Slashdot Mirror
Symantec Claims They Knew About Slammer In Advance
truthsearch writes "Wired is reporting 'Symantec claims to have identified the Slammer worm that ravaged the Internet during the last weekend of January hours before anyone else did. Symantec then shared the information only with select customers, leaving the rest of the global community to get slapped around by Slammer.' I'm not bothered I didn't know Slammer was coming, but Symantec has a moral responsibility to inform the public if it thinks millions will be affected." It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release. Update: 02/14 16:54 GMT by M : Wired has their math wrong; Symantec apparently had at most 20-30 minutes of early warning. Symantec claims in this press release that they discovered the worm "hours before it began rapidly propagating".
Do you honestly believe that all the viruses come from joe sixpack sitting in his basement with nothing better to do?
thats what makes the extra special account worth it.if they told everyone, then whats the point in paying for the extra notice?
(not that I agree with not telling everyone, that just seems to be the why)
So I can see from a "greedy" standpoint why they would only tell select customers, but the "moral" side of me is aghast that -if they knew- they didn't tell.... Horrible!
Just wait til next week!
HA HA HA HA HA [silence]
HA HA HA HA HA [silence]
HA HA HA HA HA [silence]
Unless they helped the Korean program the thing. I unfortunately have to use MS products (my company pay's me to) and it's a constant waste of time applying the daily hotfix, backing up, testing, implementing, ...
.Net front end would be secure, fast, OSS Core, and finally kill 99% of the reason the internet sucks.
Why doesn't MS just give up with their POS OS and go to a Unix core like OS X. MS Linux with a
Oh well, guess I'm dreamin.
Wee did not respond to requests for further clarification of Symantec's policy regarding the public release of threat information.
Probably because he's suddenly realized just how far he has jammed his foot into his mouth.
Symantec, do you really expect me to buy any more of your products?
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
I knew about Slammer in 1988. (Take a look at Jim Brown's character.)
How are you going to keep them down on the farm once they've seen Karl Hungus?
Since when does Symmantec have a moral obligation to do anything? They're a corporation. Their service is to detect and prevent network attacks. If you are willing to PAY for the service, then you get the benefits of it. If not, then it sucks to be you. Ford's service is making cars. Are you saying that Ford has a moral obligation to give me one, even though I haven't paid for it?
I can see them spending a lot of time in court issuing statements like that. Since the worm cost [insert random() x billion] dollars in lost business according to the press litigation seems inevitable.
It's more likely that their customers, since they must have some interest in security, had already installed firewalls and not left SQL server open to the entire internet though...
Code, Hardware, stuff like that.
I'd have to agree with Michael.
Even if a private security guard were working for someone, and he witnessed (or had a chance to prevent) a crime in progress, he would still be responsible.
I think. But thats just my moral compass talking.
OK, I don't get it... How does Symantec going "We knew all about it but we didn't tell you" make Symantec look good in any way? I know I get annoyed when people behave like that... So anyone have a thought on exactly how this benefits Symantec?
.: Max Romantschuk
...but then would it have changed much considering that days later some servers were still unprotected against slammer ?
Sorry, but that is not a similar situation. Not even close.
From the article:
"According to Symantec spokesman Yunsun Wee, Symantec issued an alert about Slammer to DeepSight Threat Management System subscribers "at approximately 9 p.m. PST on Friday, Jan. 24."
Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th."
Accounting for timezone differences between EST and PST, would this not make the two times much closer to each other?
Heck, Microsoft released a patch to fix this problem in June of 2002. Windows sysadmins had 6 months notice that it was a problem.
I don't mean to sound like a troll or the least bit insensitive, but if the Windows sysadmins aren't keeping their servers patched then that's the sysadmin's fault. The finger of blame should be pointed right at the mirror. Keeping their servers updated and safe is their JOB, unless they have a security specialist, in which case it's their job.
they start caring when they loose money..
The greatest right given is the right to be wrong...
This sounds like Wired trying to stir up a controversy from scratch. Besides, what would have been the impact of them posting a warning a few hours earlier? If an admin saw the notice before the widespread nature of Slammer was known, would they instantly apply patches that they hadn't already installed for one reason or another? I doubt it...
Stop by my site where I write about ERP systems & more
I have wondered why a lot of these Microsoft-worms never seem to have a destructive payload. If you imagine a script-kiddie working hard in his mom's basement, you'd think he'd add a payload of some sort.
(hell, if I had the inclenation and the time to create a virus, I'd atleast change the Windows statup
It's almost like these Microsoft-worms were desingned to create panic and purchasing action, but no legalally actionable damage.
Just a rambeling thought.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
... antivirus makers == virus makers. They creates they own market.
Seriusly, any one could have thinked that a worm that spread between the very few not firewalled sql servers around the globe could make such problem? Even if they know about the worm or some previous testing, I don't think they could predict what happened. Is easier to explain what happened that what could happen.
Nothing better to increase your business like having something that scares potential customers.
How many windows users that you know that have virus protection software that came with their pc and has never been updated? They won't upgrade their virus software until they learn that it is necessary.
When do they find out it is necessary? When someone hits the web with a massive worm/virus. If nothing massive happens for a while, I'm sure antivirus companies are losing money. What better way to spike sales than by creating panic?
Many people are already suspicious the AV community is responsible for at least some of the more major virus outbreaks in the past. The shroud of secrecy they keep around their operations doesn't help matters any.
A situation like this REALLY makes it look like they're responsible for it. Why would they go around parading the fact that they knew about a worm they only did a half-assed job of protecting people from?
Seems kind of fishy.
I love guilt by implication!
"It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release."
Kudo's to you michael, a masterpiece!
This may end up being another conspiracy theory, invented by the over worked imagination of sceptical geeks, that don't trust virus protection software. Or it could be true, and Symantec just wanted to boost virus protection sales, and profits, by releasing a virus that would scare the entire internet community.
Defender of Microsoft and Communism!!!
I fix a lot of systems (windows based) and the difference is you can actually run software without being root in UNIX. I would bet over 1/2 the software out there won't run on Windows unless you have admin rights. A girls computer I had to repair (for the 3rd fscking time) has this POS Cattery software (Delphi, give me a break) and it cannot connect to it's JDataStore since her user doesn't have admin rights. So I'm screwed, I have to give her rights for that and about 6 other programs that won't run. I cannot believe the piss poor planning (any planning MS?) that went into Windows.
MS Linux like OS X would be good. Windows isn't that bad of a UI it's just a piss poor backend that causes problems.
From the article: Symantec issued an alert ... at approximately 9 p.m. PST on Friday, Jan. 24. and Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th.
Aren't these the same time once timezones are factored in?
It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release.
Taking off the tin-foil hat for a bit, its totally plausible that they were notified in advance, from numerous sources - a guilty programmer, etc. I would find it hard to believe that they would have anything to do with the release of such a worm.
As for the question about wether or not they had some 'moral obligation' to the rest of the world to let us know what was coming - they don't. They exist to make money. If they did know in advance, as customer Im going to be pissed, but if you don't purchase thier products, you have nothing to say.
I'd like to think, that if they know what havoc this could spread, that they would tell the world in advance, but thats not the realities of todays marketplace.
"The natural progress of things is for liberty to yield and government to gain ground." - Thomas Jefferson
Honestly, even if they had, what could good could the advanced notification have done? Surely in a few hours not even 5% of all vulnerable systems would be patched, so the point is fairly moot, I believe.
