Security, Software, and Ethics Essay

4391 Words18 Pages
Security, Software, and Ethics Introduction Every day, we use computer software to perform everyday tasks. These can range from sending e-mail, balancing your checkbook, web browsing, shopping and much more. Most people don't stop to think about the security of the software that we use on a daily basis. Users are more concerned about getting their work done, and security is little more than an afterthought. Security is a very important and often overlooked aspect of software development. Security is used to authenticate users, manage access to resources, and to ensure that data hasn't been compromised. Recent events such as the Sasser, SQL Server, Blaster and Nimda worms have been devastating throughout the world. They've…show more content…
It took advantage of security holes in Microsoft's Internet Information Server (IIS) to quickly propagate through computer networks. It used four different methods of attacking computer systems, which made it extremely difficult to stop. When you plugged up one hole, Nimda would use another one to circumvent the fix. One ISP ended up cutting off all Internet access to its customers because their computers got infected.[1] Nimda spread very quickly and eventually infected an estimated 2.2 million computers, resulting in cleanup costs exceeding $539 million. Home users were hit very hard because Nimda quickly spread on their computers, which didn't have the latest patches.[2, 3] In late January 2003, the Slammer (or SQL Server) worm started spreading, using a "buffer overflow" vulnerability in Microsoft's SQL Server 2000 to quickly spread to over 120,000 computers all over the world.[4] The high amount of network traffic it generates and its quick infection rate disrupted 13,000 Bank of America ATM machines and over 300,000 customers of an ISP in Portugal were unable to get Internet access for over 12 hours.[5] Slammer was only 376 bytes in size. Although there was a patch released six months earlier that would've stopped Slammer in its tracks, it was discovered that the installation was far from trivial. The installation required a service pack to be installed first, and then you had to determine which patch (Microsoft Data Engine or SQL Server 2000)
Open Document