It's too easy

  Jan 26, 2003

A worm, dubbed "SQL Slammer", is raving all over the Internet, infecting tens of thousands of systems using a known bug in Microsoft SQL Server.

The attack used a buffer overflow to execute code on a vulnerable SQL Server, causing that system to randomly seek out other computers to infect and in the process consume massive amounts of bandwidth. BetaNews

The bug has been known, and a fix has been available, since July 2002. The worm also requires free access to port 1433 and 1434 on the SQL Server in question, which points out a bleedingly obvious fact:

Windows administrators, more often than Linux/Unix administrators, are knumbsculls. Even if this were instead a bug in, for instance, MySQL, it would not have caused all this commotion.
Linux/Unix administrators know better than to not update their software with fixes against known vulnerabilities. They also know better than to expose the SQL server to direct Internet access.
Even if direct access to it is needed from the Internet, which is rare, administrators with half-a-brain regulates access to it so only specific servers may use it.

It's too easy to use MS SQL Server 2000. It's so easy to install it, use it and superficially administer it that people get the crazy idea that a knowledgeable systems administrator is unnecessary.
I have no idea how, but Microsoft needs to make sure users understand that, even though they know how to install and use Microsoft Windows Server software, an informed and active systems administrator is still necessary, even for Windows Servers.

Permanent link

Previous   Next >

Comments

  1. According to this notice and this notice, there's a serious MS SQL Worm doing damage this morning. I've got

    Trackback from I Can't Focus at 02:13, 26 Jan, 2003 #

  2. Lol, bloody windows users eh.....

    All we need is for some major programs to come to linux and it'll be set as a desktop. For now it'll just have to stick to serving stuff.

    Comment by cyberhill at 08:54, 27 Jan, 2003 #

  3. Eh, heh, yeah, right.. Other than that, Linux needs some major usability attention. My mom couldn't figure out Linux in its current state if her life depended on it.

    This is a pretty nice read, a Gnome usability report. Grade: F

    Comment by Tomas at 09:09, 27 Jan, 2003 #

  4. Once our ISP totally crasched their MS SQL Server. Our sites were down for over 24 hours. They even got a expensive SQL consultant there, without success.

    At the end of the day I got so pissed off that I drove to thier office and asked them what the fuck they were doing. I looked at the Server admin software - which I've never seen before - and three minutes later the sites were up and running again. I even got time over to make the SQL consultant look like a bigger idiot then he was in first place.

    Yes, the MS SQL is really simple to use. And, yes, I'm still pissed off at that God damn shit-for-brains moron consultant... I bet he got his job by shoving off a MS cert... Fucking idiot.

    Just a little story I remembered when you named MS SQL... :-)

    Comment by Tommy at 14:24, 27 Jan, 2003 #

  5. lol, yes there are some really stupid people in this world. I do not regularly use linux now because I don't have a spare computer that i can keep it installed on, but when I did have a play a few weeks ago i found it really easy to use for basic things.

    It only got a bit confusing when it came to installing programs, but thats understandable since i haven't been brought up with it all through school as I have with windows.

    Nice story Tommy, it would be good if at least the consultants could get it right. The look on the guys faces would have been priceless.

    Comment by cyberhill at 02:23, 28 Jan, 2003 #

  6. It is not always end user/administrator fault. Microsoft should revise the way it delivers patches/upgrades.

    Comment by David Collantes at 04:50, 28 Jan, 2003 #

  7. cyberhill: More than stupidity, I think laziness is the problem here, or ignorance. I think a lot of the time a project leader or webdeveloper (whoever spent most time with the server) gets the extended responsibility of "looking after" the SQL Server. He or she can obviously install it and use it, they don't need a knowledgeable systems administrator, they think.

    david: unless i'm mistaking, the fix for this problem was available in three different updates, Service Pack 3 being one. Hotfixes I understand, but is it too much to ask of a systems administrator to install Service Packs?
    I don't think Microsoft is any worse than their competitors in this respect, or are hotfixes and service packs easier to install on oracle, mysql, whatever?