Be very, very careful what you put into that head, because you will never, ever get it out. -Thomas Cardinal Wolsey
So explain to me again how they knew about it before anyone else? -kaos
If Symantec had release a warning, would it have made much difference? How many months did the nimda and code red viruses stay with us because people didn't bother updating their software. I even doubt Microsoft would have had a bug fix out in time.
I don't see why people expect companies to donate information that costs them to find. They could've used this info in two ways, the way I see it. First, is to share it to their corporate customers who pay to have this kind of early warning. Second, release it to the media, CERT, and other organizations and make sure they "advertise" that Symantec found it first.
So they chose the first. Big deal. Do you really think even a majority of these sysadmins would have firewalled their MS SQL server hours before it would be infected? Doubtful. If they didn't apply the patch from July of '02, then they're not going to immediately respond in a few hours to patch an impending threat.
At least from a "We're a company, we exist to make money" standpoint. Symantec maintains that privledged list precisely so they can make money - they offer a "tell you before I tell anyone else" service, and people are obviously willing to pay for that.
Besides, I highly doubt Symantec is the cause of slammer, and because of that, they don't have any moral obligation to let anybody know about it. On top of that, we're talking about a matter of hours, not days or weeks. They probably told their clients "Uh, we think something's coming, so watch out". I highly doubt they would have had specifics.
Not trying to flame here or anything, but let's be a little realistic. If anyone's to blame, it should be Microsoft, for releasing the buggy program in the first place, or the sysadmins for not applying the paches, yadda yadda yadda.
Since they seem to be encouraging the spread of this one, the deserve the recognition.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
A) How did they know about it "hours before" anyone else did? Even before it went active.
Things that make you go hmmm...
B) They missed out on a prime opportunity. "HEY! There's a nasty thing happening in a few hours. Get your fix HERE before you lose all the company data!" (And you can't say we didn't warn you)
Even if you blew it off and didn't apply the fix from them, you might look on them as being far more reliable. They predicted (knew) AND provided the fix beforehand. Next time, you just might go with them. "Hey...those guys were right!"
Now, it just makes them look like assholes. "Yes, we know there's a major attack coming, but we're not going to tell anyone except our more solvent customers. Everyone else can go screw themselves"
If they start from scratch I would bet they could create a viable product. No system is immune, however UNIX has 25+ years of testing while Windows releases are so frequent there is little time for hardening.
That being said it would (I agree with you) require a significant shift in the marketing driven approach of MS. Betting on either is a waste of time however since it will never happen. On the off chance it does MS would have to change their approach so I think it would work.
It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release.
Or they're lying to get business.
if(!toilet_paper) roll.replace(new roll);
Symantec issued an alert about Slammer to DeepSight Threat Management System subscribers "at approximately 9 p.m. PST on Friday, Jan. 24." Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th.
For those of you who don't know the difference, EST is 3 hours ahead of PST. Thus DeepSight identified Slammer at about the same time as the 'rest of the Internet'"According to Symantec spokesman Yunsun Wee, Symantec issued an alert about Slammer to DeepSight Threat Management System subscribers "at approximately 9 p.m. PST on Friday, Jan. 24."
Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th."
Uhh...that's about the same time isn't it Sparky?
and the sad thing is I knew I spelled it wrong and still hit submit.
The greatest right given is the right to be wrong...
I wonder if they can be held liable for damages now.
I'm sure we have all discussed the type of business providing a cure for a problem you cause.
As paranoid as it sounds "cold and flu" season has always been suspicious to me =)
My current philosophy for things of this nature is "who stands to profit" and I think you can apply this accross the board (Including the Bush administration) sorry I slipped into Rant mode.
"If any question why we died, Tell them because our fathers lied."
People have started becoming more paranoid about antivirus companies' involvement in virus creation. That's good -- if these companies are defrauding the public by creating the viruses they catch then all of them should end up in jail.
Could this be the same with spam? Could anti-spam vendors be sponsoring the spam itself, just to take corporate money in exchange for protection? Sounds like the mafia to me.
Uh...yeah, you're right. That's a one hour difference.
Er...no. I'm an idiot. 9pm PST and 12am EST are the exact same time.
-Waldo Jaquith
People's responsibility to respect other internet users and not run arbitrary code on their machine which could slow down other people's networks or cause other havoc is much greater than a commercial organisation's responsibilty to make public announcements.
Perhaps computer vendors should be more reponsible, and not sell insecure systems to the public when a large portion of the public don't want to have to care about security.
Your local Volvo dealer doesn't sell cars that are remarkably easy to break into or hijack. Your local PC World shouldn't sell computers like that either.
Note: This post is aimed at people who sell complete systems, not at any particular software manufacturer. A lot of the default insecurities can be disabled if vendors bother their ass.
Follow me
Probably not. Those forewarned took it seriously because they pay for the service. If Symantec had said that a huge attack was imminent and to block the port and patch your SQL servers, how many people do you think would have listened? Of those who listened, how many of those have processes in place so that the requisite network or software changes would have required approval that would have come too late to do any good?
The people who paid for the warning are going to take it very seriously, but aside from that, I would wager that there would be enough doubt about the validity that measures wouldn't have been taken anyway. Patching the server has the obvious implication for many mission critical databases of a potential restart and potential for undesired change in functionality, so patching in many cases would require a testbed server and evaluation, which this warning provided insufficient time for. Blocking the port, or disabling that part of SQL server, for those with it enabled without needing it, means they need to understand what it does or does not do for them. If they already knew, they would have disabled it sooner, so you can't say they would immediately realize and shut it down.
XML is like violence. If it doesn't solve the problem, use more.
Although the same logic could be applied to the Tellitubbies and McDonald's "Milk"shakes.
The essential fact of the matter is that Slammer *wasn't* a bomb. A fact that may have escaped your attention.
KFG
Ford's service is making cars. Are you saying that Ford has a moral obligation to give me one, even though I haven't paid for it?
No - get the analogies right. If I, as a car servicing firm, knew of a part in a Ford car that could fail and cause the car to go off the road at random and I only let my best customers know, I would be sued for screwing around with peoples lives.
Not that I have any sympathy for either MS or Sympantec - Symantec gets to make money off the loopholes in MS's operating system in a strange almost parasitic relationship. The only thing that isn't clear to me is which company is the host...
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
In order for Symantec to have a "moral obligation" you must first assume that Symantec has Morals to begin with. They do not. It's that simple.
-- DuckWing
My Magic Eight Ball predicts of a future exploit of a buffering problem in Microsoft software.
How can you know this stuff Magic Eight Ball!!
Ummm..."shortly after midnight EST" is pretty damn close to "approximately 9 p.m. PST"! It doesn't sound like Symantec had much advance knowledge at all.
It's a marketing gimmick to get less savvy IT managers to think that going with Symantec will get them ahead of the game. They're burning themselves twice: they'll alienate the infosec community that rightfully believes that knowledge of a potential devastating exploit gained in advance of its use should be shared, and they'll make very poor relationships with customers who fall for this kind of marketing and never have their expectations met down the road.
So long, michael. Don't let the door hit you...
root@yourcompany:$ ./karma_burner --reply=ON --moderators=ON
If Symantec had a moral/ethical obligation to warn the rest of the world about Slammer before it was released, don't they also have an obligation to warn the rest of the world that if you're using a POS, buggy, perpetually frought with nastiness operating system that you're bending over and just asking for it anyway?
