'we should all be uncomfortable with the extent to which luck..'

Wayne E. Bouchard web at typo.org
Wed Jul 25 06:15:56 UTC 2001

On Tue, Jul 24, 2001 at 10:35:37PM -0700, k claffy wrote:
> 	This assault also demonstrates that machines operated by home
> 	users or small businesses (hosts less likely to be maintained
> 	by a professional sysadmin) are integral to the robustness of
>         the global Internet. As is the case with biologically active
>         pathogens, vulnerable hosts can and do put everyone at risk,
>         regardless of the significance of their role in the population.
> fwiw, caida trying to do gentle survey of patching speed,
> see http://worm-security-survey.caida.org/
> k
> ps:  john maddog hall (linux int'l) had a great slide a
>      few months ago at UCSD talk; upshot something like
>      	+ 20 million linux systems
>      	+ 450 million gates licenses
>         ==>  4.4 - 6.6 % of the population total
>      ... world population: ~6B
>      ==>  5.4 billion people haven't selected an OS yet
> [k: maybe we can get them on OS-antioxidants
> before it's too late]

At the very least, this demonstrates that those who produce and
maintain operating system software and software in general (and in
particular, bundled software such as MS office or, in this case, IIS)
need to provide more centralized methods of updating those
packages. (ie, all-in-one type updates that can be more readily
automated) Efforts also need to be made to educate the public that
they need to check for software updates from time to time.

Doing this, right now, can be difficult for many users to grasp (lets
face it, some software doesn't update well, if at all) and may require
more effort than even reputable administrators are willing to extend.

How to go about making the public more secure, of course, is an
on-going debate and perhaps even a losing battle but still worth the

Wayne Bouchard
web at typo.org
Network Engineer

More information about the NANOG mailing list