Slashdot Mirror
Symantec Claims They Knew About Slammer In Advance
truthsearch writes "Wired is reporting 'Symantec claims to have identified the Slammer worm that ravaged the Internet during the last weekend of January hours before anyone else did. Symantec then shared the information only with select customers, leaving the rest of the global community to get slapped around by Slammer.' I'm not bothered I didn't know Slammer was coming, but Symantec has a moral responsibility to inform the public if it thinks millions will be affected." It isn't clear to me how Symantec could know, hours in advance, about a worm which took ten minutes to spread throughout the entire Internet, unless they had something to do with its release. Update: 02/14 16:54 GMT by M : Wired has their math wrong; Symantec apparently had at most 20-30 minutes of early warning. Symantec claims in this press release that they discovered the worm "hours before it began rapidly propagating".
Since when does Symmantec have a moral obligation to do anything? They're a corporation. Their service is to detect and prevent network attacks. If you are willing to PAY for the service, then you get the benefits of it. If not, then it sucks to be you. Ford's service is making cars. Are you saying that Ford has a moral obligation to give me one, even though I haven't paid for it?
From the article:
"According to Symantec spokesman Yunsun Wee, Symantec issued an alert about Slammer to DeepSight Threat Management System subscribers "at approximately 9 p.m. PST on Friday, Jan. 24."
Most of the rest of the Internet didn't spot Slammer until shortly after midnight EST on Saturday, Jan. 25th."
Accounting for timezone differences between EST and PST, would this not make the two times much closer to each other?
Heck, Microsoft released a patch to fix this problem in June of 2002. Windows sysadmins had 6 months notice that it was a problem.
I don't mean to sound like a troll or the least bit insensitive, but if the Windows sysadmins aren't keeping their servers patched then that's the sysadmin's fault. The finger of blame should be pointed right at the mirror. Keeping their servers updated and safe is their JOB, unless they have a security specialist, in which case it's their job.
I have wondered why a lot of these Microsoft-worms never seem to have a destructive payload. If you imagine a script-kiddie working hard in his mom's basement, you'd think he'd add a payload of some sort.
(hell, if I had the inclenation and the time to create a virus, I'd atleast change the Windows statup
It's almost like these Microsoft-worms were desingned to create panic and purchasing action, but no legalally actionable damage.
Just a rambeling thought.
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
So explain to me again how they knew about it before anyone else? -kaos
I don't see why people expect companies to donate information that costs them to find. They could've used this info in two ways, the way I see it. First, is to share it to their corporate customers who pay to have this kind of early warning. Second, release it to the media, CERT, and other organizations and make sure they "advertise" that Symantec found it first.
So they chose the first. Big deal. Do you really think even a majority of these sysadmins would have firewalled their MS SQL server hours before it would be infected? Doubtful. If they didn't apply the patch from July of '02, then they're not going to immediately respond in a few hours to patch an impending threat.
Through acquisition, Symantec has access to several firms that have deployed "sensors" in many locations around the 'net. These sensors relay actvity information back to a central location.
Symantec correlates this information, and determines threats. They then relay this information to customers of the subscription service.
This may be what they are referring to.
So Borland Delphi and 6 other applications wont run without admin rights, and somehow that is Microsoft's fault? Why not blame Borland?
"The defense of freedom requires the advance of freedom" - George W Bush
My Magic Eight Ball predicts of a future exploit of a buffering problem in Microsoft software.
How can you know this stuff Magic Eight Ball!!
It's a fairly fundamental difference.
If all copies of MS products were magically replaced with *nix versions tomorrow, we'd see *nix oriented viruses the day after tomorrow. It isn't the label on the box, it's the popularity of the software.
Virus writers are like vandals -- nobody is going to make graffiti where it doesn't get lots of public exposure.
load "windows7"
Unix/Linux dominate the market for servers and databases. Oracle is the most widely used database the last time I checked and SQL Server was third. Unix/Linux *is* ubiquitous for servers. Microsoft is the niche player and it is Microsoft that is producing softare so buggy that it is hobbling the internet.
It's safe to say by your post that you haven't.
To post the assertion that these guys have anything to the propagation and dissemination of viruii is retarded - not only do they have to contend with regular build issues, feature requests, etc. - but they also have to keep up with the dozens of virii released into the wild on a weekly basis. The heuristics involved in developing the software necessary to *fix* an already infected (sometimes by multiple virii) is pretty impressive. There's no *good* reason why any of these engineers would intentionally create more work for themselves -- they don't need any.
Additionally, they aren't the only game in town as far as anti-virus software. They would be out of the fame in a New York minute if they were ever found to be involved in disseminating virii, intentionally or not.
Please turn off your computer and go back to your "X-Files" reruns.
P.S. - The coolest thing about the interview was when one of the Senior Engineers showed me the Quarantine Room, where they research different virii and repairing the damage.
- learn to swim.
The plural of "virus" is "viruses". Aside from that, Latin plurals end in "i", not "ii". For example, "magus" becomes "magi", not "magii". The notion of Latin plurals ending in "ii" probably comes from such words as "radii" (plural of "radius"). The reason "radii" has two "i"s is because "radi-us-" becomes "radi-i-".
"In antiquity the word virus had not yet acquired, of course, its current scientific meaning; rather it denoted something like toxicity, venom, a poisonous, deleterious, or unpleasant agent or principle, or poison in the abstract or general sense. [...] Nouns denoting entities that are countable pluralize (book, books); nouns denoting noncountable entities do not (except under special circumstances) pluralize (air, mood, valor). The term virus in antiquity appears to have belonged to the latter category, hence the nonexistence of plural forms." (taken from here) Also, "viri" is Latin for "men", so that's not it either. The word is "viruses".
I know i'm coming off like a jerk here, and normally i don't post just to criticise someone's spelling, but "virii" is a plague. It's because of mistakes like this that we have two words for "disc", and the bizarre spelling of "Thames" (i.e. people trying to make English correspond to its Latin/Greek roots). Anyway, i just thought i'd point that out. That word really bothers me (which i guess is somewhat sad).
Sources:/ v/virus.html
- http://dictionary.reference.com/help/faq/language
- http://www.perl.com/language/misc/virus.html
PS: Otherwise an interesting post, heh.