    Comment by Tomas at 08:21, 28 Jan, 2003 #

  8. Tomas, as a matter or fact, yes, they are. I have dealt with Oracle, RDBMS, MySQL and PostgressSQL and their updates are very reliable and trouble free.

    Service Pack 3 was released on January 17th, I got slammed on Saturday, with the rest of unlucky one’s. Having another 22 servers to take of, I was going to get to that SP quite soon, just did not have a chance to before I got hit. If that SP were on Windows Update, that would not had happened.

    Once again, still I had no excuse, I was just slow. But MS should revise the way SP and hotfixes are delivered. After all, I do not only administer Windows boxes. I want to think I have a life outside MS world. =]

    Comment by David Collantes at 12:30, 28 Jan, 2003 #

  9. David: I agree about the hotfixes, but how, exactly, could it get easier than double-clicking the SP3 installer?

    As far as I know, some updates to MySql requires a re-compile. I could be wrong though.

    Comment by Tomas at 12:44, 28 Jan, 2003 #

  10. Hey, looks like Microsoft also paid a price:

    MSNBC News

    Enjoy! =]

    Comment by David Collantes at 22:59, 28 Jan, 2003 #

  11. but is it too much to ask of a systems administrator to install Service Packs?

    Yes, sometimes. I'll will admit it. I run an unpatched SQL server. No, it doesn't run the Multi-Protocol auth (1434 I believe), it does not run on the default TCP port (1433), and it's behind 2 firewalls.

    Am I lazy or stupid sysadmin for running an unpatched server? I don't think so. If we were talking about an IIS server, running unpatched would be bad. But it's easier to update that machine. If the patches fubar the system, I've got plenty more in the server pool to keep running while I fix the broken one.

    If a patch fubars my SQL server, I can't afford to be down. Patches for things like biz critical systems (the database) need to be studied, and tested, not just applied the week they come out of the chute from M$.

    Comment by Chris at 22:31, 29 Jan, 2003 #

  12. Chris: If you don't take care of the server, don't even bother to install Service Packs, then you are, like probably 99% of those affected by SQL Slammer, not really a good administrator. Unless, of course, you can guarantee its security by other means, in which case there is no problem.
    If not, maybe windows server administrators are way way worse than I thought..

    Comment by Tomas at 09:30, 30 Jan, 2003 #

  13. Tomas, I don't get your point (it's too early this morning). Does that mean you agree or disagree with my statement?

    Not installing ANY service packs or patches is bad of course. But not installing the latest one should not get you burned at the stake for things like database/app servers, especially in M$ clusters.

    Comment by Chris at 13:09, 30 Jan, 2003 #

  14. And don't get me wrong, I'm not necessarily defending everyone with an unpatched server, but the fact that they are directly connected to the internet for no reason is the real problem, not the lack of installing SP3 IMHO.

    Comment by Chris at 13:11, 30 Jan, 2003 #

  15. Chris: I'm saying that if an MS SQL server which you are responsible for gets affected by the "SQL Slammer", which is very easy to avoid, then you're a lousy administrator.

    Comment by Tomas at 13:45, 30 Jan, 2003 #

  16. Ah, gotya. Way too early in the morning here for thinking. :-)

    Comment by Chris at 14:13, 30 Jan, 2003 #

  17. Nice article at ZDNet UK. It covers a lot of ground in a small space: Microsoft's secure computing initiative has failed; experts might switch to Mac OS; the philosophy of patching is fundamentally flawed; and that Microsoft itself was hit by the Slammer.

    Comment by Tom at 21:04, 02 Feb, 2003 #

The discussion has been closed on this entry. Thanks to everybody who participated.

Jogin.com

Devil's Advocate Extraordinaire

Ads

Recent Entries

  1. Later
  2. Penis tax
  3. Traffic
  4. Free Willy
  5. Boooring