I seems like this forum is filled with comments from people that didn't have the knowledge or was to lazy to patch their system. Let's face it, you wouldn't park your new Benz unlocked in the middle of the Bronx and expect it to be there when you come back an hour later, but you expect your unpatched unprotected servers to be untouched on the internet. Internet is nothing but a ghetto, so thats how we should handle our servers. A sysadmin that doesn't patch his servers and keeps them up to date is no good sysadmin. Concerning the loss of income the some company have had related to this worm - there is only one person to blame, the Sysadmin, fire him! There is no problem finding sysadmins that don't have a clue what it's about. There are many sysadmins that just install their default-installation of Windows and expect it to be "secure" - no patching, and maybe a firewall. Sysadmins that choose Windows for a server should be aware of all the risks.

Let's talk about "Sasser", come on, it was pretty harmless. Imagine what it could have done - I believe that those admins who didn't patch their servers should see this as a wake-up-call. Lucky you, you didn't loose any data, there was no hardware destroyed - It is possible to do this, but the programmer didn't do it. The next time it might be some evil person that writes a virus using these some Windows-vuln, and wipes out all your data. So come on, look at this as a wake-up-call and don't blame the kid for doing this harmless little hoax. We need viruses and worms, else people wouldn't pay any attention to security.

And to all you blind Windows-admins out there - there is alternative solutions that is much more safe and much cheaper...

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/8581/26313#26313