The Sky Is Falling?
Over the past few months I’ve been to a fair share of vendor seminars, breakfasts and even the odd lunch. All of these vendors(at an SP/enterprise level) are all selling their own products.
The ONE thing that ALL these different vendors have in common, is a SQL Slammer image, and associated pitch.
The pitch is always how their product can find the next Slammer/Nimda/Sasser/Code Red and easily track it/graph it/stop it etc. They say it’s an imminent threat and no business can afford to be without their tool to graph/seek/find/destroy. I DO understand the need for network visibility, but there is much better explanations then fleeting, outdated viruses.
Let me look at the DATES when these Viruses were released
W32.SQLExp.Worm (SQL Slammer Worm)
Discovered on: January 24, 2003W32.Nimda.A@mm
Discovered on: September 18, 2001W32.Sasser.Worm
Discovered on: April 30, 2004CodeRed Worm
Discovered on: July 16, 2001
Averaging out the release year of these 4 “super viruses”, we end up at a mid 2002.
In mid-2006 I would really hope that network/system admins have pulled up their socks, or at the very least learnt the lessons of the past 5 years, so such a virus would have a more limited impact. The fear of the unknown card the vendors keep playing, really bugs me.
Update What I would really like to see vendors doing is show how their technology is keep admin’s socks up with current, real world examples, not the hypotheticals based on the past……