Rupert Goodwins' Diary

Wednesday 17/8/2005Zotob? Doesn't that cure herpes simplex?

Wednesday 17/8/2005

Zotob? Doesn't that cure herpes simplex? No, it's a good old fashioned worm, flashing across the Internet through port 445 and burrowing through a vulnerability in Windows 2000. Yes, Windows 2000 - the operating system that Microsoft has stopped issuing anything other than critical software patches for, and the OS that around half of all businesses are still using.

It's been a while since a worm did as much high-profile damage as Zotob has, although once again it hasn't lived up to the hype. So, who's to blame? Microsoft, in a passive attempt to boost people switching over to XP or the Mythical Vista? Hardly: the company had previously issued a patch for the Zotob vulnerability and warned people about it. Lazy sysadmins who hadn't bothered to install the patches? Hardly: MS patches have a history of causing problems for previously well-behaved systems, so it's hardly responsible to just slap them in.

With the Zotob patch coming out just over a week ago, anybody with other things on their plate -- like running a big installation -- might be excused for not having given the patches a proper testing yet. A combination of factors means that there's no one easy fix, no real change in behaviour that can reasonably be expected to solve the problem.

So how can you stop it happening again? Well, assuming that you're running Windows 2000 on your systems because those systems are a bit long in the tooth, then your choices are limited. You can buy brand-new hardware and Windows XP, and carry on playing Patch Or Perish. You can wait with bated breath for the Mythical Vista. Or you could go over to the dark side and install Linux. It's not without its problems, but offhand I can only think of four actual worms (Ramen, Slapper, Mighty and Scalper) that have caused any problems in the past five years.

That's a lot more slack for testing patches, checking your system for ports that shouldn't be open, deleting old accounts, closing down services that nobody's using and all that other good stuff. You remember: what sysadmins used to do before they became firefighters without the cool uniforms and big hoses.