North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: product liability (was 'we should all be uncomfortable with the extent to which luck..')
- From: Ryan Tucker
- Date: Wed Jul 25 09:47:32 2001
On Wednesday, July 25, 2001, at 09:17 , Joe Shaw wrote:
And with this latest threat of code red, Microsoft would have been
We did, and are quite amazed at how few others did.
anyway, because a patch for this exploit existed well before CodeRed
They released a patch for the indexing server on June 18, 2001, which as
you know is a full month before CodeRed. So, people had a MONTH to
prepare for something like this, and it's a sad statement that they did
None of *our* Win2k servers were affected (thanks to our NT admin's
frequent overnight patchfests), but numerous customers were... most of
this manifested as "your network is down" or "hi, we'd like an SLA
refund" or "my web server keeps crashing, you guys sell hardware
unworthy of a ghetto trash bin".
Windows is NOT easy to administer. Unix (any of 'em) is NOT easy to
administer. You can NOT install and not think about it again. You MUST
continually think about it, look for updates for it, apply updates
(usually overnight, as many of them require a reboot, and some of them
wedge the machine), and keep the server in operating condition.
Reality is in direct contrast to Microsoft's main advertising pitch.
How many of you have seen the Win2k Datacenter commercial with the
unmanned array of large machines, with the voiceover falling just short
of saying you can fly to Mars and back without having to do any
How many affected customers think that, because of that, no resources
need to be devoted to administering their much smaller servers?
How many probably still think that?
It made it through the firewall and didn't set off the virus scanner, so
obviously it's not that bad, right?
Something that might help is PSA's -- you know, those radio spots that
tell you never to shake babies, drive drunk, or keep a pile of old tires
around. Perhaps it's time that everyone also knows keeping your servers
secure is not only in everyone else's best interest, but your best
interest as well. Awareness is a wonderful thing.
I'll throw in a couple bucks towards airtime. -rt