Fact is, even if they had said something, 50% of the world would have laughed because they're not running Windows, 5% of Windows sysadmins would have been at the consoles sweating it, and the rest of the world would have stayed in the recliner because they don't keep up with security updates anyway OR they have their heads so far up Gates' ass that they couldn't possibly believe it.
Personally, I sat back and laughed. How about you?
Blog,Twitter
It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release.
Want to be we're going to hear plenty of conspiracy theories about this idea?
"The Sage treasures Unity and measures all things by it" - Lao Tzu
But. . .if they had foreknowledge of a major problem upcoming with the automotive *infrastructure* that would effect all car owners, even non Ford car owners, it might have been a nice gesture to say something about it. Publicly.
KFG
This wasn't some new elite exploit.
Patch was out.
Get off your lazy ass and fix your servers. If you got tagged it was your own fault not microsoft's not symantec's.
If they choose to release info to their subscribers that's their choice since they PAY for it... I would take a different stance if this was a new exploit but it wasn't so who really needs the heads up? Plus at most it was a 30minute window. Thousand of distributed IDS's will give you that type of info....
Anyway any OS regardless of the vendor requires patching at some point.... If you don't do that it is your OWN FAULT!
Like hell they do. They have a responsibility to do for their customers what their customers pay them to do. That is all. It's not their job to hold your hand.
Isn't it obvious? Symantec is trying to take over the world!
We need to acknowledge the fact that information - in particular, timely information, is a valuable resource that comes with a price tag.
A security advisor essentially sells information to customers who make/save money with that information. It's the same as stock quotes being circulated freely only with a delay, because real-time information is being charged for. Do some Wall Street companies have a moral obligation to issue a warning if stocks drop?
As a response to some "imagine if CNN had known about 9/11 beforehand" comment earlier on: There is a (moral) difference a community getting hurt financially by a worm, after neglecting available patches, and thousands of people getting killed. In the latter, there would have been a moral obligation.
It's a fairly fundamental difference.
I would think that they would be more careful about raising people's suspicions about their prior knowlege of absurdly fast propagating worms.
Maybe they are believers that 'any publicity is good publicity' -- even in their business.
Send us your Linux Sysadmin articles!
Geeky modern art T-shirts
WRONG. They had a LEGAL obligation to report this. Releasing a virus onto the internet to infect other computers is a FELONY -- a CRIME. If you witness a crime and don't call 911, you're an accessory to the crime. Symmantec had a LEGAL obligation to report this obvious CRIME to the authorities. Because they didn't, they are an accessory to the crime.
social sciences can never use experience to verify their statemen
Symantec.
The same Symantec who's Norton Anti-virus product is prominently featured in a rash of spams in my inbox?
The same Symantec who claims to follow up on reports of this to spamwatch@symantec.com? That never seems to lead to any sort of actions?
The same Symantec who just changed their auto-renewal to cost people more money IN THE MIDDLE OF THE RENEWAL CYCLE?
Huh, who'd'a thunk it?
Glad I use somebody else's anit-virus software.
www.eFax.com are spammers
As far as moral obligations, I've seen a lot of comments about how they're a company and aren't under any obligation to notify anyone. That's a crock of shit, in the same way that if I witness a crime I'm under obligation to speak up about it, as soon as possible.
I'm the big fish in the big pond bitch.
Wouldn't the spread rate of this be an exponential curve, with a flat beginning leading to a steep spike? It seems reasonable that the flat start would be a few hours before the steep spike that would be seen as 'spreading across the internet in ten minutes.'
Your obligation is to protect your customers. Allowing a worm to spread free on the Internet potentially endangers your customers, even if you do give them the relevant info. Even if a company protects its own servers, it's still vulnerable to DDoS and bandwidth floods from other infected machines, and it might be infected due to some administrator's failure to heed the warning.
I see no reason why restricting this information to corporate clients and letting everyone else go to hell does any party a service. It seems like a really backwards way to do business-- let an infection run wild just to make your own research team look a little more valuable. I sure wouldn't want to do business with such a company.
PS It's possible that Symantec might not have been able to prevent the spread of the worm, but why not at least try?
So is anyone here working for a subscriber than can verify that this alert even went out and was received by someone?
It's shared, because it's the culture MS engendered around their software. Now that MS is being forced to become more security conscious, the software community they fostered, along with its sloppy habits, have become a hindrance.
For years, features and fast development were up-front priorities on Windows, and security hadn't hit the radar screen. This encouraged sloppy programming, to get flashy new stuff out the door quickly. Somewhere in there, compatibility rose in the priorty scheme, as MS became a victim of its own success. Once upon a time, breaking old software was a way to encourage new software purchase. Now, breaking old software discourages new platform purchases, so compatibility has become necessary.
So old software, written in the days when security wasn't even an afterthought has to run on the new platform, or the new platform won't sell. At the same time, the new platform must be more secure.
Not an easy problem.
Someone mentioned sudo, but I guess that's got the commie pinko GPL on it.
The living have better things to do than to continue hating the dead.
My favorite quote ...
... first there was security through obscurity ... now security through monetary gain.
"If I witness a felony but refuse to call 911 because the victim hasn't paid me money to do so, I'm technically an accessory to that crime, not to mention a really rotten citizen."
they have a point there.
So
It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release.
Libel - A false publication, as in writing, print, signs, or pictures, that damages a person's reputation. The act of presenting such material to the public.
Michael,
I know you're pretty opinionated and think highly of yourself, but you may want to reconsider posting such statements as it could adversely affect you and your employer.
Another important point is this:
The worm spread around the entire globe in minutes. And Symmantec didn't know about the worm in advance, they are simply saying that they knew about it before anyone else. (Which other posters have pointed out is BS - apparently journalists and corporate managers don't understand time zones)
Which leaves us with this simple fact: even if a sysadmin had gotten and read symmantec's message immediately, it is unlikely they would have had time to block the port and/or patch their server in time anyway! They may have already been hit in the time it took them to read the virus alert.
The fact that symmantec noticed it was happening is hardly surprising, they make money by detecting and stopping viruses. Of course they would notice when a ton of traffic on a certain port started inundating the internet.
This whole story is a load of crap. Hopefully wired will be more do a little more research in the future into the stories they display, but somehow I doubt it.
// harborpirate
// Slashbots off the starboard bow!
Slammer hit so hard and fast (doubling every 8 seconds, peak scanning rate in 3 minutes, analysis.
An "hour" before is a preposterous claim. They might have gotten in 10 seconds before, or even a minute if the first couple of copies were on bad links, but an hour is total, complete, and UTTERLY ridiculous claims to make.
The only way they could make the claim is if they found an extra-buggy, prerelease version. IF so, we need to know about it as it aids in understanding the author.
My bet is they saw some unrelated script-kiddie scanning (we saw some of this in our OWN data sets) and someone in marketing is trying to say that they saw the worm 2 hours ahead of time.
Test your net with Netalyzr
Its crap that they hold information back but heres what i think about any one who got wacked with it.
... If your car has a recall you sure as hell don't sit around and say ah ill get it fixed tomorrow, cause your ass could end up on the side of the road in itty bitty pieces. People should think they same way about computers, mantain, update, and keep it clean you will never have a problem, and get security patches !
Some people and companies practice poor computer use
I haven't had a problem with any of my computers with viri, worms, and other things, just because i keep them updated !
It also helps to not be an idiot with your e-mail !
