Sign up for the Security newsletter

Code Red: Microsoft not helping the fight

Service pack policy hampering bug fix attempts...

By Chris Holbrook on 1 August 2001 15:59

NEWS Systems administrators are blaming Microsoft for hampering their efforts to tackle the Code Red worm - and their criticism isn't just about the software giant's perceived habit of releasing less-than bullet proof software. The nub of the matter is what's seen as the unnecessary and time-consuming process of downloading entire service packs when a simple patch would do the job. For example, early Windows NT systems still running Service Pack 2 cannot use the Code Red patch issued by Microsoft without first downloading the whole of the latest service pack, 6a.This takes time, and sys admins argue it may add other fixes they may not want. The other option is to call Microsoft to get the latest CD with the required patches - but given the rapid spread of bugs that isn't a viable option to any conscientious systems administrator. Richard Fieldhouse, MD of software and consultancy firm Fenestra, said he had to spend five hours downloading the latest service pack from Microsoft, an action he felt wasn't fully needed or warranted. He said: "If Microsoft really are serious about a security patch, it should work without us having to install a service pack." One systems administrator concurred that Microsoft is making things unnecessarily painful. He said: "A systems administrator may not want to patch a system that is functioning perfectly well. Installing bug fixers could in itself cause problems on a machine that was previously working fine." Mark Tenant, Windows 2000 product server manager for Microsoft, expressed sympathy for the unfortunate ones having to go through the whole process of the time-consuming downloads. Tenant said: "It's unfortunate, but we have to draw the line somewhere. We've not seen many customers using anything earlier than Service Pack 4. That's why we were using it as a starting point." Tenant added one way for users to protect against bugs affecting web servers in the future is by using the Windows 2000 IIS 5.0 Hotfix Checking tool (HFCheck), which makes sure Microsoft systems are up-to-date on all security patches. A spokeswoman for network monitoring firm Keynote confirmed today that the latest outbreak of the Code Red worm had not lead to the wide scale drop in performance of the internet as expected by some in the industry. For related news see:
Code Red: Microsoft and US government got it wrong
http://www.silicon.com/a46172
Does the internet have 24 hours to live?
www.silicon.com/a46134
SirCam turns the air blue as AV spat hots up
http://www.silicon.com/a46111

Post your comment

In order to post a comment you need to be registered and logged in.

You can also log in with Facebook. Log in or create your silicon.com account below

  • Login

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ

Get silicon.com's daily newsletter

  • Register on silicon.com

    Enter your email to register

Keep in touch with silicon.com

silicon.com newsletters