News

Code Red: Blessing in Disguise?

The Code Red virus, which did a Tony Soprano on Microsoft Internet Server boxes around the world, may actually end up doing more good than harm.

The Web site Netcraft (www.netcraft.com), which surveys Web servers across the Internet monthly, shows that whereas 34 percent of IIS servers were vulnerable to Code Red in July, only 2 percent of those same servers were vulnerable in August.

Netcraft concludes, “The combination of the Code Red worm and the first cumulative patch for Microsoft-IIS has significantly improved the security of Microsoft-IIS systems on the Internet.”

The figures, Netcraft said, “demonstrates, in part, the deep-set complacency regarding security amongst e-commerce sites and, in part, the difficulties in maintaining a reasonable level of security without the benefit of regular external testing. The high visibility of Code Red induced many e-commerce sites running Microsoft-IIS to patch their systems for the first time.”

That’s partially Netcraft spin, as the company does external testing of Web sites, but it also points out a problem other organizations have said exists: Some MCSEs don’t have the necessary training on how to properly patch and reconfigure servers.

The patches may also have reduced the potential damage from a number of other IIS-related vulnerabilities. According to the survey, the number of servers with administration pages accessible by Internet users dropped from 35 percent in June to 10 percent in August; server paths revealed (which could give a hacker valuable information on how to find servers) dropped from 50 percent of servers in June, to 23 percent in July, to 6 percent in August. The percentage of servers with viewable script source code spiraled down from 21 percent to 11 percent to less than 4 percent over the same three-month period.

Netcraft also promises to reveal, at a later date, whether IIS servers are becoming less frequently used due to concerns about the security holes.

Even with just 2 percent of servers vulnerable, Code Red is still doing its best to propagate. One certified professional with an IIS server on the Internet said his machine still gets attacked 20 to 50 times per day.

About the Author

Keith Ward is the editor in chief of Visual Studio Magazine.

comments powered by Disqus

Reader Comments:

Wed, Oct 9, 2002 Anonymous Anonymous

Looks like someone's trying to hide the real facts really bad: "Looks like some MCSE's don't possess the required knowledge necessary to correctly patch systems...". How about just going ahead and admitting that Windows is a low-quality alpha-state platform not at all ready for desktop use, and much less reliable when used as a server? Windows is a problem instead of a solution - that's why it's so vulnerable. Anyone who wants a good server should courageously obtain a real OS like Unix or a flavor.

Wed, May 22, 2002 Anonymous Anonymous

Ilove You

Sat, Nov 17, 2001 Alistair Young England

I don't think it's laziness, so much as that there are a large number of IIS servers that aren't being run by MCSEs at all, or indeed by *anyone* who knows what they're doing. Admittedly, this happens with all platforms, but as Windows is particularly portrayed as "easy to administer" it gets more than its fair share of idiots in charge.
- Alistair, only *slightly* embittered systems admin

Fri, Nov 16, 2001 John Michigan

"That’s partially Netcraft spin, as the company does external testing of Web sites, but it also points out a problem other organizations have said exists: Some MCSEs don’t have the necessary training on how to properly patch and reconfigure servers."

ahhh... all it takes is reading and double clicking! It would have been better to say some MCSEs that were in charge of these sites running IIS were to lazy to actually do their work.

-John

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.