On Tue, Jul 24, 2001 at 10:35:37PM -0700, k claffy wrote:
This assault also demonstrates that machines operated by home users or small businesses (hosts less likely to be maintained by a professional sysadmin) are integral to the robustness of the global Internet. As is the case with biologically active pathogens, vulnerable hosts can and do put everyone at risk, regardless of the significance of their role in the population.
fwiw, caida trying to do gentle survey of patching speed, see http://worm-security-survey.caida.org/
k
ps: john maddog hall (linux int'l) had a great slide a few months ago at UCSD talk; upshot something like
INSTALLED BASE (EARTH)
+ 20 million linux systems + 450 million gates licenses ==> 4.4 - 6.6 % of the population total
... world population: ~6B
==> 5.4 billion people haven't selected an OS yet
[k: maybe we can get them on OS-antioxidants before it's too late]
At the very least, this demonstrates that those who produce and maintain operating system software and software in general (and in particular, bundled software such as MS office or, in this case, IIS) need to provide more centralized methods of updating those packages. (ie, all-in-one type updates that can be more readily automated) Efforts also need to be made to educate the public that they need to check for software updates from time to time. Doing this, right now, can be difficult for many users to grasp (lets face it, some software doesn't update well, if at all) and may require more effort than even reputable administrators are willing to extend. How to go about making the public more secure, of course, is an on-going debate and perhaps even a losing battle but still worth the effort. --- Wayne Bouchard web@typo.org Network Engineer http://www.typo.org/~web/resume.html