Slammer Raises Patch Debate

The SQL Slammer worm, which hit on January 25, was the most significant denial of service attack since the Nimda worm of September 2001. But the financial services industry weathered the attack well, overall, the most serious effect being the shutdown of 13,000 Bank of America (Charlotte, NC) ATMs.

Zurich North America (Schaumburg, IL, $8 billion in annual premium) suffered no impact to its core systems, which was typical of the insurance industry, in the opinion of Jim Huddleston, the carrier's director of information security.

Rigorous Standards

While Huddleston affirms that the industry can boast rigorous security standards, the most significant element in the defense against the Slammer worm was use of a patch issued by Microsoft for the exploited vulnerability more than six months ago. The reason the worm succeeded outside the industry was because there are arguments for not installing the patch, he says. For example, "you may have to go through a significant amount of testing in order to determine the impact of the patch to your environment," he says.

Since the patch was issued so long ago, there was no excuse for companies to suffer from the attack, according to Scott Blake, vice president of information security at security management vendor BindView (Houston). What is needed, he says, is for corporate users and vendors to cooperate in working out the bugs. "Whenever a security patch is released, consumers need to test it and get itdeployed as quickly as possible," Blake advises. "If the patch causes a problem in their environment, they need to feed that back to the vendor and work with the vendor until the patch is fixed."

Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio