The MS-SQL worm has run its course and been cleared off the net. It is
also, of course, another example of a proprietary software failure that did
not affect Linux users except in indirect ways. Still, the worm is
interesting to look at in a number of ways, and it should give free
software users and developers a few things to think about.
Much has been written about how quickly the worm spread across the net.
Most of the vulnerable systems had been infected within about ten minutes.
With that sort of propagation speed, there really is very little that
system and network administrators can do; by the time they know that there
is a problem, they have already been infected. There is no time to
scramble for patches, or even to pull the plug. Someday networks will have
to be able to react automatically to this sort of attack; automated
response systems, however, are likely to be a source of outages
The worm infected something on the order of 100,000 hosts. Given the size
of the Internet, that is a relatively small number; there just weren't that
many vulnerable systems which were directly reachable on the net. Even
with such a small proportion of vulnerable systems, however, the worm was
able to create a great deal of disruption. It is not necessary to infect
much of the net to create trouble for everybody.
This suggests that the talk of software monocultures that one often
encounters (including on this site) may be a bit misguided. The net,
certainly, is not a monoculture of vulnerable SQL Server systems.
Monocultures still increase the risk of truly devastating, global attacks,
but their elimination will not necessarily make the net a whole lot safer.
There are plenty of free programs which run at least 100,000
network-exposed systems. A widespread vulnerability in any of these
programs could, conceivably, be used to similar effect by a future
attacker. There is a good chance, perhaps almost a certainty, that a
vulnerability in free software will be used someday to trash the
net. It is not an occasion to look forward too.
Still, there are aspects of the free software way of doing things that help
to make this kind of event less likely. They include:
All of the above points, hopefully, indicate that free software offers some
relative security advantages, especially with regard to widespread
infections. We have a long way to go, however, before we can even begin to
think that we are safe. Smugness is the wrong response to this episode;
instead, we need to learn from it and redouble our efforts to keep it from
happening to us.
to post comments)