Year in review: Insecure about security
Worms and viruses delivered a wake-up call last year that corporate America couldn't ignore.






Security:
Numerous attacks, few solutions
Worms and viruses delivered a wake-up call in 2003 that corporate America couldn't ignore.
Slammer, the first "flash worm"--a self-spreading program that blitzes the Internet--infected more than 200,000 computers, when it took advantage of a flaw in Microsoft's SQL program. The worm, which spread to most of the Internet in minutes, downed automated teller machines; interfered with airlines' computer systems, delaying flights; and disrupted telecommunications networks, leading to outages. Eight months later, another widespread vulnerability in Microsoft's Windows operating system also prompted a worm. The MSBlast program spread to as many as a million PCs and servers and hit railways, airlines and universities hard.
Nearly 20 years after a researcher coined the term "virus," the infectious programs began taking a criminal role. Several variants of a virus known as Sobig apparently compromised computers to allow them to be used by spammers to send anonymous e-mail. Other viruses, such as Mimail, targeted antispam activists.
The second year of Microsoft's Trustworthy Computing Initiative was fraught with problems. CEO Steve Ballmer blamed some of them on "thieves (and) con artists" who wanted to attack Microsoft, and by the end of the year, the software giant had posted a $250,000 award for information leading to the prosecution of the person or groups responsible for releasing the MSBlast worm and the Sobig virus. The company also revamped its release schedule for security patches and kicked off a new initiative to help companies better "secure their perimeters." To combat the threat of viruses and worms, the company plans to integrate some level of antivirus functionality into Windows. It laid the foundation for that effort by purchasing a Romanian antivirus company.
The highlight on security, along with regulations, pushed more companies to adopt security technologies. Laws such as the California Security Breach Information Act and the Health Insurance Portability and Accountability Act convinced companies that better security is a must. Identity management systems--which enable companies to easily set up, administer and regulate user information and access rights--have become more popular. And easy-to-use virtual private network technology, based on browser encryption, also caught on.
The United States' handling of cybersecurity as a national security issue also came under scrutiny. In February, the Bush administration released its National Strategy to Secure Cyberspace. The plan was much criticized, but the tech industry strove to live up to the two central themes of the plan the technology sector had supported: Everyone should secure their own area of cyberspace; and private industry--which owns 85 percent of the infrastructure--should work with government to self-regulate security.
In the latter half of the year, several Internet attacks targeted Linux and open-source projects. The
--Rob Lemos

One year on, is Microsoft 'trustworthy'?
Last January, Bill Gates sent a companywide memo demanding that Microsoft make its products more secure. Has the software giant measured up to the task?Jan. 16, 2003
Worm exposes apathy, Microsoft flaws
The Sapphire worm that hit servers running Microsoft SQL Server is a wake-up call for anyone who thought increased attention by corporate and government leaders made the Net safer.Jan. 26, 2003
Damage control
Forget ironclad shields against Slammer-style attacks. Companies need to focus on limiting their pain.Feb. 6, 2003
Bush unveils final cybersecurity plan
The White House releases the final version of the National Strategy to Secure Cyberspace, which asks private industry to take a major role in defending information systems.Feb. 14, 2003
Spam may sprout viruses in home PCs
An e-mail security company says that junk e-mailers are making use of viruses to turn home computers into spam generators.June 26, 2003
Law aims to reduce identity theft
A new California law requires companies to notify consumers of security breaches that may have compromised personal information. E-commerce sites are worried but security companies are thrilled.June 30, 2003
MSBlast echoes across the Net
The spread of the worm--which exploits perhaps the most widespread Windows flaw ever--continues even as individuals and businesses clean up their computers.Aug. 15, 2003
Report: Microsoft dominance poses security risk
A paper sponsored by an organization critical of Microsoft argues that the giant's dominance in key software technologies threatens the national infrastructure.Sept. 24, 2003
Microsoft moves beyond patches
Conceding that its strategy of patching Windows holes as they emerge has not worked, the software giant plans a new security effort focused on "securing the perimeter."Oct. 1, 2003
A key to security
ID management is the latest security technology to gain popularity in the corporate world. The technology allows workers to be set up with network resources in minutes, not days.Oct. 28, 2003
SSL networking heats up
The market is heating up for products that allow secure access to corporate networks based on a widely used browser security technology known as secure sockets layer encryption.Nov. 10, 2003
A 20-year plague
Two decades and counting, the technology industry has yet to find a blanket solution to the ever-growing list of viruses and worms that constitute the greatest risk to computers on the Internet.Nov. 25, 2003