- MOSKIE
I know about something in advance. Sometime in the near future there will be a DOS attack on the Internet root name servers. The entire internet will be down, your hard drive will be crashed, your hair dryer will stop working, and the water in your home will turn to blood. This will happen! Prepare. You have been warned. This information was released to the public, in advance of the attack, under the protection of the GPL. BTW - The Man knows about this too!
The preceding comment has been reviewed and declared to be compliant with HIPPA Phase II regulations.
Since basically everyone suffered from the worm, that means that
_ The people who buy Symantec's soft
_ The informed select customers
Someone can explain what's the 'smart move' now ?
Irrelevant news and morons using moderation to mod down what they disagree on. 2018 resolution: so long.
The worm propogated extremely quickly, and started generating UDP traffic to random hosts immediately.
h ire/index.xml">One</a>
a pphire/sapphire.html">Two</a>
Any large pooling of firewall logs would have logged the first handful slammer infected hosts spewing their packets out onto the net to random hosts. I simply do not believe Symantec when they say they somehow knew about this before the rest of the net did.
The folks at <a href="http://www.dshield.org"> Dshield</a> caught this within moments of it getting out onto the net, no?
Useful Slammer analysis links:
<a href="http://www.caida.org/analysis/security/sapp
<a href="http://www.caida.org/outreach/papers/2003/s
Yell & scream & rant & rave... it's no use... you need a shaaaave ~ Bugs Bunny
Someone help me out here. The article states: "If I witness a felony but refuse to call 911 because the victim hasn't paid me money to do so, I'm technically an accessory to that crime, not to mention a really rotten citizen." I don't believe this to be true. I have been advised, by poilice officers and law professors, that if I happen upon someone drowning in a pond and screaming for help, that I am well within my rights to pull up a chair, take out a bag of popcorn and a coke and watch. Our laws do not provide for forced intervention in crime by the citizens. Sure, it would make me a rotton person, but it does not make me an accessory. Can anyone site law differently?
Just my $.02.
Always value the individual over the system. --Bruce Lee "I don't need a Sig - I have a custom 191" - me
Damn losers! Try to make money out of others misery. Shame on you Symantec! I will never buy your products again!
maybe they issue an alarm, but as almost everyone should be stopping anything that says something about Norton Antivirus, Internet Security and so on that comes in so much spam, the announce don't reach all the intended targets.
Comment removed based on user account deletion
Yes, you're right. We're adding a clarification to the story. 9:00 was when symantec released their alert, but the company does claim to have known about the worm hours for "hours" prior to its spreading. The first warnings (in English) on the major security sites were posted (and not by Symantec) at around 1:00 AM EST/10PM PT. People did start seeing the worm around midnight ET, as stated in my story, but if Symantec already knew exactly what was happening (and presumably they did if they released an alert to their customers that allowed them to block the worm) it would have helped had they shared that info ASAP. Sorry for the confusion -- I didn't report that as clearly as I should have. Michelle
My guess is Symantec did no such thing. They said the same thing about Nimda. I was one of the first sites hit by Nimda. Why we were at the 'cutting edge' I don't know. (God, memories of that day are flooding back!) We knew what it was within minutes of getting hit. It was a full 24 hours before Symantec had a patch, but they claimed later they were on top of it right away and claimed they had a patch out the day before they really did. I was monitoring the site every few minutes for a clean up tool and I know darn well they weren't ready when they said they were. The first day of Nimda our eradication efforts were totally manual. We lost three servers completely and it took us more than a week to fully recover. Thank goodness we just happened to be paying attention that morning. It could have been a lot worse. I hate to think what would have happened if we'd got hit at night.
How about a moderation of -1 pedantic.
That same claim can (and has) been leveled against the defense and intelligence industry for some time now. If we don't believe there to be a threat, then we (any given 'we') will not pay for a defense against that (non) threat. The point you make, however valid, isn't really all that new.
I'm not in any way trying to flame you, however...I'm just pointing it out because it seems interesting to see how once again it's the same old story (life, that is) with a new wrapper on it.
With only 20 or 30 minutes of advanced warning they couldnt realy do anything anyway. The most realy is get it up on there web site, anounce to a few important customers and maybe email a few other companies that would put advisories up on there site.
Besides, with the speed this spread, I am inclined to believe that if they new in advance it was more like 5 or 10 minutes and not 20 or 30.
It can be reasonable argued that the application programmers could be blamed for poor multi-user support, but it could also (and I think rightly) be argued that the original windows paradigm was single user, and thus it was accepted to write single user applications. Because Unix is fundamentally designed to not be run in Admin mode by everyone, application programmers are forced (or at least strongly encouraged) to write multi-user applications. You'r argument is somewhat akin to saying, "It's not the mayors fault that crime is rampant in this city, it's the criminals fault." While that statement is true, it is the mayor's fault for allowing an environment where such behavior can thrive. Similarly, it's Microsofts fault for creating an environment where single-user applications can thrive. By the way, in my view, the situation is getting much better, and much as I hate to say it, Windows XP is making many improvements in this regard. It's still not as good as Linux by a long shot however.
The problem with Slammer, is that it didn't just screw up the infected machines, it ate so much bandwidth that untill the routers and firewalls were locked down, the protected systems were as badly effeted by the outage as the systems that were not protected by Symantec.
If they had contacted a backbone provider with information about the port, the outage could have been stopped as quickly as it occurred.
See my journal, I write things there
No - get the analogies right. If I, as a car servicing firm, knew of a part in a Ford car that could fail and cause the car to go off the road at random and I only let my best customers know, I would be sued for screwing around with peoples lives.
Close, but no cigar. If you, as a car servicing firm, knew of a part in a Ford car that could fail and keep the car from starting sometimes under some circumstances, and you only let your best customers know, you would be...um...nothing.
-Waldo Jaquith
From the Symantec Web Site:
For example, the DeepSight Threat Management System discovered the Slammer worm hours before it began rapidly propagating. Symantec's DeepSight Threat Management System then delivered timely alerts and procedures, enabling administrators to protect against the attack before their environment was compromised. This combination of comprehensive up-to-the-minute attack data combined with effective solutions, patches, and countermeasures enable corporations to protect information infrastructure while avoiding downtime and lost productivity.
It sounds to me like a Tech Security company trying to boost sales of their new Threat Management System and Alert Services by stretching the truth. And we all know the sales and marketing folks would not blink an eye at fudging facts to sell their products.
Does this mean Symantec had anything to do with the Slammer virus (as Michael alluded to), I don't think so (and honestly to make an accusation like that is just plain ignorant).
Just my take. Now let the negative modding begin.
My network was getting a data stream from our parent data center on the Thursday before the Slammer hit. The target server of the data stream was our SQL box. After some talk with my colleagues at our other companies, they were hit with the same issue on the same day. We think the worm was preparing to attack and was propagating to trust SQL servers for a wider data stream. When the moment came on that Saturday morning, my SQL box went nuts, nailing every IP it could reach with packets.
I think Symantec was getting reports of some weired data streams on client's SQL servers and issued some prior warnings about a potential threat.
No way did this thing propagate in ten minutes. It's just not possible.
The world is a cooperative enterprise, too. It behooves all the people there to play nice with each other, too.
Will this ever happen? Probably not anytime soon. The same amount of freedom, if not more, exists on the internet, with even more anonymity. Why lead yourself with the false expectations that all the other users are as generous to their brothers as you are?
