? They're a corporation. Their service is to detect and prevent network attacks. If you are willing to PAY for the service, then you get the benefits of it. If not, then it sucks to be you. Ford's service is making cars. Are you saying that Ford has a moral obligation to give me one, even though I haven't paid for it?

Re:Moral obligation?

[phil+reed]

The Internet is a cooperative enterprise. It behooves all the users to play nice with each other. Symantec evidently decided that their customer base was a higher priority than playing nice with everybody else. That's fine, and they are welcome to make that choice. They then get to live with the consequences, including the one where everybody else decides not to play with Symantec because of their attitude.

Timezones?

[remmy1978]

From the article:

"According to Symantec spokesman Yunsun Wee, Symantec issued an alert about Slammer to DeepSight Threat Management System subscribers "at approximately 9 p.m. PST on Friday, Jan. 24."

Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th."

Accounting for timezone differences between EST and PST, would this not make the two times much closer to each other?

So?

[fobbman]

Heck, Microsoft released a patch to fix this problem in June of 2002. Windows sysadmins had 6 months notice that it was a problem.

I don't mean to sound like a troll or the least bit insensitive, but if the Windows sysadmins aren't keeping their servers patched then that's the sysadmin's fault. The finger of blame should be pointed right at the mirror. Keeping their servers updated and safe is their JOB, unless they have a security specialist, in which case it's their job.

Hmm..

[zulux]

..... unless they had something to do with its release.

I have wondered why a lot of these Microsoft-worms never seem to have a destructive payload. If you imagine a script-kiddie working hard in his mom's basement, you'd think he'd add a payload of some sort.

(hell, if I had the inclenation and the time to create a virus, I'd atleast change the Windows statup .JPG to the 'gentleman who is affiliated with goats.')

It's almost like these Microsoft-worms were desingned to create panic and purchasing action, but no legalally actionable damage.

Just a rambeling thought.

9PM PST == 12AM EST

[kaosmunkee]

From the article...

According to Symantec spokesman Yunsun Wee, Symantec issued an alert about Slammer to DeepSight Threat Management System subscribers "at approximately 9 p.m. PST on Friday, Jan. 24."

Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th.

So explain to me again how they knew about it before anyone else? -kaos

Agreed

[Adam9]

I don't see why people expect companies to donate information that costs them to find. They could've used this info in two ways, the way I see it. First, is to share it to their corporate customers who pay to have this kind of early warning. Second, release it to the media, CERT, and other organizations and make sure they "advertise" that Symantec found it first.

So they chose the first. Big deal. Do you really think even a majority of these sysadmins would have firewalled their MS SQL server hours before it would be infected? Doubtful. If they didn't apply the patch from July of '02, then they're not going to immediately respond in a few hours to patch an impending threat.

Re:It's not that easy.

[cheezedawg]

So Borland Delphi and 6 other applications wont run without admin rights, and somehow that is Microsoft's fault? Why not blame Borland?

They didn't quite say that

[jpmorgan]

They said 'We knew all about it, but only told our paying customers. You should become one of our paying customers.'

It's a fairly fundamental difference.

Re:Doubtful.

[ipxodi]

If all copies of MS products were magically replaced with *nix versions tomorrow, we'd see *nix oriented viruses the day after tomorrow. It isn't the label on the box, it's the popularity of the software.
Virus writers are like vandals -- nobody is going to make graffiti where it doesn't get lots of public exposure.

Re:Doubtful.

[manyoso]

Unix/Linux dominate the market for servers and databases. Oracle is the most widely used database the last time I checked and SQL Server was third. Unix/Linux *is* ubiquitous for servers. Microsoft is the niche player and it is Microsoft that is producing softare so buggy that it is hobbling the internet.