Recent news reports have posited that 50 percent of all e-mail is spam. Given what I've encountered, that number doesn't seem ridiculously high. It made me wonder about another number. When the "worms of August" arrived, I wonder what percentage of the Internet's bandwidth was consumed downloading service packs and "critical fixes" from Microsoft?
I doubt that we'll ever find out. Unlike most sites, which brag about their visitors and the number of downloads, Microsoft's support site is mum on the subject. All in all, the Blaster and follow-on worms gave "Trustworthy Computing" a big, black eye.
Given the fact that Windows Server 2003 - supposedly the first product really to benefit from Microsoft's efforts - was the hardest hit of all, one really has to wonder about Microsoft's plan.
Ironically, around the time of the infestation, I was plowing through a popular third-party book on Win 2003. It referenced the Microsoft initiative and made broad (but unsubstantiated) references to how Microsoft's development team combed through every line of the code.
It went further to talk about how this new code could detect problems in real time and heal itself - well obviously not with this problem.
For us, Win 2003 constituted the biggest problem. Even after the first round of patches was applied and the various worm scanners were run, it just kept bouncing up and down like a yo-yo. Our pre-release version was not even "fixable" - and we had to wipe it out and restart.
For the other machines in the organization, it was "scan and patch."
Might I have avoided my problems by having everyone "current"? Perhaps, but I've got some issues with taking that approach.
For starters, nobody puts a gun to Microsoft's head to say that the company must release an operating system at a particular time. It picks the time (although delays might affect the vendor's stock price). It is a big enough job to move, say, from Win 2000 to Windows XP or Win 2003, so once completed, one is hoping for some level of stability.
Most of our machines are Win 2000, so we spent the day applying Service Pack 4 all around the company. We were forced to do so. We hadn't done it earlier because we acted on the "don't fix what isn't broken" model. When your users aren't complaining, do you really want to load 129M bytes (compressed) of new modules on to their machines? I don't have a list handy but, based on the average size of Dynamic Link Libraries in Win 2000, that has to amount to full replacement of thousands of components.
The minute the worms were gone and our end users started saying "this used to work, but now..." we had to wonder if in our attempt to fix one thing, we'd now broken something else. Probably. Thanks, Microsoft.
It was with great interest, then, that I read a news account from an economic summit in early September in Cambodia. The trade minister of Japan, with agreement from counterparts in China and South Korea, agreed to initiate a project to promote non-Microsoft operating systems - specifically Linux.
Given how the Japanese government's mandate for IPv6 on products it buys has brought that technology to life, this could be a watershed moment and perhaps the true tipping point away from Microsoft.
Tolly is president of The Tolly Group, a strategic consulting and independent testing company in Manasquan, N.J. He can be reached at firstname.lastname@example.org.