Dozens of network administrators from around the world on the NANOG mailing list, and EFnet #nanog all saw the first packets of Slammer at 05:29:29 and 05:29:45 GMT. That's dozens of very well placed people all seeing the first incident within a 16 second window, and not one administrator saw one earlier. How am I supposed to believe that Symantec knew about this earlier when none of us did?
I would like to see a copy of this so-called alert they sent out before the worm hit, if it exists, and then an explanation of how they knew in advance this worm would hit. Dubious does not even begin to describe it.
Symantec is a software corporation that runs OODLES (that means a lot) of "Computer PROTECTION" . Now weather or not you beleive they are the best OR worst is your opinion, but from a marketing standpoint it wouldn't be a good idea if they said they had their hands up their asses when the worm came out, now would it?
Bad Example of Conversation:
"Hay whats your opinion on X new virus/trojan/worm/etc..." - News People
"Yeah we got hit really bad, we were totally useless for about 2 to 3 hours" - Symantec
Good Conversation:
"Hay whats your opinion on X new virus/trojan/worm/etc..." - News People
"Yeah we saw this coming, but unfortunately could only reach a few of our customers in time." - Symantec
Ave Molech Setting
but Symantec has a moral responsibility to inform the public if it thinks millions will be affected.
Symantec does not have a moral responsibility to inform the public. Symantec isn't a publicly funded corporation, or a government agency.
You do not have a right to benefit for free from the hard work of others. Symantec's ONLY moral responsiblity is to increase value to their shareholders. This isn't the late 1990's where you can create a technology company based on the idea of giving things away for free and expect that to fly.
Part of that responsiblity is to treat their customers right. Given a limited timeline, and the need to provide the most value possible, they chose to send an alert to some of their (presumably) biggest and best customers. I believe that Symantec worked in a very appropriate manner in this case.
Note: I didn't read the article. I did read quite a few articles yesterday when the link was posted on hardocp.com however.
I am disrespectful to dirt! Can you see that I am serious?!
If anyone reading this subscribes to the Symantec Deep blah blah blah, can they post the warning (with the time it was received). I would be interested in reading it.
As a server admin i've had to patch almost every crucial software on my webserver. Apache had a vulnerability with ssl, sendmail, had problems, and even OpenSSH (secure telnet shell) had to be patched recently.
Hmmm... Pie...
Maybe you should get *your* analogies straight. Everyone is acting like Symantec did something horribly wrong. Let's not forget that there has been a patch available for this since july of last year. So if we must make analogies, how about this one:
I, as a mechanic, know that cars made by Ford had a recall (say for something like tires...). Now, of course it's in my best interest to inform *my* customers, but am I "morally obligated" to stop every passer-by on the street who's driving a Ford and tell them?
The point is, Microsoft admitted there was an issue and fixed it six months ago. Why is it Symantec's obligation to remind us all to secure our servers?
do not read this line twice.
If you witness a crime being committed and don't alert the authorities, then you're an accessory to the crime. If you witness the results of the crime, that doesn't necessarily make you an accessory to the crime. By your logic you could get arrested for seeing graffiti on the wall because grafitti is a crime.
;)
oh - one more thing... emphasis in ALL CAPS does NOT make you smarter
Network Operations had to manually disconnect MANY servers which were just saturating the network. After doing this we got calls days later from people saying "My students are complaining that they can't access my server, any idea why this is?" So if you're expecting that every server has some crack squad of administrators scouring the net to make sure it's updated to the fullest - well sorry, it takes some people days to notice that their server isn't even on the network anymore.
I mean you'd think people would turn on CNN and see SQL WORM RAVAGES INTERNET, and think, gee don't I have a machine running an SQL server, maybe I should check up on that? But no.
The reality is that there was a patch available for this months before and nobody bothered to install it, I don't think a few more hours would have made much of a difference at least where I work.
I saw this first hand. When Opaserv variants were coming out almost weekly last fall, Symantec was very slow to acknowledge their existance. A few people I know sent them executables of a new variant on October 19. Finally, on October 23, they announced they "Discovered" it...4 DAYS AFTER WE SENT IT TO THEM! Those Symantec liars didn't even tell us that they discovered it, but they're working on a fix. No, they sat on the virus for 4 days! (Want proof? Check out Symantec's Oct 23 discover day for brasil.pif, here, and compare that with the Oct 19 date that many of us first noticed that virus on this discussion sire here.) And of course, following true to Symantec policy, they claimed to have released a fix either the day of discovery or the the next day...to show they're working hard for their customers.
Stupid liars.
and this just in, Marketing drones mistakenly promote their products abilities beyond the realm of reality.
i'm not buying that they had hours of notice until i see something on the subject a little more trustworthy than a marketing release designed to sell a product.
you're all reacting like that's actually the truth.
Their systems were the first ones to be infected.
T Money
World Domination with a plastic spoon since 1984
But if you had sent out a notice (Patch) saying that the part was bad and the way for the user to fix it was to bring it in (Apply patch) then what could you be held accountable for? If that is the case every computer that I have ever worked on I could be held accountable when someone gets a virus, software doesnt work due to outdate versions and the lack of updates. It doesnt work that way.
You were pretty close with that example but missed the part that you had OFFERED a fix for it, but the people who were using the product chose not to use it.
Yeah it is kind of shitty that Symantec sat on this, if they did, but they are only REQUIRED to give their service to their customers. We can talk about how great the Internet is as a group thing, etc. But I do not recall the last time my competitor called me up to tell me of the issues I *might* have if I do not patch/fix/whatever a certain part of my network. The are a business not a free site for updates and patches.
g
Why oh why would ANYONE with a clue connect important work-a-day machines in a hospital to the internet?
If anyone died because AN INTERNET WORM did anything to a hospital then the hosptial administrators should be prosecuted for lack of due diligence.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
is that Slapper suppossedly hit the net on a sat, yet my server loggs show it was probing me on the thursday night preceding.
the only affect it had on me was less bandwidth over my ADSL for a few days...
the history of the world
It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release. (Emphasis mine.)
-1, Troll
Thank you for reminding my threshold-set-to-4 ass how bad the signal-to-noise ratio around here can be. (Note : I'm not one of those big anti-michael psychos, but I wish there was some way to filter certain editors' comments.)
Don't become a regular here -- you will become retarded.
True, but then everything would be down because nobody would have connictivity to their databases. They needed to apply the patches.
BTW: I was shocked at how many companies had their SQL database out on the Internet completely exposed! I'm working for a Big Evil Media Company right now, and you can't get to any SQL server unless you're on a secure (inside) network with a private (192.168) IP address.
Best Buy can have you arrested
I'm not saying I don't agree with the guy (that we'd see many more worms for *nix if it were more popular on the desktop) but keep in mind that Slammer affected SQL Server 2000, which isn't usually running on a desktop machine.
~Berj
No I could careless if it didn't have a payload, cause if it had and the situation repeated, perhaps it takes out a hospital while your laying there dying....
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
Symantec does not have the moral obligation; the people within Symantec have the moral obligation.
Corporations are designed to be soulless money-making machines. The people within corporations (who fucking are the corporation) are under the same moral obligations as the rest of us: to behave as if we are in this life together.
Too many people (like you) are willing to allow corporations to do whatever the hell they want in the pursuit of making money. Fine. Let corporations do whatever they want. But hold the people within the corporation responsible. There are people within Enron who broke the law in pursuit of profit and control; make 'em pay! There are people within Microsoft who made the decisions that led to a corporate conviction of monopoly abuse: make 'em pay!
