Let's get the schadenfreude out of the way. Microsoft, the company that wants to sell us its vision of trustworthy computing, has had its own network brought low by failures in its own products and procedures. The same attack disrupted corporate systems -- and the Internet -- for days. You know, I know, and, most of all, Microsoft knows, what this means for the company's already wretched reputation. We don't know what the repercussions will be for the company's shock troops, even now deployed in corporate and government offices around the world begging hard-faced officials not to do that open-source Linux thing. But we can guess. There are an infinite number of columns to be written about the implications of the weekend attack for Microsoft. This isn't one of them.
The most interesting and important implications are bigger than Microsoft: they call into question the future of IT in all our lives. There are three aspects of the weekend's events that should give us pause for thought: the exploited bug in the code was known and a fix had been available for six months; despite being very specific in its targeting and action it hit a very wide range of connected systems; and it was a tiny fraction as harmful as it could have been.
Take the first point last. All SQL Slammer did was install itself in the victim's memory and send out copies of itself. It did this aggressively enough to flood the network and trigger router bugs, but it didn't try to overwrite disk space, corrupt data structures, mutate itself or otherwise hide from detection, or search out new attack modes. It didn't even try to infect any files with copies of itself -- it just stayed in memory. All these are known weapons in the worm writers' armoury, and we can just be thankful that the person who created this one left those skills out of its digital DNA. Next week, we might not be so lucky.
Then there's the business that hundreds of thousands of systems that apparently weren't running the vulnerable software -- SQL Server 2000 -- were hit. Some of this was a side effect of all the traffic, some of it was because they were running the infected software, but as a component of something else. Others suffered because whole networks had to be taken down: because SQL Slammer lived in memory alone, all you had to do to get it off a computer was to turn the machine off. But if you turned back on while still connected to an infected network, you'd be hit again in seconds: the only thing to do was yank the Internet connection and turn everything off and on again. One point of vulnerability quickly spreads to poison entire networks, and SQL Slammer -- just 376 bytes long, about the length of the Lord's Prayer-- took half the Internet down in hours. With it went networks of cashpoints, police and fire systems, government facilities and others you'd think would be well isolated from the Internet. They're not. Nothing is.
Which leaves us the big one: if the bug has been known and fixed for so long, how did the worm get in? Why were firewalls configured to leave that port open? Rule one: don't open any ports on your firewall you don't know to be safe. Rule two: apply all patches. Even the rawest system manager knows those two. But those are the only solutions on offer, and they patently don't work. The problem is one of perception. We're looking at the problem the wrong way.
Ask an electronics engineer "How does television work?" and you'll get a story about video signals, sync pulses, electron beams and phosphors. Ask a media analyst, and you'll hear about audience targeting, striping, metrics and finance. Ask an anthropologist and you'll be told about changing social attitudes to information, the impact of the Industrial Revolution and technology on power structures, and perhaps a side order of human interaction mediated by shared experience. All are valid, and all need to be understood.
Now ask the same people "How can we make television safe?" and you'll get another three answers. The engineer will talk about high voltages and proper insulation, case design, ventilation, fuses and so on. The analyst will discuss checks and balances, government regulation, corporate oversight and the role of consumer choice. The anthropologist will change the question, but if pushed will say "design the system around the way people are. Don't expect people to change to match the system."
How do we make our networks safe? The trouble with computer security is that everyone is thinking like engineers. There's a bug? Patch it. There are lots of bugs? Patch them all. Worms are attacking? Put up a firewall. You want to do something that the firewall stops? Er, well, don't. Except when you have to. Then do.
That's clearly not enough: we have to start to think like anthropologists. Get usability experts to design firewall interfaces, not ubergurus from the depths of Cisco. Get an economist skilled in risk analysis to describe what a world built out of faulty software really looks like in terms of danger versus reward, and get the anthropologists to work out how to build it so that real humans can understand and maintain such a world.
That's the true lesson of SQL Slammer: not that Microsoft has fallen flat on its backside again and we should all cheer, but that we are attempting to control a world machine that has outgrown its designers. That's OK, as long as we stop expecting its designers to tell us what to do next and take the problem seriously at all levels. Is open source going to be part of the solution? Definitely. So's Microsoft. But neither group has the vision and understanding of what we have on our hands to be allowed to define what happens next. We need big thinkers, and we need them now.
