• United States
Contributing Writer

Keeping up with the patches

Feb 05, 20033 mins

* Resources to help guard against security attacks

Servers around the globe were crippled last week by an insidious worm called “Slammer,” which attacks Microsoft’s SQL Server. Worms normally bring out empathy from network executives, but this time, there was none to be had.

My colleagues Jason Meserve and Denise Dubie scoured the show floor at ComNet in Washington, D.C., last week to get reaction from the network set. What they found was a critical group that blamed their peers for not installing a patch that would have prevented the worm from infecting their servers.

“It’s on the user’s side. If Microsoft didn’t do anything, I’d put the blame on them, but this one is the users’ fault,” said Rich Johnson, network specialist with the Food and Drug Administration.

Johnson wasn’t alone in his harsh words. On the television newscasts and radio programs, experts were quick to point out that network managers need to keep up with the patches.

Some would argue that there shouldn’t be so many patches and that trying to keep tabs on them and download them to all the machines in the network is difficult.

Microsoft has published a page on the Slammer worm at that gives details of how to block its effect on SQL Server.

Staying up to date on patches for all the programs you service is daunting, but most companies have e-mail lists for products that alert you when a service pack or update is available. Microsoft’s e-mail sign-up page is at

Also, when it comes to security breaches, it’s good to get to know the CERT site. CERT quickly issues advisories on fast-spreading worms and other vulnerabilities (view its advisory on the Slammer worm at  You can bookmark the advisory home page at

“Network World” also has a Security and Bug Patch Alert newsletter, which is a compilation of reports and their fixes.  You can sign up for the newsletter and track the archives at

Finally, you should keep up with the antivirus software company Web sites (such as and  Both post alerts and suggestions to fix the issues they’ve found. 

Symantec’s Slammer page can be found at

McAfee has its own Slammer area at

The sites also tell you the level of risk the vulnerabilities pose to your network.

Do you have any sites you turn to for security information? Let me know at