Corporations are not at fault. People are at fault. If a corporation does something that is wrong, it is because people within the corporation did something wrong. Make the people within the corporation pay.
Microsoft is to software what Budweiser is to beer.
The reporting, whining, and handwringing over Slammer has cost me more than the virus did. I saw zero downtime from the virus, but wading through this wailing has taken up valuable time.
THE INTERNET IS NOT SECURE
Go back to your pr0n. There's nothing to see here.
Who do you think is writing these sophisticated viruses and worms? Do really believe that the hundreds of new viruses that get released every month is because of some bored hackers who have nothing better to do? There are many stories of "Men-in-Black" style approaches to out-of-work developers in countries with a large high tech community. Someone shows up at your door with a big bag of money and no identity and asks you to write a particular type of virus, you might be inclined to take the money and not ask too many questions. It's called "Creating the Market".
It's safe to say by your post that you haven't.
To post the assertion that these guys have anything to the propagation and dissemination of viruii is retarded - not only do they have to contend with regular build issues, feature requests, etc. - but they also have to keep up with the dozens of virii released into the wild on a weekly basis. The heuristics involved in developing the software necessary to *fix* an already infected (sometimes by multiple virii) is pretty impressive. There's no *good* reason why any of these engineers would intentionally create more work for themselves -- they don't need any.
Additionally, they aren't the only game in town as far as anti-virus software. They would be out of the fame in a New York minute if they were ever found to be involved in disseminating virii, intentionally or not.
Please turn off your computer and go back to your "X-Files" reruns.
P.S. - The coolest thing about the interview was when one of the Senior Engineers showed me the Quarantine Room, where they research different virii and repairing the damage.
- learn to swim.
Symantec like most other 'security' companies (I quote here because they are a morph and not a real security company) are trying to cash in on the worm activity. Most security companies make windfalls of cash during high profile worm attacks (see code red).
::asteroid chunk falling towards asia on radar::
Symmantec just bought a truckload of security properties and wishes to make it known that they are on top of things. Truth be known, eEye knew about the worm because of tips from product users and other contacts who became infected. Our researchers were called back from the bars to dissect the worm (which takes hours) and then provide a signature and scanner.
Looking back though, what would a few hours notice do for anyone? Haven't you seen Armageddon?
"Shouldn't we call someone"
"What and tell them to evacuate the entire pacific rim?"
This worm had no payload because it was about speed! I've seen these global maps with 'spread vectors' and it goes from 0 to 100 in about 10 seconds. The last thing I need as my servers are choking on residual SQL traffic is a phone call from my AV vendor stating "your screwed, servers are gonna go down".
as myself and a few others have stated, our server logs showed activity a _DAY_ before it *hit*, so yes, Symantec could have known early on.
the history of the world
Please stop equating/comparing/relating every single fucking thing to 09/11. It's only a similar situation in that they knew but didn't tell anyone. What if i knew the exact time you would be born, but i didn't tell your mom? Similar situation, right? What if i knew how long the cookies were going to last before you bought them, but i didn't tell anyone? Similar situation, right?
I'm sure releasing that information would have caused much more harm. Why I believe if we stop telling our children not to take candy from strangers we would put an end to the candy baiting algorithm once for all.
The message on the other side of this sig is false.
maybe in their timezone they discovered the worm "hours ahead" of everyone else?
LiNT makes a great point. This is Symantec's business. If you "forced" Symantec to disclose all of their privileged information to the public, then there would probably be no Symantec. A company like MSSP or Symantec have their own responsibilities. If they didn't, what would be the point of them existing?
Also, we don't know of Symantec's certainty of their info about the worm, or even the severity of it (before it happened). Here's your mall scenario of what I'm talking about.
Suppose you're on some local city's bulletin board (online) and some kid as sUperc00l posts something like "man that security officer is a total idiot, I'd love to cap some ass in that mall some day."
Do you A.) immediately call the police and report the "tip" you received, or B.) tell your friends to stay away from the mall for a few days.
I'm under the impression that most people didn't expect the worm to spread so quickly (90% of targeted machines infected within the first 5 minutes). Symantec probably heard about something vague and decided that it'd be in their best interests to alert their top customers. They're the ones paying for super-paranoid alerts, the other guys aren't.
Ahhhaaa! Acually you could hypothesize, "It isn't the label on the box, it's the fact that Symantec products are windows based, why write a virus for an OS that you don't write software for :)"
Hmmm.. food for thought
Gravity!... It's not just a good idea... It's the Law!
The county's emergency 911 call centre was affected by Slammer. Why? Why should their computers running SQL Server need to be connected to the internet? They could have a LAN to share information without connecting to the world at large, eh?
This is just more fuel for the fire. I have consistently voted against all the levies to fund the E-911 service in this county. Already, more than half of the county budget is spent on police, courts, and jail. (They call it 'criminal justice'.) Why don't they fund the E-911 services out of that big chunk of money we already give them?
After seeing crap like this (E-911 losing service because of Slammer), it makes me wonder why we bother to spend any money for this. Those idiots just squander tax dollars.
The plural of "virus" is "viruses". Aside from that, Latin plurals end in "i", not "ii". For example, "magus" becomes "magi", not "magii". The notion of Latin plurals ending in "ii" probably comes from such words as "radii" (plural of "radius"). The reason "radii" has two "i"s is because "radi-us-" becomes "radi-i-".
"In antiquity the word virus had not yet acquired, of course, its current scientific meaning; rather it denoted something like toxicity, venom, a poisonous, deleterious, or unpleasant agent or principle, or poison in the abstract or general sense. [...] Nouns denoting entities that are countable pluralize (book, books); nouns denoting noncountable entities do not (except under special circumstances) pluralize (air, mood, valor). The term virus in antiquity appears to have belonged to the latter category, hence the nonexistence of plural forms." (taken from here) Also, "viri" is Latin for "men", so that's not it either. The word is "viruses".
I know i'm coming off like a jerk here, and normally i don't post just to criticise someone's spelling, but "virii" is a plague. It's because of mistakes like this that we have two words for "disc", and the bizarre spelling of "Thames" (i.e. people trying to make English correspond to its Latin/Greek roots). Anyway, i just thought i'd point that out. That word really bothers me (which i guess is somewhat sad).
Sources:/ v/virus.html
- http://dictionary.reference.com/help/faq/language
- http://www.perl.com/language/misc/virus.html
PS: Otherwise an interesting post, heh.
Minutes after the slapper worm begins "slapping" around machines all over the internet, the PR department at Symantec was hard at work thinking up a way to make themselves not look like they were standing there with their pants down...
Yes Francis, the world has gone crazy.
and of the 40+ listed there all but a couple have such a low incidence of exposure, some being found on only a couple of machines, it makes one wonder if those 'two machines' are development boxes at Symantec and perhaps they are "salting the mines"?
Running with Linux for over 20 years!
They create a virus and release it on the Internet, then they sell you and anti-virus product to protect you against the virus they just released. That would be like Microsoft selling you and OS, then charging you for an upgrade to fix the security holes. Damn it, they arlready to that, I'm getting robbed!!!
Customers do pay Symantec to protect their networks in every way possible. If they told a few customers first, thats great for them, they are a business and the higher paying customers probably appreciate that. I am wondering though, if they had spread the word earlier (assuming they knew earlier), could non clients have patched their systems and reduced the effect that the worm caused on its paying customers systems. -dave
Have you looked at MS version numbers? Help>About in IE:
v6.0.2800.1106
Update Versions: "; SP1; Q324929; Q810847" There are more Q's but there's only room for those in the Help>About box.