Security:
Numerous attacks, few solutions
Worms and viruses delivered a wake-up call in 2003 that corporate America couldn't ignore.
Slammer, the first "flash worm"--a self-spreading program that blitzes the Internet--infected more than 200,000 computers, when it took advantage of a flaw in Microsoft's SQL program. The worm, which spread to most of the Internet in minutes, downed automated teller machines; interfered with airlines' computer systems, delaying flights; and disrupted telecommunications networks, leading to outages. Eight months later, another widespread vulnerability in Microsoft's Windows operating system also prompted a worm. The MSBlast program spread to as many as a million PCs and servers and hit railways, airlines and universities hard.
Nearly 20 years after a researcher coined the term "virus," the infectious programs began taking a criminal role. Several variants of a virus known as Sobig apparently compromised computers to allow them to be used by spammers to send anonymous e-mail. Other viruses, such as Mimail, targeted antispam activists.
The second year of Microsoft's Trustworthy Computing Initiative was fraught with problems. CEO Steve Ballmer blamed some of them on "thieves (and) con artists" who wanted to attack Microsoft, and by the end of the year, the software giant had posted a $250,000 award for information leading to the prosecution of the person or groups responsible for releasing the MSBlast worm and the Sobig virus. The company also revamped its release schedule for security patches and kicked off a new initiative to help companies better "secure their perimeters." To combat the threat of viruses and worms, the company plans to integrate some level of antivirus functionality into Windows. It laid the foundation for that effort by purchasing a Romanian antivirus company.
The highlight on security, along with regulations, pushed more companies to adopt security technologies. Laws such as the California Security Breach Information Act and the Health Insurance Portability and Accountability Act convinced companies that better security is a must. Identity management systems--which enable companies to easily set up, administer and regulate user information and access rights--have become more popular. And easy-to-use virtual private network technology, based on browser encryption, also caught on.
The United States' handling of cybersecurity as a national security issue also came under scrutiny. In February, the Bush administration released its National Strategy to Secure Cyberspace. The plan was much criticized, but the tech industry strove to live up to the two central themes of the plan the technology sector had supported: Everyone should secure their own area of cyberspace; and private industry--which owns 85 percent of the infrastructure--should work with government to self-regulate security.
In the latter half of the year, several Internet attacks targeted Linux and open-source projects. The
--Rob Lemos

One year on, is Microsoft 'trustworthy'?
Last January, Bill Gates sent a companywide memo demanding that Microsoft make its products more secure. Has the software giant measured up to the task?Jan. 16, 2003
Worm exposes apathy, Microsoft flaws
The Sapphire worm that hit servers running Microsoft SQL Server is a wake-up call for anyone who thought increased attention by corporate and government leaders made the Net safer.Jan. 26, 2003
Damage control
Forget ironclad shields against Slammer-style attacks. Companies need to focus on limiting their pain.Feb. 6, 2003
Bush unveils final cybersecurity plan
The White House releases the final version of the National Strategy to Secure Cyberspace, which asks private industry to take a major role in defending information systems.Feb. 14, 2003
Spam may sprout viruses in home PCs
An e-mail security company says that junk e-mailers are making use of viruses to turn home computers into spam generators.June 26, 2003
Law aims to reduce identity theft
A new California law requires companies to notify consumers of security breaches that may have compromised personal information. E-commerce sites are worried but security companies are thrilled.June 30, 2003
MSBlast echoes across the Net
The spread of the worm--which exploits perhaps the most widespread Windows flaw ever--continues even as individuals and businesses clean up their computers.Aug. 15, 2003
Report: Microsoft dominance poses security risk
A paper sponsored by an organization critical of Microsoft argues that the giant's dominance in key software technologies threatens the national infrastructure.Sept. 24, 2003
Microsoft moves beyond patches
Conceding that its strategy of patching Windows holes as they emerge has not worked, the software giant plans a new security effort focused on "securing the perimeter."Oct. 1, 2003
A key to security
ID management is the latest security technology to gain popularity in the corporate world. The technology allows workers to be set up with network resources in minutes, not days.Oct. 28, 2003
SSL networking heats up
The market is heating up for products that allow secure access to corporate networks based on a widely used browser security technology known as secure sockets layer encryption.Nov. 10, 2003
A 20-year plague
Two decades and counting, the technology industry has yet to find a blanket solution to the ever-growing list of viruses and worms that constitute the greatest risk to computers on the Internet.Nov. 25, 2003








