Not so fast
Posted Jan 30, 2003 0:56 UTC (Thu) by ncm
Parent article: A look at the MS-SQL worm
... infected hosts were on the order of 1% of all
potential hosts ... Microsoft users were attaining a 99%
patch and/or secure rate ...
Sorry, this is a fundamentally misleading number. It's
distinctly abnormal for an SQL port to be open to the
outside world; it's a back-office function. Therefore,
that 1% figure identifies a level of gross incompetence
beyond all analysis. The 99% were not patched or secured,
they were just out of the line of fire.
It would be hard to imagine somebody competent enough to
apply the patch, but still leave the port exposed, so that
1% figure must represent substantially all of the
exposed hosts, unpatched. In other words, we can't conclude
anything about the number that were patched because those
were also the ones behind firewalls.
It would be hard to justify not firing someone who was
responsible for any of the hosts involved.
to post comments)