Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worms Jack Up the Total Cost of Windows

Posted by CmdrTaco on from the no-shocker-here dept.

rbrandis writes "Dealing with widespread worms like Sasser raises the cost of using Windows, a research analyst said Wednesday. "This is part of the carrying cost of using Windows," said Mark Nicolett, research director at Gartner. "The cost of a Windows environment has gone up because enterprises have to install security patches very rapidly, deal with outages caused by secondary problems with these patches, and deploy additional layers of security technology." "The Sasser worm attacks confirm our prediction that mass worm attacks against the multiple vulnerabilities disclosed by Microsoft on April 13 were likely," said Nicolett and his Gartner colleague, John Pescatore, in an alert posted on the Gartner site."

19 of 658 comments (clear)

  1. I can relate by Yi+Ding · · Score: 5, Informative

    I work at a computer science department, and I'm currently compiling a CD of patches that people have to install before they get on the internet. Right now, the number of patches is nearing 30.

    1. Re:I can relate by DrEldarion · · Score: 3, Informative

      They're getting a lot better about that, actually. Many of the patches they offer nowadays can be installed together so you only have to reboot once. It's only the major things like service packs, new versions of IE, etc that need to be installed seperately.

    2. Re:I can relate by Yi+Ding · · Score: 5, Informative

      Yeah, you can also order all patches from M$ themselves.. I forget the link but you can order all patches on CD for free.. I had it come to me but the curior never left it at my house, and wanted me to come pick it up..

      Yep, I ordered that as soon as it came out, and it finally came, but since the CD was made in Februrary, it doesn't have any of the patches that just came out in April (ie the one that patches against the Sasser worm), so it's back to making CDs by hand.

    3. Re:I can relate by Karamchand · · Score: 4, Informative

      Here's the URL to order the Windows Security Update CD for free!

    4. Re:I can relate by rev063 · · Score: 3, Informative
      Many of the patches they offer nowadays can be installed together so you only have to reboot once

      I just ran a Windows 2000 box that hadn't been patched in a year through Windows Update. Three reboots: One for a Windows 2000 Service Pack, another for IE, and a third for a whole bunch of security patches (which did all install as a unit). And that's without patching Outlook Express, which looked as though it needed its own reboot. The whole process for two machines (desktop and laptop) took about an hour (including some significant pfutzing to clear enough HD space to allow the Service Pack to install).

    5. Re:I can relate by zcat_NZ · · Score: 3, Informative

      Surprisingly, WinXP's firewall is something Microsoft seems to have 'got right' for the most part. It doesn't try and block outgoing traffic, it doesn't try to analyse or modify packets, and it doesn't pop up alerts for every blocked or unsuccessful connection. It simply blocks or allows incoming connections based on port, leaving as little room as possible in the code for exploitable errors.

      I have every confidence that Microsoft will remedy all this at the same time they make the firewall 'on by default'

      --
      455fe10422ca29c4933f95052b792ab2
  2. My Job by tverbeek · · Score: 4, Informative

    Lately about 1/3 of my job consists of dealing with Windows vulnerabilities. And there are four other full-time staffers here with the same job description. We're not especially well paid, but that sure adds up. And when you add in the downtime of the people whose computers we're fixing...

    --
    http://alternatives.rzero.com/
  3. Autopatcher by kajoob · · Score: 5, Informative

    Actually, Just install the latest service pack and then install Autopatcher. It has all the updates, hotfixes, and some cool extras all rolled into one scripted install so you can just start the install and walk away. I've used it and I can say that it makes life a million times easier.

    There are versions for 9x all the way up to XP. You could fit everything onto one cd, and if you wanted you could even script that install. Thanks Autopatcher guys!

    --
    Quidquid latine dictum sit, altum viditur
  4. Re:Not anymore... by ptbarnett · · Score: 4, Informative
    (It's a link to the story about Microsoft including antivirus software in Windows XP Service Pack 2.)

    Read the article again. There's a footnote at the bottom:

    Corrects earlier version which incorrectly stated SP2 would include a built-in virus scanner. The offering actually includes a pop-up monitor that checks the settings of third-party anti-virus and firewall applications, and allows users to modify them if necessary.

  5. Re:Isnt Linux Beautiful? by pe1chl · · Score: 3, Informative

    I advise you to look at a decent Linux distribution instead of doing a build-it-yourself.
    Any commercially supported Linux distribution will offer updates that can be installed by your mother just like she can use Windows Update.

    For example, look at SuSE Linux, which has Yast Online Update.

  6. Re:Server-based patching by therblig · · Score: 5, Informative
    You can realize half that dream with Microsoft Software Update Services. We've been running it for nearly a year, and it keeps every Windows machine on our network patched. All I do is approve patches, and they are automatically pushed out to every computer on the network. TCO for 130 users was a little over $500 for another copy of Windows 2000 Server, plus a day for setup, plus about ten minutes a month checking and approving patches.

