Does Code Red Point to Open Source?

press release

London, UK - 31st July 2001, 0300 GMT – The past 36 hours have seen a flurry of activity in response to the Code Red Worm that infected more than 350,000 online computers during the first few days of its peak appearance on 19th July, slowing the internet by 40%. The restart replication date for Code Red is midnight tonight (GMT), when it will send out probes to infect even more computers like a chain reaction beginning the first instant of 1st August. In some cases, the message “Hacked by Chinese!” will appear on machines set to US English.

Code Red infects Microsoft’s newer Windows and IIS products as well as crashing some Cisco routers and other equipment. Unlike viruses such as “Melissa” or “I Love You,” the worm does not delete or copy data but significantly degrades internet response time. Although both Microsoft and Cisco have posted patches on their web sites, large businesses are concerned about the regularity with which these vulnerabilities are being exposed and are investigating migration to Open Source solutions such as Linux and Apache, which are not targeted on the same scale.

“If we look at the enterprise web server market, 3 in 5 systems are running Open Source Apache on Linux and 1 in 5 is running the proprietary Microsoft IIS. However, two thirds of all web defacements are on Microsoft’s IIS. What does this tell us?” said DK Matai, Managing Director of mi2g. “Proprietary software is being targeted by attackers because it has an Achilles heel. The speed at which a fix can be developed by a manufacturer, posted on the web and implemented is considerably slower than the wider community of Open Source users. This gives the hacker a focus point.”

In contrast, Open Source software offers in-house flexibility – anyone and everyone can chop and change it in a way that simply cannot be done using Microsoft Windows and IIS. Linux and Apache are increasingly being used as alternatives. Benefits also include access to many tens of thousands of Open Source developers who are posting antidotes for vulnerabilities on the internet, just as they are found.

There is little doubt that the recent acceptance of Linux as a more secure system by the White House web site has given the Open Source movement another flag bearer. The future lies in software solutions that will be able to dynamically adapt to the rising threat in real time. Large businesses are aleady applying sufficient pressure on proprietary software manufacturers, like Microsoft, to open their source code ever since the vulnerabilities have become a cumulative and regular disruptive feature.


Editor's Notes:

About Open Source:

For further information on the Open Source Definition - www.opensource.org

About mi2g:

mi2g software works with financial services groups, both large and small, to change and eEnable their entire business. We automate our clients’ business in such a way that they and their customers can use the World Wide Web both to increase their business volume and reduce their overall cost base. mi2g eBusiness Solutions Engineering pays particular regard to security and advises on the management of eRisk, which incorporates Bespoke Security Architecture. mi2g’s clients are mainly from the banking, insurance and reinsurance sectors. For further information – www.mi2g.com

What is Bespoke Security Architecture?

Bespoke security architecture brings together firewall layers, intrusion detection and other defensive structures, as well as automated intelligence techniques with legal, human resource and company policies.

What is eRisk Management?

eRisk Management deals with a variety of issues associated with implementing an eBusiness solution and integrating Service Level Management. It includes selecting the optimum technology set, managing external partners and alliances, linking payments to targets, defining rigorous quality control procedures, managing the growth in online traffic post launch, achieving the expected return on investment, and bringing about the changes in the corporate culture required for successful eBusiness.

First contact for additional information - Intelligence Unit, mi2g

Telephone: +44 (0) 20 7924 3010 - Facsimile: +44 (0) 20 7924 3310 - eMail: intelligence.unit@mi2g.com

Renowned worldwide for the ATCA Briefings. Subscribe now.
Home - Profile - Values - People - Careers - Partners - Contact Us
D2 Banking - Bespoke Security Architecture - Digital Risk Management - Tools

Intelligence Briefings - Brochures - Case Studies -
SIPS Methodology FAQ (pdf)
Keynote Speeches - Articles - News Feeds - Glossary (pdf)
Terms and Conditions - Privacy Policy