Monday, January 19, 2009

Too hard

I’ve been reading the news about the latest worm that has now infected 8.9 million machines. Now if you believe the reports:

 

From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That's just amazing.” – CRN Australia

“It is the most serious large scale worm outbreak we have seen in recent years because of how widespread it is” - CNN

Now how can that be? IT companies spend so much of their time reinforcing to clients that they need to update their machines. Many have already put in place automated patching tools and still the number of infections rises faster than ever before. How can this be? The vulnerability was patched last October by Microsoft yet it goes to show how few systems out there are being patched regularly.

 

Many would point the finger at home users who rarely update their machines. I must say that I agree with that assessment because most of the students I ask in my IT courses never update their machines. This attitude makes us all vulnerable. Is it their fault for not patching or someone else’s for making it too hard?

 

Doesn’t it strike anyone else that things are not getting better they appear to be getting worse? For all the banging on IT people do about security each new worm outbreak happens faster every time. How can people have confidence in our connected world if so many machines can be compromised so quickly? Sure, maybe these report are over blown and maybe the infection does do that much ‘damage’  but don’t you get the feeling it is only a matter of time?

 

Clearly, keeping systems up to date is simply too hard for the vast majority of users. Clearly, the message about IT security is not getting through. Clearly, many people have no idea that their machines have been compromised. Clearly we need to do something. Clearly it seems, everything we have tried so far hasn’t worked! Any ideas?