On Tue, Jan 28, 2003 at 09:33:15AM -0500, gabriel wrote: > > now i'm not a fan of micros~1, but i feel that i have to check this statement > for accuracy. in cases like "the sql slammer" the one at fault is definately > not the author of the software, but rather the halfwit who's running it > unpatched. as i understand it, micros~1 had released a patch for mssql > months ago, and this virus is only attacking the boxes that have yet to be > patched.
The trouble is that applying patches for Microsoft products is non-trivial. The patch to which you refer doesn't work on MSDE 2.0, a product which is vulnerable to the slapper worm. Applying patches often requires a reboot. Rebooting can lead to BSODs on boot (sounds like fun, doesn't it). Finding patches and figuring out if they need to be applied isn't easy. Windows has WindowsUpdate and Office has its ProductUpdates but the rest of Microsoft's software doesn't. You have to keep up with the patches and check if your system needs to be updated. To check if your SQL Server is vulnerable to Slapper, you need to wade through the registry to find a version number, which isn't my idea of a good time. Mircosoft themselves were hit by the virus which means that even they are unwilling/unable to apply all patches to their servers. http://news.com.com/2100-1001-982305.html > just think about what the internet would be like if there were millions of > linux users running 3year-old versions of apache & mysql... i would propose I don't think it would have the effect that Slapper had. There are just too many versions/configurations/compile-options for any one virus to be able to affect them all. Hell, if Ramen is any proof, the chances that there are "millions of linux users running 3year-old versions of apache & mysql" is pretty high. > that it's not just microsoft's inability (or unwillingness) to get their sh*t > together, but also the ineptitude of these "sysadmins" that insist on running > this software and don't know (or don't care to know) how to patch it... d) all of the above Emmanuel -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
