Language Selection

English French German Italian Portuguese Spanish

Sysadmins taking brunt of blame

Filed under
Security

Sysadmins are taking a big chunk of the blame for the latest worm attacks on Windows - said to have already infected 250,000 machines.

An online poll by security company Sophos had revealed that 20 percent of businessmen feel that the man dealing with the problem - the system administrator - is most to blame, for not patching systems fast enough.

The only consolation is that 35 percent of the 1,000 people polled blame Microsoft for the attacks, and a surprisingly low 45 percent, the virus writers themselves.

The attacks exploit a weakness in the plug-and-play element of Windows 2000 to attempt to gain control of PCs.

"What is most surprising is that so many people blame Microsoft for having the software flaw in the first place. Many respondents appear to be incredibly frustrated by the constant need to roll-out emergency patches across their organisations," commented Graham Cluley of Sophos.

An unknown number of businesses around the world have been hit by worms attempting to exploit the vulnerability, including, embarrassingly, a number of well-known media outlets such as CNN, ABC and The New York Times.

Sophos said it had detected another five such worms in the past 12 hours, taking the total number known to attempt exploits to 17 in all.

This has all happened at a time when Microsoft would rather users moved away from Windows 2000, evens so far as to remove mainstream support from the OS on June 30th of this year. Despite its evident unpopularity inside Microsoft, a recent survey discovered the uncomfortable fact that half of corporates still use it widely, four years after the introduction of its supposed replacement, XP.

Another recent survey by Sophos discovered that only 28 percent of those polled rated Microsoft as their most trusted operating system. Forty-seven percent reckoned Linux and Unix were more secure.

By John E. Dunn
Techworld

More in Tux Machines

Linux/FOSS Events

  • The Linux Foundation Announces Session Lineup for ApacheCon(TM) Europe
  • OpenShift Commons Gathering event preview
    We're just two months out from the OpenShift Commons Gathering coming up on November 7, 2016 in Seattle, Washington, co-located with KubeCon and CloudNativeCon. OpenShift Origin is a distribution of Kubernetes optimized for continuous application development and multi-tenant deployment. Origin adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams. And we're excited to say, the 1.3 GA release of OpenShift Origin, which includes Kubernetes 1.3, is out the door! Hear more about the release from Lead Architect for OpenShift Origin, Clayton Coleman.

Security News

  • Report: Linux security must be upgraded to protect future tech
    The summit was used to expose a number of flaws in Linux's design that make it increasingly unsuitable to power modern devices. Linux is the operating system that runs most of the modern world. It is behind everything from web servers and supercomputers to mobile phones. Increasingly, it's also being used to run connected Internet of Things (IoT) devices, including products like cars and intelligent robots.
  • security things in Linux v4.6
    Hector Marco-Gisbert removed a long-standing limitation to mmap ASLR on 32-bit x86, where setting an unlimited stack (e.g. “ulimit -s unlimited“) would turn off mmap ASLR (which provided a way to bypass ASLR when executing setuid processes). Given that ASLR entropy can now be controlled directly (see the v4.5 post), and that the cases where this created an actual problem are very rare, means that if a system sees collisions between unlimited stack and mmap ASLR, they can just adjust the 32-bit ASLR entropy instead.

Raspberry Pi PIXEL and More Improvements

Trainline creates open source platform to help developers deploy apps and environments in AWS