    I know it isn't perfect, and I shouldn't even have to pay for a server to keep our MS stuff up-to-date, but it has saved us tons of time and hasn't given us any problems yet. Maybe we are an exception.

    --

    I struggled for days and days and all I got was this lousy sig.

  7. Re:You've got to be kidding me by jdreed1024 · · Score: 4, Informative
    This is news? This wasn't included in TCO estimates before?

    Yes, this is news. And it's good news. In case people missed it, this is from the Gartner group. This is the holy tome of PHBs. The way and the light. Gartner says jump, and the PHBs jump, you better believe it. And after years of saying the Windows is the way and the light, they're finally acknowledging that poor security costs money. It's recommendations like this, more than anything else, that will move companies from Windows to Linux.

    --
    There is no sig, there is only Zuul.
  8. Re:You'd have to be really stupid... by nordicfrost · · Score: 4, Informative

    No, actually German Post did not get the actual Sasser worm, but they panicked after Sämpo had one loose in their internal network, so they did like Sämpo. Block A LOT of traffic. Unfortunlately, in doing so, they also blocked their own banking system from communicating properly and became "collateral damage" because the sysadmins panicked.

  9. Re:TCO by Eccles · · Score: 3, Informative

    TCO=Total Cost of Ownership

    Includes price and rough estimates of other costs (support, downtime, etc.)

    --
    Ooh, a sarcasm detector. Oh, that's a real useful invention.
  10. Re:no viruses for linux yet because.... by homer_ca · · Score: 4, Informative

    You don't need root to run a mass mailing email worm. If you could convince a user to run a trojaned executable, regular user permissions will do just fine. It could even open a spam proxy backdoor without root. All you really need root for in network code is for raw sockets and to listen on low TCP ports (below 1024).

    Some email worms exploited an autoexecute from the preview pane bug in IE, but most of them were social engineering exercises in convincing the user to run the attachment. I think it's easy enough to launch an attachment in say Kmail or Evolution. The only challenge is delivering an executable that'll run on enough Linux machines (perl? bash? static binary?). The only reason we don't have a mass mailing Linux worm is because noone's tried it yet . It's not THAT hard.

  11. 5000 machines, one click. This is expensive?? by KE1LR · · Score: 3, Informative
    We watched sasser just go right by us because all of our managed machines were patched well before it showed up. Why? We're running SUS .

    When the vulnerability was announced, we saw it was going to be a bad one. What did we do? Well, we downloaded the update, tested it on a few machines (which had no problems) and a few days later clicked a check box on a SUS server that approved it for distribution to clients.

    Over the next few days, just the one SUS server I monitor reported over 1200 clients successfully installed the update. Others reported similar results. By time time sasser showed up (or any of its slower-moving predecessors, some of which were poking around within a week), we'd patched thousands of systems with no user interaction at all. The only people who got hit were people running unmanaged machines... and many of them had ignored the little green globe which was telling them that their system needed to be updated. If they'd clicked on it, they would have been OK too.

    Oh yeah, SUS is free, a piece of cake to install, and works great. It even locks down the server it runs on to resist attack. Anyone who runs more Windows machines than they can reach from their desk chair should be using it.

    Gartner should stop with the "nyah nyah we said it was going to be a bad one... look how cool we are". Everyone else with a clue knew it was going to be a big problem too. They should instead point out ways for Windows shops to get out in front of the curve.

  12. Re:um... by humankind · · Score: 3, Informative

    Am I the only one who's discovered that Automatic Updates are actually automatic?

    No. You are one among many that apparently think Automtic Updates covers everything when it doesn't. The Automatic updates are not all-inclusive of the patches released to address vulnerability/security issues.

  13. Inexcusable in the age of SUS by Anonymous Coward · · Score: 3, Informative

    SUS (Software Update Services, a LAN version of Microsoft's Windows Update site) has been out for, what, two years now? Any decent-sized network should consider it essential. I am running SUS on my LAN at work (about 50+ Windows 2000/XP workstations) and we haven't had any problems from these worms, simply because all my machines are patched within a day of the patches being released. Considering the patch for the Sasser worm has been out for over two weeks now, I think it should be considered dereliction of duty for Sysadmins to take so damn long installing the patches!!!!

    Blame MS all you want, at the end of the day, if MS have released the patch and the sysadmins haven't installed it (for whatever reason), then its not MS's fault.

    Still, I wouldn't mind breaking the fingers of the prick who wrote the worm in the first place.

  14. Re:no viruses for linux yet because.... by Rutulian · · Score: 3, Informative

    If it is above port 1024...yes. You can start an Apache process and bind it to port 8080 without being root.