This story was written by Keith Dawson for the Industry Standard's Media Grok email newsletter. It is archived here for informational purposes only because The Standard's site is no more. This material is Copyright 1999-2001 by Standard Media.

Worm Insurance

Sep 25 2001 07:38 AM PDT

When underwriters see Windows, they see risk.

Nimda, Code Red and the newly hatched Vote worm all attack Windows-based systems and spread by exploiting holes in Microsoft's Internet software. Even before these widespread outbreaks, at least one insurance company had added a surcharge to its hacker coverage for customers running Windows 2000. Security analysts have long been discussing how much responsibility Microsoft bears for the damage done by all of this malware, and lately the press has begun asking similar questions.

Yesterday a Gartner Group analyst recommended that "businesses with Web applications ... start investigating less vulnerable Web server products" than Microsoft's Internet Information Server. CNET ran the story as an opinion piece, and other outlets picked it up.'s AP piece featured a demurral from Microsoft and ended with an opinion from an analyst at Giga, a competing advice shop, who noted that some companies are dropping IIS over concerns about increased license fees.

The Register, no fan of Microsoft, stressed Gartner's recommendation that companies avoid IIS until it is completely rewritten. "We haven't heard that Microsoft has any plans to rewrite IIS, but if it does, we'll let you know," the Reg's reporter deadpanned.

ECommerce Times aired a balanced piece that quoted a security expert saying "there is plenty of blame to go around" for Net security vulnerabilities, including the actions - and inaction - of users.

The editor of the Linux Journal turned in a plea for diversity as a way to beef up Internet security, pointing out that bad guys target Microsoft software because it is so widely deployed. However, Slashdotters are all over a tale of how an emulation program can reproduce a Windows virus on Linux. Monocultures are dangerous in nature and no better on the Net.

Experts Issue Warning On WTC Worm
Washington Post

Windows users pay for hacker insurance (May 29, 2001)

Nimda Worm Shows You Can't Always Patch Fast Enough

Commentary: Another worm, more patches

Citing security, analyst urges some firms to abandon Microsoft server software (AP)

Ditch Microsoft IIS now, says Gartner
The Register

Virus Outbreaks: Are They Microsoft's Fault?
E Commerce Times

Nimda, Other Worms and Life on the Internet
Linux Journal

Viruses are getting faster, tougher

SirCam on Linux Via WINE