Re:Viewing 2001: Security can no longer be ignored

"As you can imagine, umbrage was taken, and Microsoft took another battering."
Written by Joey Gardiner, Contributor

"As you can imagine, umbrage was taken, and Microsoft took another battering."

2001 will go down as a time during which security came to the fore on a number of fronts. Rightly so, argues Joey Gardiner... 2001 will go down as the year in which IT security started to be taken seriously by everyone - by vendors, users and even the rest of us out here. Somewhere amidst the overwhelming influx of new and dangerous viruses, the terrorist attacks, the worsening state of the economy and the growing corporate losses to cybercrime, came a new realisation that this is a subject worth paying attention to. And pretty much wherever you looked, right in the middle of the controversy and the backbiting was one company - Microsoft. But more of that slightly later. The year started much as it has ended, with virus fears paramount. However, what was different about the Ramen worm was that it ran on the Linux operating system, not a Microsoft platform. The first ever Linux virus to be found in the wild, it reared its ugly head in January (http://www.silicon.com/a42151 ). However, for the most part, Linux users still felt themselves immune to the virus threats that plague the Microsoft Windows platform. Enough so that one open source entrepreneur was prepared to offer £10,000 to anyone who could infect his Linux box (http://www.silicon.com/a48211 ). A brave man indeed. But as far as we know, despite the boast, the gentleman in question is yet to set up a computer to be infected or provide potential contestants with so much as an email address. And it was the proliferation of viruses, more than anything, which led to security being the issue of 2001. Just reeling off the names is enough to send shivers down system admins' over-worked spines: Code Red, Magistr, SirCam, Nimda, BadTrans and, most recently, Goner. All serious attacks, and, unlike the Ramen worm, all targeting Microsoft software. A variety of insecurities - many of them long known about, and often long patched - contributed to the glut of security scares. In particular the buffer overflow vulnerability in Microsoft Internet Information Server (IIS) software - exploited by both Nimda and Code Red - became infamous, from the server room right up to the boardroom. Code Red in particular ratcheted up the virus hype to previously unknown levels, with publicity-seeking pundits happy to predict the end of the internet (http://www.silicon.com/a46172 ). While the web somehow managed to survive (phew!), it didn't do much for IIS's reputation. In the end, Gartner Group caused the biggest storm of the year by recommending firms boycott Microsoft's troubled IIS web server software (http://www.silicon.com/a47704 ). Microsoft hit back, blaming the sys admins for sloppy practices (http://www.silicon.com/a48169 ), while seemingly ignoring the fact its own staff had been guilty of not patching some of its own web servers (http://www.silicon.com/a45943 ). Good PR it was not, and finally Microsoft was forced into revamping its security policies, in a somewhat desperate bid to reassure people it knows what it is doing (http://www.silicon.com/a48004 ). Yet for all the various individual and technical instances which raised the profile of IT security, the biggest awareness-raising catalyst was not IT related. The horrific terrorist attacks in the US contributed to a more serious mood about security and prompted debate about the use of strong encryption and citizen databases, to name but two issues (http://www.silicon.com/a47764 ). And for all the shameless sales pitches on the back of the 11 September tragedies let us also not forget those - the big and small, the tech firms, the users, others - who assisted with funds and expertise at the drop of a hat, no questions asked (http://www.silicon.com/a47302 ). Cybercrime, while not a comparable life and death threat, also had an increasing impact this year. silicon.com's Fighting Fraud campaign, which kicked off in April, highlighted the need for greater corporate awareness of the problem and new ways to tackle it. The campaign hit a raw nerve, garnering an unprecedented level of support. We even managed to get industry talking to the police (http://www.silicon.com/a49548 ), with the police showing every sign of listening - a previously unheard of phenomenon. For part two of this review, please click here: http://www.silicon.com/a50078
Editorial standards