David Collantes

Verified ($6.50/year for the domain)

Thanks to the Slammer, Slammed

Yes, just like a lot of people around, we got “slammed at work.” There were several hundred of machines on Campus, I presumed, but the five we got compromised are the one’s that bothered me the most.

Out of the five, two were servers, our servers, my servers. A brand new SQL server, just a week old, more or less, was missing the hot fix. Another older one, under the control of somebody else, but still within my College was missing it too. It could have been worse. Just a semester ago, all the machines on the labs were running MS SQL server.

Now, I have no excuse. I failed to install the hot fix, I thought the SP2 was all there was (when I built that server there was not SP3). To be honest, I have never been fond of hot fixes. Microsoft does not recommend the install of any hot fix unless you are experiencing the problem that the hot fix is covering. Just not so on the slammer case. If you go to the hit fix page you will see the recommendation to install it and the reference of being a critical one down, at the end of the whole document, on the very same small font that disclaimers are written with.

The hot fix installation is not a piece of cake neither. Let me tell you, every time there is a hot fix, I really treat it with a bit (or more) of salt. If things go wrong – and there is always a big possibility of that happening – you may ended up messing up the server. And when the hot fix involves editing files and tweaking with the registry (always written on red on Microsoft documents) then the procedure starts to thicken. It is like seeing a TV advertisement of a new medicine. They tell you that it can cure your stomach problem, but there are high possibilities that may affect your liver, kidneys, heart, lunges and induce a brain stroke. So much for a peace of mind.

Microsoft needs to get their act together. Windows Update web site it’s a step forward to a centralized and safe delivery of patches and upgrades. There is an Office Update site too. I would say, they should put up a site for all OS and server (services) related patches and critical updates and another for all Office/Home products. Or to start with, at least, a better Security page, where patches and/or upgrades are listed by server (SQL, Exchange, IIS, etc), on an easily identifiable order. Perhaps that will be accomplished soon. Let’s all hope so, for our own sake.