PC users point the finger at Microsoft over latest virus outbreak, Sophos reports

August 18, 2005 Sophos Press Release

The worm exploited a Microsoft vulnerability. Image copyright (c) Sophos
The worm exploited a Microsoft vulnerability, allowing hackers to take remote control of PCs.

A web poll of more than 1,000 business PC users1, conducted by Sophos, has revealed that despite Microsoft releasing a security patch and warning in advance, 35% of respondents feel the software giant should shoulder the blame for the recent worm attacks against businesses across the globe. The worms exploit a newly discovered vulnerability in Microsoft's code.

Systems administrators are also feeling the wrath, with 20% of respondents blaming them for not patching systems quickly enough. 45% hold the virus writers responsible for the 19 worms, which all take advantage of the same flaw.

"The majority of users believe that the virus writer has to take the ultimate blame for deliberately creating and unleashing this worm to wreak havoc on poorly protected businesses," said Graham Cluley, senior technology consultant at Sophos. "But what is most surprising is that so many people blame Microsoft for having the software flaw in the first place. Users' anger is perhaps understandable as Microsoft's security problems and their consequences are felt by businesses the world over. Many respondents appear to be incredibly frustrated by the constant need to roll-out emergency patches across their organizations."

Sophos believes that Microsoft faces a considerable challenge in its aim to present itself as a security company. Indeed, another recent survey carried out by Sophos shows that only 28% of respondents rated Microsoft as their most trusted operating system when it comes to security, while 47% believe Linux and Unix are the most secure.

"Microsoft is stuck between a rock and a hard place when it comes to vulnerabilities," continued Cluley. "When it goes public about its security holes, a virus can be written to exploit them and many businesses may not have rolled out the patch. If it kept quiet, someone could still write a virus and everyone would ask why Microsoft hadn't warned anyone of the vulnerability. In either case these flaws are going to be an ongoing problem as Microsoft tries to convince people it's a serious player in the security market."

In the last twelve hours Sophos has detected and protected against seven more worms which exploit the same vulnerability - bringing the total amount to 19, all of which attempt to slip through the same hole to infiltrate businesses and seize control over innocent users' PCs. Businesses which have been hit hard in the last few days include CNN, Financial Times and New York Times.

Sophos stresses that it is vital all businesses ensure they are properly patched against Microsoft security holes and protect all tiers of their organization with automatically updated anti-virus software to reduce the risk of infection.

  1. 1005 respondents. Poll conducted by Sophos between 10:39 17 August and 12:56 18 August, 2005