Last week, the MSBlaster (LovSan) worm rocked the IT world. The worm took down more than 385,000 Windows-based computers, according to antivirus vendor Symantec, and forced Microsoft to redirect its Windows Update Web site to prevent a scheduled August 16 Distributed Denial of Service (DDoS) attack. Windows & .NET Magazine UPDATE warned readers about the security vulnerability that paved the way for the MSBlaster worm in the July 22 issue ("Windows Server 2003 Gets Its First Major Security Vulnerability," http://www.winnetmag.com/windowsserver2003/index.cfm?articleid=39649 ), and of course our other publications also provided ample warning that IT administrators should seriously consider applying the patch that Microsoft first supplied on July 15, 2003. Furthermore, the US Department of Homeland Security (DHS) twice warned the public that this security vulnerability could cause problems if users didn't install the patch; print and TV media around the globe covered this news.
Despite these and other warnings, the MSBlaster worm, which launched a month after Microsoft patched the affected vulnerability, took down computers in companies large and small. Individuals, including a friend of mine, saw their computers spontaneously reboot because of this problem, which made downloading the patch impossible. My friend had plugged in a new computer, navigated to Windows Update to download all the available critical security updates, and was infected immediately before the download was able to finish. That's incredible.
Last week, I wrote a somewhat controversial opinion piece for WinInfo Daily UPDATE titled "Windows Worm Should Never Have Been a Problem" ( http://www.wininformant.com/articles/index.cfm?articleid=39849 ), in which I noted that we expend a lot of energy blasting Microsoft, often rightfully so, for its security problems. These vulnerabilities have cost IT administrators countless hours of frustration, testing time, and downtime, and the flood of updates that these problems necessitate probably isn't going to end soon. But with the MSBlaster worm, I have to wonder if we're not taking the blame game a little too far. We'd been warned adequately that this worm was coming, and I honestly feel that many people simply weren't being responsible and doing their jobs: This worm shouldn't have been so disruptive.
In the matter of full disclosure, yes, I live in the proverbial ivory tower. Yes, the infrastructure I manage is sub-small-business-small. And yes, it has been years since I worked in the field, being responsible for production machines at a real company. Just the same, blaming Microsoft for everything is easy, isn't it? After all, the company is a convenient target and, not coincidentally, often at fault. My point isn't that administrators are solely responsible for the devastating effects of MSBlaster, but they're part of the problem--a part that could have done more to fix things proactively. I know your jobs are hard, and I know you're not appreciated as much as you should be; but as systems administrators, you're personally responsible for protecting your network, computers, and users. We can blame Microsoft for not creating a more secure system, but we must also accept the blame for not working with the tools we do have to ensure that this worm was contained. This worm was an embarrassment for both the Windows IT community and Microsoft.
Coming Soon: Windows Storage Server 2003
Two weeks ago, I wrote about small-business storage needs. Shortly thereafter, I heard from Microsoft because I somehow managed to ignore Windows Storage Server 2003, which the company just released to manufacturing (RTM). Like Windows Server 2003, Web Edition, Windows Storage Server will be made available only with new server hardware from major PC and storage companies such as Dell, EMC, Fujitsu, HP, IBM, and Iomega. And because it's based on Windows 2003, it appears to be an interesting and capable storage alternative for businesses of all sizes.
Windows Storage Server replaces the previous version of Microsoft's storage offering, called Windows Powered Network Attached Storage (NAS). Basically, Window Storage Server is a special version of Windows 2003 optimized for file serving (and, optionally, print serving). Windows Storage Server includes simple, Web-based management software, integrates in minutes into any Windows environment, offers access to all the best storage capabilities in Windows 2003--including the full functionality of the Volume Shadow Copy Service (VSS)--and scales from small blade systems up to some of the largest server arrays available: Low-end systems use a 160GB hard disk, but high-end systems currently scale to 48TB, and storage giant EMC has agreed to use the OS in its high-end boxes. As Microsoft told me, from a capacity standpoint, the
Like any network-based storage hardware, devices based on Windows Storage Server are more expensive than off-the-shelf storage. But like other NAS devices, these devices are also far more manageable and require no downtime during installation. Thanks to its Windows 2003 backbone, Windows Storage Server offers other advantages as well. The aforementioned VSS capabilities, for example, will let these systems take advantage of data snapshots, ensuring that you can recover key data files that get overwritten or changed. And an HP-based Windows Storage Server system is currently the only NAS or Storage Area Network (SAN) solution that Microsoft Exchange Server 2003 supports. Going forward, Exchange and Microsoft SQL Server will be aware of Windows Storage Server-based products, ensuring compatibility.
Like many of its current products, Microsoft sees Windows Storage Server as a boon to companies seeking to consolidate Windows NT 4.0 boxes. With a Windows Storage Server device, enterprises can consolidate multiple NT 4.0-based file servers to one compatible device, reducing management overhead and costs. And because Windows Storage Server is scalable, there's always room to grow.
I don't have any hands-on experience with Windows Storage Server, but it looks capable. And unlike most Windows 2003 versions, it doesn't come with any Client Access License (CAL) baggage. If you're in the market for NAS, check out Windows Storage Server at the following URL: http://www.microsoft.com/windows/storage/productinformation/whitepapers/wss2k3storagechal.mspx