2005-08-19

Zotob and why the victims deserved it

I didn't know anything about Zotobuntil days after it had been out. Well, two days after it came out. Or maybe three.

I have the same reaction as every other time something hits the Microsoft side of the world. Everyone who was cracked deserved it. If anyone was injured because a Microsoft controlled warship misbehaved, or maybe some sort of system in space stations, orbiters, space shuttles or hospitals injured or killed someone, well, the people injured weren't to blame. However, the armed forces, space or hospital agencies (and all those financial and banking agencies and power generating and distribution agencies) that chose to deploy and continue to use Microsoft software for anything mission critical are certainly to blame.

They should have patched.

They should have bit the bullet and spent the millions necessary to upgrade to the most current version (XP), and then they should have patched, once, twice, and three times. There would still be holes in there, but they'd not have fallen to Zotob (if they were still at W2K) or any of the various XP remote root attacks.

They could also have switched to Linux. I think that there's a lot of value in Linux for common office workers. They won't get windows viruses, they probably won't get any Linux remote compromises (since they're desktop users and most remote compromises are to commonly run daemons or to web based applications, which regular desktop users just don't run, and even if they got compromised, most compromises on web programs can't promote themselves to root, so they're limited to web page defacements which are embarrassing [to professional linux administrators] but probably unnoticed among regular users, if they even run web servers]).

There's a lot of value in Linux for server applications too, but those need to be locked down more seriously than do desktop systems. Although, generally, they're far less insecure than comparable windows systems. But this isn't an anti-windows rant. It's more a rant against unthinking windows administrators who aren't paranoid about their systems. Any administrator should always be paranoid. But windows administrators should be certified insanely paranoid. They'll get cracked anyway, but at least they'll do their best. And they'll get cracked less often. The amateurs who let Zotob into their systems should be fired and then shot as a favor to the gene pool.

No comments: