The Zotob worm recently brought down computers at several large corporations.
Who should share in the blame?
Become a Patron of Ask Leo! and go ad-free!
Listen to the podcast: Zotob Attacks! Who’s to blame?.
This is Leo Notenboom with news, commentary and answers to some of the many questions I get at askleo.info.
Last week, as it does regularly, Microsoft released patches to several vulnerabilities in various versions of Windows. Then, hot on the heels of that announcement, this weekend we heard of massive computer crashes at several large organizations due to a recent virus by the name of “Zotob”. (Where *do* they get those names.) The virus and the crashes apparently affected only machines running Windows 2000. Windows XP users had no problems.
So a few large corporations suffered an outage – who gets the blame?
Well, a lot of people will of course blame Microsoft for writing buggy software. But the fact is that there is simply no such thing as bug-free software. Given that this bug took five or more years to detect, it seems practical that the operating system would have shipped with it.
A lot of people will blame the virus writers for their deeds, and I sure can’t disagree there. Even if there’s a huge, gaping, obvious security hole, taking advantage of it for the purpose of causing others’ harm is not only illegal, but unethical and immoral.
But I think that there’s another group that needs to share some of the blame, and that’s the people at each of the affected corporations responsible for their computers. The people who did not push out the security patches as soon as they became available. If they’d done that, there wouldn’t have been an issue for their organizations.
For better or for worse, security patches and updates are now a regular occurrence. In fact, so regular that Microsoft even schedules the releases – if it’s Wednesday, it must be patch day. By now there’s no reason for IT departments not to know this, and even anticipate it. There’s no reason not to have patches deployed within 24 hours of their availability, especially when you know they’re coming.
And especially since you also know that as soon as the vulnerabilities are publicized, new viruses ready to exploit unpatched machines are right behind them.
I have several links to related items in the show notes for this podcast – visit askleo.info, and enter 9056 in the go to article number box. Leave a comment – let me know what you think, I’d love to hear from you.
This is a presentation of askleo.info, a free on-line technical question and answer service. Hundreds of questions and answers are online and ready to help solve your computer problems. New questions and answers are added daily.