• On The Insider: Infamous Celeb Mistresses
advertisementClick to Save up to $300/yr on calls

August 18, 2005 12:32 PM PDT

Survey: Microsoft bears some blame for worms

By Dawn Kawamoto
Staff Writer, CNET News

Related Stories

Microsoft investigates potential new IE flaw

 August 17, 2005

Microsoft offers Zotob removal tool

 August 17, 2005

Watch out for worm wars

 August 17, 2005
One-third of business users blame Microsoft for the recent worm outbreak, despite the company's security efforts, according to a poll.

Thirty-five percent of respondents to an informal Web survey of customers by security company Sophos said the software maker was ultimately at fault for the recent rash of worms spawned by variants of Zotob. In the poll results, released on Thursday, 45 percent placed the blame squarely on the virus writers, while 20 percent laid blame on their systems administrators for not patching systems fast enough.

"The majority of users believe that the virus writer has to take the ultimate blame for deliberately creating and unleashing this worm to wreak havoc on poorly protected business," Graham Cluley, Sophos senior technology consultant, said in a statement. "But what is most surprising is that so many people blame Microsoft for having the software flaw in the first place."

Microsoft is not alone. Companies are increasingly calling on software developers to improve their security battle-testing of products before release.

"No software is 100 percent secure, and this is collectively being felt by the industry," a Microsoft representative said Thursday. "Over the last year, Microsoft has made improvements with security."

The software giant, for example, has launched its Security Development Lifecycle, the representative said. The move modified Microsoft's software development process to improve the way it integrates security best practices from the get-go.

Microsoft has also seen security improvements with its Windows XP operating system and the Service Pack 2 update, analysts said.

In the most recent worm outbreak, malicious attackers began circulating variants of Zotob and other viruses that exploit a plug-and-play feature in some Windows versions. The onslaught came shortly after Microsoft's regular monthly patch release, which included a fix for the problem. The flaw allows remote attack in Windows 2000 and not Windows XP SP2, according to Microsoft.

"Microsoft is stuck between a rock and a hard place when it comes to vulnerabilities," Cluley said. "When it goes public about its security holes, a virus can be written to exploit them and many businesses may not have rolled out the patch. If it kept quiet...everyone would ask why Microsoft hadn't warned anyone of the vulnerability."

See more CNET content tagged:
Zotob worm, blame, worm, Graham Cluley, Sophos Plc.

Add a Comment (Log in or register) 82 comments (Showing first 20 comments)
Hey, where are the PC Boyz?
by R. U. Sirius August 18, 2005 1:06 PM PDT
Man, I come to this story looking to read all the fun comments first from Apple fans bashing Windows, followed by rejoiners from the PC Boyz, and what do I find? nothing. Total quiet.
Reply to this comment View all 2 replies
Hey, where are the PC Boyz?
by R. U. Sirius August 18, 2005 1:06 PM PDT
Man, I come to this story looking to read all the fun comments first from Apple fans bashing Windows, followed by rejoiners from the PC Boyz, and what do I find? nothing. Total quiet.
Reply to this comment View all 2 replies
M$ has improved
by CNerd2025 August 18, 2005 1:47 PM PDT
"Over the last year, Microsoft has made improvements with security."
Ah, so this point last year, there were 600 security holes for which XP was vulnerable...now we are down to 599!
Reply to this comment
M$ has improved
by CNerd2025 August 18, 2005 1:47 PM PDT
"Over the last year, Microsoft has made improvements with security."
Ah, so this point last year, there were 600 security holes for which XP was vulnerable...now we are down to 599!
Reply to this comment
Not really newsworthy
by Mister Winky August 18, 2005 2:04 PM PDT
Summary of this pointless article:

Some people blame the virus author, some blame the vendor and some blame sysadmins. ZZZzzzz. Who else would they blame? Their mommies? The great computer in the sky?

How is this newsworthy? The headline tries to make it sound more exciting than it is. Who is at fault? All of the above. As with any issue this complex (like a multicar pile up on a freeway), fault is always shared.

