return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ Sasser's primary infection to home and student PCs ]

Sasser's primary infection to home and student PCs


Home users and students represent as much as 80 percent of the Sasser worm, thus Sasser will persistence as these users "don't generally know what to do" to remove the worm. (Remember the difference between virus and worm; a virus requires Homo Boobus to do something such as opening an email whereas a worm probes for vulnerable systems and installs itself.)

That would indicate that there is fertile ground for the much more dangerous Gaobot/Agobot worm. I do wonder if a new worm will have to carry a Sasser-scrubber so as to overcome the frequent rebooting that Sasser brings but perhaps not, and of course, if a user scrubs Sasser without patching the OS, they will remain vulnerable to the next worm.

To my point: I wonder when ISPs will begin to make good on their threats to disconnect unpatched or repeat offenders from their network. Yes, users will feel distress and will forget that it was their error that put them in the lurch, but something has to be done to remove this reservoir of willing hosts.

As the backlash will inevitably turn back to the majority Wintel OS provider, I can only assume that this will add further incentive to MS to produce more 'trustworthy' releases sooner and to overhaul its cumbersome patch procedure. (I still maintain that MS can defeat many of its putative rivals by producing a secure OS.)

Yes, security is a 24 X7 job, but unless it is easy to enforce, even the most diligent will start to slack. And buy someone else's product even if, like Linux or Unix, they actually have more faults than Microsoft.

Sasser keeps squirming into homes, businesses
By Robert Lemos
Staff Writer, CNET
Story last modified May 4, 2004, 2:01 PM PDT

Gordon Housworth

Cybersecurity Public  InfoT Public  


  discuss this article

<<  |  May 2020  |  >>
view our rss feed