How we could have prevented an Apache worm (ZDNet) [LWN.net]

ZDNet gives a good history of the Apache worm. "On the one hand, ISS jumped the gun. It should have notified only Apache, then waited for its response before going public. But, on the other hand, ISS did a service by exposing a zero-day exploit--those that take advantage of vulnerabilities known only to malicious users, not the general public--and preventing a sneak attack."

to post comments

How we could have prevented an Apache worm (ZDNet)

Posted Jul 4, 2002 9:42 UTC (Thu) by DeletedUser1835 ((unknown), #1835) [Link] (1 responses)

The fact that ISS blurted out the warning 'too quickly' just reflects that Apache is more important on the web and perhaps also the fact that the open source community are much more keen on fixing any problems than certain other players in the market.

Personally I think they should do this every time and for everybody - it is much better that way.

Ensuring a rapid response

Posted Jul 8, 2002 4:57 UTC (Mon) by BobRobertson (guest, #2048) [Link]

I also believe that a rapid response is better, and modular software like
Apache is quickly fixed once a fault is known.

I prefer to know a vulnerablity once it is discovered than to not know. So
combining these two I think it is just a matter of personal feeling one way
or another.

I'm no hacker, so I won't ever find an exploit and have to make this decision,
nor will I ever have to program a fix. The most I will ever have to do is
react to a warning, and decide to take my server down or not until a fix
is created. I *like* having that choice, I like knowing there is a
vulnerability whether there is a fix available or not. I can take steps to
protect my site, but not if I don't know an exploit exists.

Etc etc etc.

Bob-