A web poll of more than 200 business PC users, conducted by
Sophos Anti-Virus, has revealed that most blame their fellow system
administrators for the spread of the SQL Slammer internet worm in
the last few days. The Slammer worm (also known as W32/SQLSlam-A) slowed
down large sections of the internet at the weekend, reportedly
causing ATM machines in America to stop working and knocking large
sections of the South Korean population off the web.
64% of poll participants felt that system administrators who
failed to keep their systems updated with the latest security
patches had been most at fault for allowing the Slammer worm to
spread. 24% blamed Microsoft for shipping buggy software, even
though Microsoft warned system administrators of the security hole
back in July 2002.
The poll also revealed that many system administrators have not
put in place a formal way of dealing with new security
vulnerabilities as they are discovered, with 12% relying on
mainstream news reports to tell them about potential problems.
Only 43% of respondents said they had signed up for Microsoft's
security vulnerability mailing list - the method Sophos recommends
to companies who wish to keep informed of new vulnerabilities as
soon as they are discovered.
"The Slammer worm slowed parts of the internet to tortoise pace
this weekend," said Graham Cluley, senior technology consultant,
Sophos Anti-Virus. "However, it was largely preventable. Had
administrators applied the patch when Microsoft released it, the
worm would have had significantly less chance to spread. Companies
should put formal systems in place now to patch against future
vulnerabilities, and system administrators should be given the
resources to manage these procedures."
Interestingly, over 50% of those surveyed indicated that they
noticed an internet slow down when Slammer was at its height at the
weekend.
Comments from survey participants indicated that many system
administrators felt their management had not given them enough
resources to roll-out patches effectively, or had concerns over the
stability of updates from Microsoft in case they caused further
problems.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.