[unisog] zotob and returning students, what are you going to do?

STeve Andre' andres at msu.edu
Fri Aug 19 02:55:39 GMT 2005


On Thursday 18 August 2005 17:33, Dave Dittrich wrote:
> > I suspect that there are a lot of corporate sites that did the following:
> >
> > 1) Stayed on W2K rather than move to XP (I seem to recall a survey that
> > said that close to half of corporate nets were still on W2K because the
> > IT management didn't see any must-have features in XP worth the cost of
> > upgrading multiple 10K's of users).
> >
> > 2) Are now suffering in silence unless the worm burpage is enough to
> > cause an externally visible issue (always a problem when gathering the
> > stats on hacks/etc).
> >
> > It's kind of like trying to get an accurate measurement of how many
> > adults in the US have herpes, and for many of the same reasons...
>
> Interesting.  So the conjecture is that a business decision was made
> to NOT upgrade before, to "save" costs.  Now a security problem has
> occured, which only affects the hosts that were not upgraded so as to
> "save" money.  Those businesses now incur a cost for cleanup of each
> host, PLUS they will likely now do the upgrade they avoided before,
> incurring the upgrade cost ANYWAY (and at an inflation adjusted rate
> that is higher then before)!
>
> My gut says that decision to save X dollars in the past has now
> resulted in a real cost of (X*Y)+Z dollars (where Y is 1 + the
> inflation rate, and Z equals the cost of mitigation and damages
> from downtime, which could well be larger than X to begin with,
> more than doubling the cost of just upgrading before.)
>
> --
> Dave Dittrich                           Information Assurance Researcher,
> dittrich at u.washington.edu               The iSchool
> http://staff.washington.edu/dittrich    University of Washington

This current horror seems to be Win2k specific, but I don't see this as
a reason in and of itself to "upgrade" to XP.  Looking at the last 15 or
so security updates, they mostly applied to win2k and xp.  I know
that MS is working on xp (rumor has it that they took ideas from the
W^X code in OpenBSD), but I'm not yet convinced that xp is any
better, and I'm certainly seeing as much weird flakyness on xp as
I ever did with win2k.

--STeve Andre'
MSU Dept. of Political Science
andres at msu.edu


More information about the unisog mailing list