1x1


ONLINE FEATURES Book Reviews BW Video Columnists Interactive Gallery Newsletters Past Covers Philanthropy Podcasts Special Reports BLOGS Auto Beat Bangalore Tigers Blogspotting Brand New Day Byte of the Apple Economics Unbound Eye on Asia Fine On Media Green Biz Hot Property Investing Insights Management IQ NEXT: Innovation NussbaumOnDesign Tech Beat Working Parents TECHNOLOGY J.D. Power Ratings Product Reviews Tech Stats Wildstrom: Tech Maven AUTOS Home Page Auto Reviews Classic Cars Car Care & Safety Hybrids INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads

JANUARY 31, 2003

NEWS ANALYSIS
By Alex Salkever

The Big Lessons of a Little Worm
Even though systems engineers quickly blunted Slammer's weekend attack, that success can't hide the gaping holes in the Internet's armor


  STORY TOOLS
Printer-Friendly Version
E-Mail This Story

POLL INSTANT SURVEY >>
With which of the following statements on outsourcing do you most agree?

The benefits of outsourcing to corporate America far outweigh the costs
There's an even split between the drawbacks and rewards
Any benefits are overshadowed by the loss of U.S. jobs
Unsure

VIEW POLL RESULTS >>
  PEOPLE SEARCH

Search for business contacts:

First Name :
Last Name :
Company Name :

PREMIUM SEARCH
Search by job title, geography and build a list of executive contacts

Search by Zoominfo
  Tech White Papers
Most Recent
Most Popular
While the chaos caused by the Slammer worm on Saturday, Jan. 25 has subsided, the tiny program that gummed up the Internet leaves some painful insights into the immense damage a voracious invader can inflict -- not only on its direct targets but to secondary ones as well. Above all, Slammer, which infected the ubiquitous Microsoft database software used to manage corporate information, was a further demonstration of just how vulnerable the Internet remains.


In this case, not using Microsoft software or products that rely on Redmond's databases was no guarantee. On the North American Network Operators list-serv, a bulletin board for network engineers, a slew of frustrated posts complained that, even after the switches and routers that serve as network traffic cops were reprogrammed to ignore Slammer, the sheer volume of worm traffic continued to bury networks. Unlike a virus, a worm doesn't require e-mail to replicate and transmit itself into other systems.

Telephone service, ATM networks, and crucial communications linkages that depend on the Net were knocked out. And while that was bad enough, things might easily have been much worse. "If it had been Monday morning, you would have had not just the tech industry buzzing -- I think you would have been talking about serious collateral damage," says Tom Ohlsson, vice-president for network-monitoring services provider Matrix NetSystems in Austin, Tex.

FORTUNATE TIMING.  If Slammer's weekend assault had come just 48 hours later, the end result might have been a virtual Net shutdown. Institutional investors unable to make trades could have lost billions of dollars. Local emergency-response operators, who rely on the Net to direct "911" assistance, might have been staring at frozen screens. Banking services, which encrypt their data traffic over the public Internet, might have ground to a halt.

The likelihood that a Slammer-style worm will hit at a more vulnerable moment is high, according to experts like Vincent Weafer, senior director of the computer-security outfit Symantec Security Response (SSR). Weafer points out that every worm attack has been shorter, but much more intense, than its predecessor. And the potential for attacks is clearly rising. Vulnerabilities that researchers and companies report every week to BugTraq, a mailing list, and to CERT, a Net watchdog, have increased from an average of 20 to 25 in 2001 to around 40 or 50 in 2002.

Slammer's ripple effect also demonstrated how damage can spread beyond prime targets. For instance, due to the sheer volume of overflow traffic, some outfits running Linux-based systems in the same data centers as Slammer-infected machines also lost access to their non-Microsoft systems, experts say. A related lesson: Backup Internet connections don't guarantee protection.

OPEN DOORS.  More of these attacks are using paths left open for perfectly valid services. Slammer gained access via "port 1434," tech lingo for a standard entry point for queries to Microsoft database servers. Simply closing that port isn't a viable option, however, as it would disable key business functions.

Most worrisome, Slammer proved that the current "patching" system is sorely inadequate. Microsoft had issued a software patch to foil Slammer in July, 2002. Unfortunately, harried systems administrators ("sysadmins" in geekspeak) failed to install it on tens of thousands of machines. That's not as reprehensible as it sounds, since a typical sysadmin may receive dozens of patches each week, and activating them means a time-consuming and annoying reboot. Sysadmins also complain that Microsoft patches sometimes create problems of their own, so many adopt a wait-and-see attitude when the latest one arrives.

Patching on the fly also is problematic. At the height of the Slammer attack, many sysadmins complained of being unable to download the patch. This could have been the result of problems at Microsoft, an overload of demands from harried sysadmins, or because of the broad slowdowns in the Net. Whatever the reason -- or combination of them -- it remains a shame that a patch available to so many was installed by so few.

GOOD NEWS -- AND BAD.  If any encouragement is to be found in the Slammer attack, it's that computer-security engineers now recognize and respond to attacks far more quickly than was the case before, when invaders like Nimda and CodeRed hobbled the Net. This time, network operators quickly noticed something was amiss, and engineers were able to begin reducing Slammer's impact within two hours of its initial appearance in Hong Kong. Net optimists insist that such responses can only improve, thanks to better coordination and, with any luck, better patching mechanisms.

If that rose-tinted perspective proves false, then history may well regard Slammer Saturday as a grim glimpse of the perilous future that awaits network security, an era when infections spread like wildfire, systems crash, and global commerce is hamstrung. Should that future come to pass, the road to a remedy will undoubtedly be a long, hard, uphill slog.


Salkever is Technology editor for BusinessWeek Online
 Edited by Beth Belton
Get BusinessWeek directly on your desktop with our RSS feeds.XML

Add BusinessWeek news to your Web site with our headline feed.

Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video.

To subscribe online to BusinessWeek magazine, please click here.

Learn more, go to the BusinessWeekOnline home page
Back to Top
JANUARY
TODAY'S MOST POPULAR STORIES

  1. Apple's iPod Problem
  2. Detroit's New Bill: $34 Billion
  3. Auto Workers Give Up Notorious Featherbed
  4. Small Towns with Big Money
  5. Ford's Mulally Hits the Road

Get Free RSS Feed >>
  MARKET INFO
DJIA 8591.69 +172.60
S&P 500 870.74 +21.93
Nasdaq 1492.38 +42.58

Portfolio Service Update

Stock Lookup

Enter name or ticker



Copyright 2003, by The McGraw-Hill Companies Inc. All rights reserved.
Terms of Use | Privacy Policy

Media Kit | Special Sections | MarketPlace | Knowledge Centers
McGraw-Hill Cos.