Patch practices fail Blaster test

The long list of casualties hit by the W32 Blaster Worm has once again proven IT managers are struggling to securely maintain their systems and keep patches up to date.

If Blaster was a test then IT managers failed miserably, but sadly the rampage was all too real as the victims of more than half a million computers running Windows will contest, especially some of Australia's largest companies which were crippled by the worm.

Astounded by the devastation of the aftermath considering Microsoft posted a software patch to fix the flaw on July 16, the Australian Computer Emergency Response Team (AusCert) general manager Graham Ingram said he was "surprised that IT managers were surprised".

He said there was plenty of warning with even the worst-case scenario of massive exploitation well articulated in advance of the attack.

"The whole nature of the threat was missed because the focus is on technical issues instead of security; patch models currently in use are not workable," Ingram said.

"IT professionals are responsible for maintaining security alerts, there is no shortage of information; it is not a difficult task and no one else is going to do it."

Information Security Interest Group (ISIG) chair Mark Ames agrees current practices are failing pointing out there are options other than patching 3000 desktops.

Ames said firewall and gateway controls can be used to block a particular string of packets.

He said complaints by IT managers that it takes time to test each patch before deployment is a "lame excuse".

Companies hit by the worm said patching hundreds of servers and thousands of workstations takes a lot of effort that involves scheduled downtime which is why the process needs to be reduced from hours to minutes.

Ironically, a new version of the W32.Blaster worm has emerged which cleans corrupted systems, then installs a software patch to prevent future infections.

Referred to as Worm_MSBLAST.D and Nachi it spreads by exploiting the same Windows security hole as the original.

However, unlike the original it is more concerned with fixing systems rather than exploiting their weaknesses by removing the Blaster worm file, downloading and installing a software patch and closing the security hole used by the worm. w - with Jaikumar Vijayan

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sandra Rossi

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?