Netional Security

The search is on for the authors of the now infamous ‘SQL Slammer;’ or Sapphire worm, one of the most devastating cyber attacks in recent history.

Almost 250,000 computers around the world were infected with the worm, which crashed servers, severed connections, and clogged the Internet with worm-related traffic over the Jan. 25 weekend.

On Feb. 7, ZDNet published a post-slammer assessment of the worm virus, and determined that it infected more than 90 per cent of vulnerable computers within 10 minutes, a new speed record for a cyber attack. At that rate they estimate that infected servers were making more than 55 million scans a second, searching for computers with Microsoft’s SQL database software, exploiting a vulnerability that was discovered last summer. Microsoft did have a patch for the software that would have prevented Slammer from spreading, but it seems that you have to do more these days than just make a patch available – you have to let IT departments know that a patch exists and why it’s in their best interest to download it immediately.

Even Microsoft was caught with its patches down. Although Microsoft claims that the worm did not cause any major problems in-house, the fact that they were infected at all suggests that a better system is needed to keep software security up to date.

Now for the really mind-blowing numbers: Experts are suggesting that the worm caused between $950 million and $1.2 billion in lost productivity. While computers and networks did not blow up and no information was lost, the fact that the Internet was down for almost a whole weekend caused significant lost productivity.

The Klez virus still takes the cake, causing $9 billion in lost productivity. Second is the LoveLetter virus, with a total of $8 billion.

What was so menacing about the Slammer worm is the fact that it spread so quickly – security experts classify it as a "Warhol" type worm, which means it could infect the entire Internet within 15 minutes. That’s twice as fast as the Code Red virus that infected 359,000 computers in 2001.

Another scary thing is that the authors of the worm didn’t leave any calling cards that might help the authorities locate them. Before Slammer, worm writers were often caught because they left clues behind in the coding of the worm program that enabled officials to track them down. With nothing in Slammer to give the author or authors away, IT administrators have to worry that another weakness will be found and exploited.

It may be a coincidence, but the attacks happened almost a year after Microsoft announced its Trusthworth Computing program, making security the software giant’s main concern.

As a result of the latest security breach, Microsoft has announced plans to change the way it builds and updates its software. That could take years, however, and most institutions with vulnerable systems are looking for an answer tomorrow.

Some experts say that Microsoft’s obsession with secrecy is the problem – most of the security flaws in Microsoft programs and operating systems are discovered by friendly hackers and security companies, who then share their discoveries with the security community. In fact, finding holes in Microsoft programs has turned into a kind of game for this community.

By sharing their code with other companies, a core aspect of various anti-trust lawsuits against the company, the experts argue that the final product will be safer because software companies using the code would be obligated to share any security concerns with Microsoft.

On Feb. 3, Microsoft announced that it would be providing its developers AppScan Developer Edition 1.6, a tool that allows software developers to run programs as they are being written.

Developed by the security firm Sanctum, AppScan Developer should help programmers to catch flaws early in the development process, before they become so entrenched in a program that they require patch repairs.

In addition, Microsoft has spent $200 million and two months to bring programmers up to speed in security in the last year. That doesn’t repair any existing security lapses in Microsoft programs, but it will have an impact on future software – but with a two-to-three year turnaround for the production of major software titles, including new version of the SQL database software and XP operating system, Microsoft’s Trustworthy Computing initiative is still a year away from accountability.

Meanwhile the Internet industry has to worry about the next worm, the next virus, and the next security hole to be discovered. To date the industry has been able to do little more than react to security problems – if a vulnerability is exposed, they patch it and hope for the best.

Furthermore, computer hackers and worm creators have managed to stay one step ahead of security companies and programmers in exploiting the technology. Even if programmers do everything within their power to avoid leaving security holes in their software, they have to be concerned that hackers will do what they’ve always done, and just find another way in. They are a persistent and competitive bunch who have proven in the past that nothing is unbreakable.

To read more about Microsoft’s Trustworthy Computing initiative, visit www.microsoft.com/presspass/exec/craig/10-02trustworthywp.asp