Nimda: Patch didn't save us
Users are questioning the expensive security measures they deploy against Internet attacks in the wake of Nimda, the...



The importance of web security
Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
One IT user, working in pre-sales for a large Microsoft solution provider, said that despite having installed costly virus protection, his company's Microsoft systems were still disabled.
The Nimda attack appeared on the morning of Wednesday 19 September. "By Thursday morning almost all of the company's core Microsoft's systems had been affected," he said.
To combat the virus the company was forced to take down its network, causing considerable disruption to business. "On Monday," the user continued, "all our laptops and internal systems were pulled in for inspection, upgraded and virus-checked by a ten-man ISS team."
But even with the latest software patches installed, the virus still appeared to be breaking corporate security, according to a network engineer at another company. "We have been severely affected by the Nimda virus, via a browser that had 24 hours earlier been patched by myself with the so-called Microsoft fix for this threat," he said.
According to the user, the problem for front line IT support staff was that while a business could usefully employ full-time staff upgrading the latest software. He added: "No financial director will justify an IT person doing nothing but maintain software updates all day."
The implication of not having a full-time IT person responsible for updating patches places serious pressure on the IT department, he said. "When trouble strikes, there is a mad rush for upgrades and fixes and questions are raised as to why the upgrades were not applied before."
Microsoft has responded to criticism by maintaining that its ISS products are no more vulnerable to security breaches than others.
Start the conversation
0 comments