If I want to know if I'm secure against a bug that has been fixed in mySQL, I look at the version number, something like 3.23.17, maybe with a pl# on the end. I don't have to read a 10 digit version number and then look up a database of 15 knowledge base "Q numbers" to see if I'm vulnerable to Cross-Site Frames Scripting Media Player Buffer Overrun X.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
It is hard to know how I feel about this issue. Yea, we can yell at Symantec for not announcing the discovery. We can applaud them for a shrewd business decision (without that no one makes any money and eventually we all lose). I can hate MS for releasing the POS that is MS SQL. I can be appalled by the administrators for not applying a patch that has been available for months. I can feel superior to the CIO that allowed SQL access to the public net. I can feel justified hatred to the bozos that wrote and distributed slammer. I can feel technical awe for those same bozos.
/. tell me what to think. That usually works
I guess I'll just stick with feeling confused and let
Wow, so many idiots so little time!
Come on, stop picking on Microsoft. They dedicated a whole month to security before going back to business as usual!
We told you so.
Or at least we would have had it not been in our business' best interests to do so.
I have a strange feeling that many people who own illegal copies of Windows and Microsoft apps are afraid to download and apply patches, because it may cause the software to report this fact to Redmond...
Heh, well said. Maybe you'd care to comment on the misuse of "-holic" as well. This is a real pet peeve of mine, where when someone wants to describe someone who is addicted to $something they use/invent the word $something:oholic. It really should be $something:ic, I presume. The "ohol" is simply part of the word "alcohol" that is incorrectly used.
-- Never hit a man with glasses. Hit him with a baseball bat.
This whole case once again feeds ammo into *some* people's long standing suspicions that it is the "AntiVirus" companies themselves that sponsor virus creation. Make your own market dot com. When sales are down, sponsor a real nasty and sell new software... Symantec get no sympathy on this one from me.
I think I've seen a DeepSight bulletin that was send around 9:00 UTC on that very Saturday (at least "DeepSight" is referenced in it). In this bulletin, Symantec recommended that customers protect MS SQL servers using filters, as an emergency measure. They failed to notice that this worm was melting the networks of their customers and as a result, didn't provide them with adequate information.
I'm furious how a single company tries to profit from the Slammer incident. The network engineers who cooperated in a truly open manner and successfully mitigated the issue on a large scale deserve all the praise. I've never seen such a cooperation before, and I believe it was for the first time that so many people at different network service providers worked together to address a global threat in such a timely manner.
Most people view the Slammer incident as a fearful omen of worse things to come. But as long as the big carriers continue to allow those great engineers to run their networks, these engineers will be able to deal with distinctly more fatal threats, I believe. Let's hope that corporate craze doesn't scare them off.
well, if you don't want to pay $50k for some 'virtual' advanced warning, sign up with DShield and get it all for free.Just den them your logs and they will do the same thing Symantec does for you.
Which hs been known to fabricate threats in order to achieve financing or advance towards their political or financial goals. Want examples? Search and you shall find some.
Baker's Law: Misery no longer loves company. Nowadays it insists on it
http://www.sigsegv.cx/
We get it already, there was probably a little foreknoweldge but not much. How do these guys that post the same shit about time zones every other post get modded up so high. So what if the difference was only 5 minutes, they could have sent an email to somebody, anybody for that matter. But they didn't, therein lies the fault.
There's no *good* reason why any of these engineers would intentionally create more work for themselves -- they don't need any.
Wouldn't fixing viruses that you created make you seem more valuable? Job Security?
The only thing constant is change
--following your corporation's line of reasoning, I am driving by your house, I notice some badguy breaking into it (call it obvious, smashing the lock or something pretty suspicious). I own a cell phone, I can A-call the cops, or B-ignore it as you didn't pay me in advance to waste my time and protect your house. Note: I have a job too (several, one of them actually is security related), my time is as valuable as yours, and you getting burgled doesn't cost me a penny directly.
Is it moral for me to just ignore a possible crime-in-progress of a common sense observatory level of "severe"?
It costs your company a pittance in money and time (as it would me to make a cell phone call in my hypothetical scenario) to post updated possible threat scenarios on your web site and CC them to appropriate other security related sites, in real time. I am sure it could be automated as well.
To me, it is petty, short sighted, and not even in your best interest financially in the long run to not do that, but that's your corporation's choice, and is fully in lock step agreement with similar corporate "secret stuff" that is going on that eventually is proven to be detrimental, and in fact, causes so much business loss as we are seeing now. "Greed", in other words, and contrary to popular corporate opinion, is not good.
The history of state granted corporate charters (in the US at least, not familiar with other nations that much) had a provision that said corporation did in fact and by law have a duty to be of a public interest and benefit, along with whatever widgets it made or serviced or traded in, it was NOT totally about your rights to profit as the only criteria for granting the corporate charter.
IMO, this needs to be readdressed and severe limits placed on corporations, time limits for granting these charters, and to make it easier to remove said charter given a proven pattern of not serving the public interest as a full part of the charter.
With that said, and following my own line of reasoning and law and history noting, I think microsoft should have lost their corporate charter a long, long time ago, and maybe this particular worm would never have happened. don't know, call that a maybe, but for sure their products and related apps wouldn't be in such a profuse use now.
I think "corporate america" needs to really step back and take a long hard look at how you are perceived by just the "common man" speaking in broad general terms now. There's a phrase - "people are starting to talk", that fits here.
"Corporations" are not all bad, nor all good, and neither is making money, everyone wants to make money, what is bad though is when any human or any corporation places the "making money" part over all other considerations. It certainly and must be a very important part,the making money part, else no need for the corporation, but to neglect the other parts is de-humanising and harmful.
There are extenuating circumstances and a human factor called ethics that comes into play. Some folks have little use for ethics, and no use to be "neighborly", if it interferes with "the bottom line". Me, personally, I have worked at some places like that, when it became evident to me that was the mindset that was pushed, I quit, moved on..
That is my opinion, anyone else's may vary.
People say "virii", not because they think they are speaking latin, but because they think it
:-)
;-)
sounds good. They think it expresses what they want to mean.
Look at the whole damned French language for an example of what happens when people spend a few centuries speaking what they think is latin.
So the problem is not that you are right or wrong, but rather, that the people you would like to persuade do not care for your argument.
It's like the people who wish media would stop using "hacker", or that slashdotters would use "GNU/Linux" when they say "Linux"... The argument is sound, and compelling, but is completely lost on those it seeks to influence! Not only do they not care, they actually prefer to stick with their chosen usage! You'd do just as well to argue that "virus" should be a mass noun or a possessive state of being: It has virus. (Like "milk" -- en français, il vaut mieux qu'on dit du virus).
I wouldn't hold my breath waiting for "virii" to go away -- these people don't even CARE that some English words have latin roots!
Hey, that makes me wonder if there is any other language whose plurals are formed with a final -i or -ii?
Now, if someone DOES buy the argument that latin usage should influence English, I wonder if it is important to note that "virus" in latin refers to "poison"... I'm standing by my argument that it should be a mass plural, not a count plural!
It is easy to make the case against "virii" from the latin "virus" -- it is not "virius" therefore not "virii" in the plural.
My advice is to write and speak with proper usage, correct others when they ask you to proofread their copy, and not expect anyone else to upgrade their literacy in
What's next on your agendum?
