PREMIUM SEARCH Search by job title, geography and build a list of executive contacts
The Colossus of Redmond has long served as a favorite punching bag for the hacker community. But software giant Microsoft really got knocked for a loop on Oct. 27 when it admitted that malicious hackers had penetrated the company's computer network and run amok for about two weeks. Initial media reports claimed the hackers had snagged secret source code for Office and Windows, two of the most lucrative Microsoft software franchises.
The company subsequently denied those allegations but admitted the network had been compromised. That most likely happened when a Microsoft employee logged on to the company network from a home computer via a cable modem or digital subscriber line and inadvertently revealed key passwords to a hacker watching online. The intruders were then able to send e-mails laced with a worm program -- most likely a variant from China dubbed QAZ -- that burrows into a computer network and surreptitiously sucks up passwords while affording unauthorized access through virtual trapdoors in the computer system.
FAMILIAR VIRUSES. But QAZ is an old problem, spotted months ago and recognized by most off-the-shelf antivirus software. So what does this say about Microsoft? Nothing more than that Bill Gates's tech powerhouse is just like everyone else out there in the networked world.
Jeffrey Carpenter, a manager at the Computer Emergency Response Team (CERT) at Carnegie Mellon University, estimates that 99% of the major attacks the team analyzes use old viruses or worm programs. "In the cases where the cause of the compromise can be determined, the vast majority are from known types of attacks where countermeasures are readily available," Carpenter says.
Of course, keeping a disparate network of tens of thousands of machines updated with the latest software makes cleaning the Aegean stables look like a minor chore. "Howard Schmidt [Microsoft's chief security manager] has an enormous network to watch over," say Tim Belcher, chief technology officer of Internet security company RIPtech. And that network morphs continually. Many of Microsoft's employees aren't permanent, and hundreds of users join and leave the company's privileged access circle on a daily basis.
Furthermore, security software often slows down computer speeds, reducing efficiency. Programmers, in particular, have been known to turn off their virus-protection software to speed up the lengthy compilation process during a heavy coding session.
FALLING BEHIND. But none of these problems are peculiar to Microsoft. Other high-tech companies extensively use independent contractors or temporary employees. Most have employees logging on to company systems from home computers, often over broadband connections that provide minimal protection against intruders. And as a major reporting center for Internet security problems, CERT has found many companies have trouble keeping their networks and security software updated with the latest information and countermeasures.
"The real concern here is not that Microsoft got broken into. The real question is: What can the mom-and-pop companies and even the middle-class companies do for security if Microsoft, with that staff and that funding, has these types of security issues?" Belcher asks.
The easy answer is that they can update their software in a timely fashion and rein in remote usage over unsecured machines. But Microsoft and the millions of other companies that rely on computers more and more as communications tools all face a common enemy in the resistance of their employees to adopt cumbersome security measures.
PENALTIES IN ORDER? What will it take to ensure that no one logs on from a home PC over a wide-open cable modem that could easily compromise the corporate network? Some security experts advocate the use of penalties, perhaps monetary fines, to hammer home the seriousness of this offense or others, such as turning off security software to speed up a desktop. Weekly antivirus-software updates on all machines that touch a network should likewise become the price of entry for companies that want employees to work over remote connections.
Sound draconian? So did the concept of locking all the doors and windows at home to country folk moving into the city in the 19th and early 20th centuries. And that's a good analogy. The quaint old days of relatively isolated and bucolic computer networks are now long gone. Everyone, even the monolithic Microsoft, should keep their antivirus burglar alarms set at all times or reconcile themselves to the fact that their home could be broken into at any time.
Salkever covers computer security issues for Business Week Online. Follow his Security Net column twice a month, only on BW Online Edited by Beth Belton
Copyright 2000, by The McGraw-Hill Companies Inc. All rights reserved.
Printer-Friendly Version
