Code Red: Microsoft not helping the fight

Systems administrators are blaming Microsoft for hampering their efforts to tackle the Code Red worm - and their criticism isn't just about the software giant's perceived habit of releasing less-than bullet proof software.

The nub of the matter is what's seen as the unnecessary and time-consuming process of downloading entire service packs when a simple patch would do the job.

For example, early Windows NT systems still running Service Pack 2 cannot use the Code Red patch issued by Microsoft without first downloading the whole of the latest service pack, 6a.This takes time, and sys admins argue it may add other fixes they may not want.

The other option is to call Microsoft to get the latest CD with the required patches - but given the rapid spread of bugs that isn't a viable option to any conscientious systems administrator.

Richard Fieldhouse, MD of software and consultancy firm Fenestra, said he had to spend five hours downloading the latest service pack from Microsoft, an action he felt wasn't fully needed or warranted.

He said: "If Microsoft really are serious about a security patch, it should work without us having to install a service pack."

One systems administrator concurred that Microsoft is making things unnecessarily painful. He said: "A systems administrator may not want to patch a system that is functioning perfectly well. Installing bug fixers could in itself cause problems on a machine that was previously working fine."

Mark Tenant, Windows 2000 product server manager for Microsoft, expressed sympathy for the unfortunate ones having to go through the whole process of the time-consuming downloads.

Tenant said: "It's unfortunate, but we have to draw the line somewhere. We've not seen many customers using anything earlier than Service Pack 4. That's why we were using it as a starting point."

Tenant added one way for users to protect against bugs affecting web servers in the future is by using the Windows 2000 IIS 5.0 Hotfix Checking tool (HFCheck), which makes sure Microsoft systems are up-to-date on all security patches.

A spokeswoman for network monitoring firm Keynote confirmed today that the latest outbreak of the Code Red worm had not lead to the wide scale drop in performance of the internet as expected by some in the industry.

For related news see:
Code Red: Microsoft and US government got it wrong
http://www.silicon.com/a46172
Does the internet have 24 hours to live?
www.silicon.com/a46134
SirCam turns the air blue as AV spat hots up
http://www.silicon.com/a46111