MS' security response is much better these days, but until they get 95% of Windows users to migrate to Windows XP (especially SP2+) and Windows 2003 (especially SP1+), they're going to feel the hurt for years of overlooking security issues.

Mister Winky
Reply to this comment View reply
Not really newsworthy
by Mister Winky August 18, 2005 2:04 PM PDT
Summary of this pointless article:

Some people blame the virus author, some blame the vendor and some blame sysadmins. ZZZzzzz. Who else would they blame? Their mommies? The great computer in the sky?

How is this newsworthy? The headline tries to make it sound more exciting than it is. Who is at fault? All of the above. As with any issue this complex (like a multicar pile up on a freeway), fault is always shared.

MS' security response is much better these days, but until they get 95% of Windows users to migrate to Windows XP (especially SP2+) and Windows 2003 (especially SP1+), they're going to feel the hurt for years of overlooking security issues.

Mister Winky
Reply to this comment View reply
Felix was right!!!
by dam7ri August 18, 2005 5:14 PM PDT
Does anyone remember the episode of "The Odd Couple", when Oscar underwent hypnosis to stop being sloppy? The trigger that Felix used was "Our fault lies not in our stars, but in ourselves."

The point is that blame ultimately lies with the user. No matter how safe Volvo makes a car, the person driving it still has to know how to drive, and the same holds true for computers.

I've done all the griping I can about Microsux, virus-writers, and software vendors. Now, I try to teach people how to use computers responsibly, by explaining what anti-virus, anti-spyware, and firewalls do and their importance. Knowledge is the key, not blaming others because of your ignorance.
Reply to this comment View all 3 replies
Felix was right!!!
by dam7ri August 18, 2005 5:14 PM PDT
Does anyone remember the episode of "The Odd Couple", when Oscar underwent hypnosis to stop being sloppy? The trigger that Felix used was "Our fault lies not in our stars, but in ourselves."

The point is that blame ultimately lies with the user. No matter how safe Volvo makes a car, the person driving it still has to know how to drive, and the same holds true for computers.

I've done all the griping I can about Microsux, virus-writers, and software vendors. Now, I try to teach people how to use computers responsibly, by explaining what anti-virus, anti-spyware, and firewalls do and their importance. Knowledge is the key, not blaming others because of your ignorance.
Reply to this comment View all 3 replies
Kind of like blaming the weather man for the rain.
by caktus August 18, 2005 11:22 PM PDT
The weather man can only try his best. The weather, like bad guys and careless guys, is going to do what it wants. We can't manage the weather. All we can do is learn to manage the bad and the careless.
Reply to this comment View reply
Kind of like blaming the weather man for the rain.
by caktus August 18, 2005 11:22 PM PDT
The weather man can only try his best. The weather, like bad guys and careless guys, is going to do what it wants. We can't manage the weather. All we can do is learn to manage the bad and the careless.
Reply to this comment View reply
Two-thirds of business users do not blame Microsoft
by BR-549 August 19, 2005 3:09 AM PDT
The headline for this news item could just as easily have read, "Two-thirds of business users do not blame Microsoft for the recent worm outbreak, according to a poll. But that would not have been news, would it?

Evidently, most of these other business users know how to take care of their business, or if something does goes wrong, they know how to correct it, instead of blaming someone else.
Reply to this comment View all 2 replies
Two-thirds of business users do not blame Microsoft
by BR-549 August 19, 2005 3:09 AM PDT
The headline for this news item could just as easily have read, "Two-thirds of business users do not blame Microsoft for the recent worm outbreak, according to a poll. But that would not have been news, would it?

Evidently, most of these other business users know how to take care of their business, or if something does goes wrong, they know how to correct it, instead of blaming someone else.
Reply to this comment View all 2 replies
Your suggestion is wrong
by orphu August 19, 2005 6:19 AM PDT
The suggestion not to use MS products is wrong.

1) First of all, most computer users use MS products because of standards set by their company (not by personal choice) or in the case of home users, options available to them

2) Keeping servers, clients, and software protected, and educating users, keeps most companies up & running (the company I've been with for the past 2.5 years has had less than a day of downtime becuase of our diligence)

3) Basic precautions will protect even the most daft home users. I put extremely little effort in protecting my home machine and have NEVER been hit in over 10 years of being connected to the 'Net because I run a software firewall (free), don't click everything in sight, don't believe everything I read in e-mail, etc.

I'm not saying MS doesn't have security issues; however, a little precaution and common sense go a long way and I (and apparently a lot of others in the computing world) are willing to jump through hoops to secure systems to take advantage of the products MS offers. It can be a crapshoot but if one and one's systems are prepared, the risk is mitigated.
Reply to this comment View reply
Your suggestion is wrong
by orphu August 19, 2005 6:19 AM PDT
The suggestion not to use MS products is wrong.

1) First of all, most computer users use MS products because of standards set by their company (not by personal choice) or in the case of home users, options available to them

2) Keeping servers, clients, and software protected, and educating users, keeps most companies up & running (the company I've been with for the past 2.5 years has had less than a day of downtime becuase of our diligence)

3) Basic precautions will protect even the most daft home users. I put extremely little effort in protecting my home machine and have NEVER been hit in over 10 years of being connected to the 'Net because I run a software firewall (free), don't click everything in sight, don't believe everything I read in e-mail, etc.

I'm not saying MS doesn't have security issues; however, a little precaution and common sense go a long way and I (and apparently a lot of others in the computing world) are willing to jump through hoops to secure systems to take advantage of the products MS offers. It can be a crapshoot but if one and one's systems are prepared, the risk is mitigated.
Reply to this comment View reply
Posted to wrong thread
by orphu August 19, 2005 6:21 AM PDT
This should have been posted in response to:

'P.S. Carl Johnson'
Reply to this comment
Posted to wrong thread
by orphu August 19, 2005 6:21 AM PDT
This should have been posted in response to:

'P.S. Carl Johnson'
Reply to this comment
Only 1/3 !!!
by August 19, 2005 6:35 AM PDT
Shows how ignorant the average user is. If only they knew that its lack of proper architecture and planning that provides all the holes in the OS.

I've been waiting a long time for a news article that talks about the real issue, the fault in the product, but every time it's always the same old story: just focus on the "hackers" and "virus" - probably a lot more attractive for the ignorant.

So comes down to marketing: Until everyone points the finger at Microsoft for the holes they leave wide open, they are only getting complaints from 1/3 of the more informed users... no incentive for them is it now?
Reply to this comment View reply
Only 1/3 !!!
by August 19, 2005 6:35 AM PDT
Shows how ignorant the average user is. If only they knew that its lack of proper architecture and planning that provides all the holes in the OS.

I've been waiting a long time for a news article that talks about the real issue, the fault in the product, but every time it's always the same old story: just focus on the "hackers" and "virus" - probably a lot more attractive for the ignorant.

So comes down to marketing: Until everyone points the finger at Microsoft for the holes they leave wide open, they are only getting complaints from 1/3 of the more informed users... no incentive for them is it now?
Reply to this comment View reply
Give me a break!
by QuietStormX August 19, 2005 7:06 AM PDT
It's just laziness. Just update your OS software! Those people want someone to hold their hand and do the work for them. It's just like when lazy Americans who don't read the owners manual or can't program a VCR... Microsoft has automatic updates, use it and shut up please..... Update your firewall and virus software.

People got burned because of their own fault!

Thats all I have to SAY!
Reply to this comment
Give me a break!
by QuietStormX August 19, 2005 7:06 AM PDT
It's just laziness. Just update your OS software! Those people want someone to hold their hand and do the work for them. It's just like when lazy Americans who don't read the owners manual or can't program a VCR... Microsoft has automatic updates, use it and shut up please..... Update your firewall and virus software.

People got burned because of their own fault!

Thats all I have to SAY!
Reply to this comment
 See all 82 Comments >>
Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from News.com sponsors
You Need The Speed of Norton 2009
Introducing Norton Internet Security™2009

Click Here!
With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

Click Here!
The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Best hybrid cars
Cell phones
Dell
GPS
CNET sites
CNET TV
Downloads
News
Reviews
Shopper.com
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET