Slashdot Mirror

← Back to Stories (view on slashdot.org)

Worms Jack Up the Total Cost of Windows

Posted by CmdrTaco on from the no-shocker-here dept.

rbrandis writes "Dealing with widespread worms like Sasser raises the cost of using Windows, a research analyst said Wednesday. "This is part of the carrying cost of using Windows," said Mark Nicolett, research director at Gartner. "The cost of a Windows environment has gone up because enterprises have to install security patches very rapidly, deal with outages caused by secondary problems with these patches, and deploy additional layers of security technology." "The Sasser worm attacks confirm our prediction that mass worm attacks against the multiple vulnerabilities disclosed by Microsoft on April 13 were likely," said Nicolett and his Gartner colleague, John Pescatore, in an alert posted on the Gartner site."

10 of 658 comments (clear)

  1. I can relate by Yi+Ding · · Score: 5, Informative

    I work at a computer science department, and I'm currently compiling a CD of patches that people have to install before they get on the internet. Right now, the number of patches is nearing 30.

    1. Re:I can relate by Yi+Ding · · Score: 5, Informative

      Yeah, you can also order all patches from M$ themselves.. I forget the link but you can order all patches on CD for free.. I had it come to me but the curior never left it at my house, and wanted me to come pick it up..

      Yep, I ordered that as soon as it came out, and it finally came, but since the CD was made in Februrary, it doesn't have any of the patches that just came out in April (ie the one that patches against the Sasser worm), so it's back to making CDs by hand.

    2. Re:I can relate by Karamchand · · Score: 4, Informative

      Here's the URL to order the Windows Security Update CD for free!

  2. My Job by tverbeek · · Score: 4, Informative

    Lately about 1/3 of my job consists of dealing with Windows vulnerabilities. And there are four other full-time staffers here with the same job description. We're not especially well paid, but that sure adds up. And when you add in the downtime of the people whose computers we're fixing...

    --
    http://alternatives.rzero.com/
  3. Autopatcher by kajoob · · Score: 5, Informative

    Actually, Just install the latest service pack and then install Autopatcher. It has all the updates, hotfixes, and some cool extras all rolled into one scripted install so you can just start the install and walk away. I've used it and I can say that it makes life a million times easier.

    There are versions for 9x all the way up to XP. You could fit everything onto one cd, and if you wanted you could even script that install. Thanks Autopatcher guys!

    --
    Quidquid latine dictum sit, altum viditur
  4. Re:Not anymore... by ptbarnett · · Score: 4, Informative
    (It's a link to the story about Microsoft including antivirus software in Windows XP Service Pack 2.)

    Read the article again. There's a footnote at the bottom:

    Corrects earlier version which incorrectly stated SP2 would include a built-in virus scanner. The offering actually includes a pop-up monitor that checks the settings of third-party anti-virus and firewall applications, and allows users to modify them if necessary.

  5. Re:Server-based patching by therblig · · Score: 5, Informative
    You can realize half that dream with Microsoft Software Update Services. We've been running it for nearly a year, and it keeps every Windows machine on our network patched. All I do is approve patches, and they are automatically pushed out to every computer on the network. TCO for 130 users was a little over $500 for another copy of Windows 2000 Server, plus a day for setup, plus about ten minutes a month checking and approving patches.

    I know it isn't perfect, and I shouldn't even have to pay for a server to keep our MS stuff up-to-date, but it has saved us tons of time and hasn't given us any problems yet. Maybe we are an exception.

    --

    I struggled for days and days and all I got was this lousy sig.

  6. Re:You've got to be kidding me by jdreed1024 · · Score: 4, Informative
    This is news? This wasn't included in TCO estimates before?

    Yes, this is news. And it's good news. In case people missed it, this is from the Gartner group. This is the holy tome of PHBs. The way and the light. Gartner says jump, and the PHBs jump, you better believe it. And after years of saying the Windows is the way and the light, they're finally acknowledging that poor security costs money. It's recommendations like this, more than anything else, that will move companies from Windows to Linux.

    --
    There is no sig, there is only Zuul.
  7. Re:You'd have to be really stupid... by nordicfrost · · Score: 4, Informative

    No, actually German Post did not get the actual Sasser worm, but they panicked after Sämpo had one loose in their internal network, so they did like Sämpo. Block A LOT of traffic. Unfortunlately, in doing so, they also blocked their own banking system from communicating properly and became "collateral damage" because the sysadmins panicked.

  8. Re:no viruses for linux yet because.... by homer_ca · · Score: 4, Informative

    You don't need root to run a mass mailing email worm. If you could convince a user to run a trojaned executable, regular user permissions will do just fine. It could even open a spam proxy backdoor without root. All you really need root for in network code is for raw sockets and to listen on low TCP ports (below 1024).

    Some email worms exploited an autoexecute from the preview pane bug in IE, but most of them were social engineering exercises in convincing the user to run the attachment. I think it's easy enough to launch an attachment in say Kmail or Evolution. The only challenge is delivering an executable that'll run on enough Linux machines (perl? bash? static binary?). The only reason we don't have a mass mailing Linux worm is because noone's tried it yet . It's not THAT hard.