Does Code Red Point to Open Source?
London, UK - 31st July 2001, 0300 GMT – The past
36 hours have seen a flurry of activity in response to the Code Red Worm that
infected more than 350,000 online computers during the first few days of its
peak appearance on 19th July, slowing the internet by 40%. The restart replication
date for Code Red is midnight tonight (GMT), when it will send out probes to
infect even more computers like a chain reaction beginning the first instant
of 1st August. In some cases, the message “Hacked by Chinese!” will appear on
machines set to US English.
“If we look at the enterprise web server market,
3 in 5 systems are running Open Source Apache on Linux and 1 in 5 is running
the proprietary Microsoft IIS. However, two thirds of all web defacements are
on Microsoft’s IIS. What does this tell us?”
Code Red infects Microsoft’s newer Windows and IIS products as well as crashing
some Cisco routers and other equipment. Unlike viruses such as “Melissa” or
“I Love You,” the worm does not delete or copy data but significantly degrades
internet response time. Although both Microsoft and Cisco have posted patches
on their web sites, large businesses are concerned about the regularity with
which these vulnerabilities are being exposed and are investigating migration
to Open Source solutions such as Linux and Apache, which are not targeted
on the same scale.
said DK Matai, Managing
Director of mi2g. “Proprietary software is being
targeted by attackers because it has an Achilles heel. The speed at which a
fix can be developed by a manufacturer, posted on the web and implemented is
considerably slower than the wider community of Open Source users. This gives
the hacker a focus point.”
In contrast, Open Source software offers in-house flexibility – anyone and
everyone can chop and change it in a way that simply cannot be done using
Microsoft Windows and IIS. Linux and Apache are increasingly being used as
alternatives. Benefits also include access to many tens of thousands of Open
Source developers who are posting antidotes for vulnerabilities on the internet,
just as they are found.
There is little doubt that the recent acceptance of Linux as a more secure
system by the White House web site has given the Open Source movement another
flag bearer. The future lies in software solutions that will be able to dynamically
adapt to the rising threat in real time. Large businesses are aleady applying
sufficient pressure on proprietary software manufacturers, like Microsoft,
to open their source code ever since the vulnerabilities have become a cumulative
and regular disruptive feature.
About Open Source:
For further information on the Open Source Definition
mi2g software works with financial services groups,
both large and small, to change and eEnable their entire business. We automate
our clients’ business in such a way that they and their customers can use
the World Wide Web both to increase their business volume and reduce their
overall cost base. mi2g eBusiness Solutions Engineering pays particular
regard to security and advises on the management of eRisk, which incorporates
Bespoke Security Architecture. mi2g’s clients are mainly from the banking,
insurance and reinsurance sectors. For further information – www.mi2g.com
What is Bespoke Security Architecture?
Bespoke security architecture brings together firewall
layers, intrusion detection and other defensive structures, as well as automated
intelligence techniques with legal, human resource and company policies.
What is eRisk Management?
eRisk Management deals with a variety of issues associated
with implementing an eBusiness solution and integrating Service Level Management.
It includes selecting the optimum technology set, managing external partners
and alliances, linking payments to targets, defining rigorous quality control
procedures, managing the growth in online traffic post launch, achieving the
expected return on investment, and bringing about the changes in the corporate
culture required for successful eBusiness.
First contact for additional information - Intelligence Unit, mi2g
Telephone: +44 (0) 20 7924 3010 - Facsimile: +44 (0)
20 7924 3310 - eMail: email@example.com