Korean Net users blame MS for Slammer carnage
Is Redmond culpable?
Korean Net users are threatening Microsoft with legal action over the damage inflicted on the country's broadband infrastructure by the Slammer worm.
Korea Times reports that the splendidly named People's Solidarity for Participatory Democracy (PSPD) group is considering filing a class action suit against the software giant. The civic rights group contends that Microsoft failed to do enough to help its customers fix a flaw in SQL Server, which was exploited by the prolific worm.
Microsoft issued a patch for the SQL Server vulnerability last July but it wasn't widely applied, even by the software giant itself whose network fell over because of the Slammer worm over the weekend of January 25 and 26.
Meanwhile in Korea, "almost all KT [Korea Telecom] customers lost their connections during the attack", according to wire reports. Other ISPs, most notably Hanaro Telecom Inc., were also hit hard by the worm.
Slammer effectively paralysed the country's Net infrastructure, and the PSPD has signed up 3,000 users to take part in its putative legal action against Microsoft.
It is far from clear that Microsoft can be held liable under "product liability law" for the flaws in its products when it has already released a patch. And is it fair to lay the blame for Slammer solely at Microsoft's door?
Microsoft's patch was hard to apply (and judging from Redmond's own experiences) not necessarily a complete fix for the problem for people running large networks. That doesn't get away from the responsibility of service providers, in Korean and elsewhere, to protect their customers against the risk of attack.
Disgruntled users would do well to quiz their ISPs on why they didn't have traffic management and filtering technology in place to deal with the attack.
The blame for the Net-paralysing effects of Slammer falls on the head of whoever created Slammer in the first place, of course.
But since these vandals remain unidentified, users are looking for someone identifiable to sue.
Microsoft (like other software vendors) has a responsibility to make its software secure, but let's not forget the criminal blame for the Slammer epidemic lies elsewhere. ®