-fb Everything not expressly forbidden is now mandatory.
a) They caught a bad (well, even worse) pRNG copy.
b) Their PR people got confused on previous worms.
Test your net with Netalyzr
Two more points to your posting:
1) They could never have been sure, that the worm would hit the Internet so intensive. Hence, if they would have screamed "fire", they also could have been very wrong, which would not give them a better reputation.
2) If a virus/worm actually does damage, more people will buy their software.
Hey, that makes me wonder if there is any other language whose plurals are formed with a final -i or -ii?
Esperanto makes plurals by adding 'j' as a suffix (and it is roughly pronounced as a soft 'y' of eth English 'yes').
Cxu ne?
>>Symantec claims to have identified the Slammer worm that ravaged the Internet during the last weekend of January hours before anyone else did. Symantec then shared the information only with select customers, leaving the rest of the global community to get slapped around by Slammer. I want to see them judged for doing like that! Punish this kind of commerce!
It's no secret that most security vendors have large IP ranges all around the world (in order to get different ranges), and thousands of emails that are monitored for viruses.
It's simply a matter of who (among the vendors) will get hit first.
As far as notifying the community, well hmm they probably "forgot"...(!)
-- Leeeter than leet
If you own a glass shop, the best way to drum up business in the neighborhood is to run around after dark and smash a few windows.
A Lawsuit? Withholding vital information certainly sounds like grounds for suing the living crap out of 'em.
Ok. I work for a rather large competitor of Symantec, and I know this is a lie. First, the number of infected hosts that symantec reported as about 1/5 of what we had seen so far. Second, we had some very large customers thank us for calling them, stating that they had yet to hear anything from Symantec. And judging by who this customer was, I'm sure they would have been on symantecs VIP list as well. I just lost all of the respect I had for them.
It may not be nice, but CNN would have been under no obligation to tell anyone.
Fortunately, CNN's business interest would have been to let the cat out of the bag.
Symantic isn't under any more of an obligation to tell you stuff that you're under an obligation to pay them for it.
paintball
AC: While I called your post retarded, I don't recall resorting to an ad hominem attack.
#1) This is their job, most likely they'd get another if they hated it so much. They created their software so yes, they're gonna have the normal stuff like feature reqs. etc..DUH
I never made the assumption that they hated their jobs, and that was after spending several hours meeting with a majority of the engineering team in interviews and so on, so I don't see how you could make that leap of logic.
#2) I don't think it is a major feat, assuming they create it in the first place, to create the heuristics....DUH...if they were the ones to program it then of course they can find a way to stop/fix it.
From this point, I can only assume that you've never worked in software engineering (your sophmore Pascal project doesn't count), or if you do/have, that you're probably not very good at it. I'm too busy with regularly scheduled deliveries, status reports, and analysis meetings to go off and create work for myself - it cuts into my /. and Counter-Strike time.
- learn to swim.
If there were any covert activities going on, I sincerely doubt you were ever exposed to them. How would you know if they've got some top-secret, burn-before-reading, underground lab or two doing virus development? How would you know if they've started one since you've interviewed with them?
Not when you designed the virus yourself! Think about it. You coded up the virus. You know it inside and out. You designed it to be easy to detect (e.g., by making it oligomorphic and knowing each of the possible permutations in advance), and equally easy to remove (e.g., by making it respond to some obscure signal to remove itself, a la '--bliss-uninfect-files-please', but probably some indirect signal, like flipping a bit in the middle of the boot sector in FAT filesystems).
How about making more money?
When you are engaging in covert and/or criminal activities, that is a risk you are taking.
The only way the typical /.er can pick up a chick is with a forklift. -- AC
While some engineers operate under the assumption that code maintenance = job security, I've been fortunate enough not to work with any.
That aside, there are more than enough people creating viruses to keep all of the anti-virus shops busy.
But let's run with this for a second, since a lot of people are apparently entertaining this as a possibility.
From a product liability standpoint, ask yourself this:
1. What is the benefit from a market share standpoint to doing this?
2. How long will that market share benefit be realized?
3. What is the likelihood of getting caught?
4. What will the negative impact be if they get caught?
For #1 - "minimal". For example, hysterical media reports aside, we didn't see sales of anti-virus software skyrocket after the Melissa virus, either in end-user or corporate sales. People are either smart enough to have the software installed or not. Big companies tend to keep anti-virus software as a pretty high priority from a licensing standpoint, at least every place I've worked. If they get caught unprotected, the people responsible (IT management) tend to get fired: it's called Gross Negligence.
While there's a lot of activity as far as keeping virus definitions updated, this is trivial both at the end-user and corporate level due to automation, and is not a significant source of revenue, if it generates any revenue at all.
#2 - also "minimal". The major players all tend to release virus definitions within hours if not days of each other, so any market share benefit would be very short-lived from an income standpoint.
#3 - "somewhat likely". While I realize this is anecdotal, the only people I've found worse at keeping a secret than a 5 year old is a software engineer. If they did do something like that, we'd hear about it - probably not right away, but we'd hear about it eventually, if only via the rumor circuit - the same people who have it from a reliable source that Apple's running OS X on Dells.
#4. - "potentially catastrophic". If it did come to light that Symantec pulled something like this, I'm sure that the corporate sales teams for Sophos, McAfee, and Trend Micro would immediately add this information to their Power Point presentations, and your average corporate IT executive might consider this fact when negotiating a software license renewal contract.
In summary, it looks like (1) the benefit would be small, (2) it would be short-lived, (3) it would eventually get out that they had done it, and (4) they would be faced with a significant reaction from their corporate customers.
Symantec isn't Microsoft: they have real competition, especially in the enterprise market. Factor in a relatively flat job market for software engineers and the fact that Symantec has (at least when I interviewed with them) a pretty attractive option plan, and I can't see why anyone in the organization would think this was a good idea.
But I could be wrong.
- learn to swim.
In case you don't feel like reading it( it's pretty long) I'll give you an executive summary:
There's not enough upside to the potential downside if they got caught, and it's not worth watching your options go down the toilet for a market advantage that won't last more than a couple of days, especially since enterprise software license purchases are usually on an annual cycle.
Please don't think I'm defending Symantec: the arrogance of their corporate culture is running a strong 3rd behind front-runners Apple and tied for 2nd place contenders Oracle and Microsoft.
There's just no intelligent reason that I can see for doing taking that big a risk.
- learn to swim.
No you're not. I actually learned several things from your post.
Thank you.
I am tempted to use "virii is a plague" as my .sig, though. Interesting concept.
- learn to swim.
What about selling heroin? Is there an intelligent reason that you can see for taking that big a risk? If not, why do people do so anyway?
The only way the typical /.er can pick up a chick is with a forklift. -- AC
I can't argue with with the logical thinking for using 'viruses' rather than 'virii' but surely you should use the word as many other people recognise it?
I spent 3 years at university study biotechnology and one of the first things we learnt is that the plural of 'virus' was NOT 'viruses'.
I know latin is a historically important language but do we really need to check out 2000+ year old rules in the generation of modern phrases?
To: Sent: Tuesday, January 28, 2003 9:37 PM Subject: Sapphire Slammer Uh, is there any possibility that this little old computer inadvertently launched the attack last Friday? For some reason, when I cleaned out my cache, there was 27 MB of stuff that seemed to appear from out of nowhere. The pinging insanity started shortly thereafter. Will I be charged for this service? Oh, and the Boss clearly needs some sleep. Will I be charged for this service?