I'm sure Microsoft is aware that many networks are severly pissed off about the extra overhead they are enduring because of this worm. I think my helpdesk said, "Fry 'em." While we'll continue monitoring and cleaning up systems scanning for infections, the DOS side of the worm and variants is rather tame and will be allowed through so long as it meets standard egress/ingress policy. I just can't see a bunch of already employee starved networks devoting more resources just to save Microsoft from their own vulnerability.
Having dealt with many very annoying vulnerabilities in the past like
this (The numerous CodeRed varients/Nimda, Slammer, this), I'm fed up of
it.
To the point where it doesn't hurt my network, hurt other people, or
cause me an increase in costs, I won't be going out of my way to defend
MS. Frankly, it might be the only way they'll learn.
Imaging the havok if every Windows virus tried to attack MS.
Well, the majority of the recent worms have gotten loose on MS's corporate net
and caused enough disruption to make the news, and there was the time that windowsupdate.microsoft.com got nailed by CodeRed...
Oh.. wait.. you meant *intentionally* tried to attack....
Some news outlets are reporting this is actually Microsoft's plan,
Sure it was, and it's probably the best thing MS could have done (for
themselves AND the larger Internet) given the circumstances.
After all, infected systems aren't going to stop scanning and DOS attacks
from a huge number of compromised hosts targeting windowsupdate.com
IPs is simply going to result in increased network utilization for a bunch
of garbage traffic that'll either be dropped as a result of congestion on
some networks, blackholed on others (from the folks that care no more
about MS being DOS attacked then the next guy, but do care about their
networks availability and the Internet in general), or hit some severely
crippled server(s).
MS has bugs, sure, and there's probably no excuse for lots of them.
However, it could have been linux or any other OS. Folks give MS a
hard time for the same reason they give Cisco a hard time -- because
their products are nearly ubiquitous. I'm not going to dive into some
huge rant here (others have articulated this point nicely already),
some folks are much more passionate than I about the issue and I
don't care to spend the cycles arguing something I care little about.
MS isn't going away any time soon, like it or not, and the only way
problems of this sort (that have been disclosed) are going to be
cleanly resolved is by end users patching their systems.
-danny
PS: If folks are going to rant about MS products being horrible they
might want to consider using non-MS products and posting to NANOG
from non-MS mail clients/systems *8^).