[plug] Need copy of that 'dont trust ms' warning memo.

Sol autonomon at westnet.com.au
Tue Jan 28 13:34:55 WST 2003


You mean this memo?

Date: Sun, 26 Jan 2003 16:10:32 +0800
From: Jeremy Malcolm <Jeremy at Malcolm.id.au>  (Terminus Network Services)
To: users at terminus.net.au
Cc: plug at plug.linux.org.au
Reply to: plug at plug.linux.org.au

This is a message to clients of Terminus Network Services to apologise
for the unscheduled downtime that has been experienced earlier today,
and to advise that the problem has now been resolved.  The downtime is
believed to have resulted from a denial of service attack against our
network caused by a worm (or virus) that spreads using a security bug in
Microsoft SQL Server software.  Although our network does not use any
Microsoft software, the denial of service attack can affect other
Internet-connected devices.  A new router is now in place to replace the
device that was affected by the attack, and rules have been put in place
to deflect future attacks arising from the Microsoft SQL Server worm.

As an aside, we would also like to take this opportunity to caution all
our clients against the continued use of Microsoft software,
particularly on servers.  The security record of Microsoft software is,
on any view, appalling.  Two years ago, independent IT consulting firm
Gartner recommended businesses to immediately cease using Microsoft's
Web server software, stating "Using Internet-exposed IIS Web servers
securely has a high cost of ownership... Nimda has again shown the high
risk of using IIS and the effort involved in keeping up with Microsoft's
frequent security patches."  Regrettably, many businesses have ignored
Gartner's warning, as the latest crippling network attacks demonstrate.

In our view it is no longer necessary, and you should have no confidence
that it is safe, to run any Microsoft software on your network.  Please
consider using the following mature, high-quality open source software
to replace your current insecure Microsoft-dependent network:

TO REPLACE THIS                         CONSIDER USING THIS
---------------                         -------------------
Microsoft Windows 2000 Server           Linux (and Samba if needed;
or Microsoft Windows NT                 http://au1.samba.org)

Microsoft SQL Server                    PostgreSQL Object Relational
                                        Database (www.postgresql.org)

Microsoft Exchange Server               Exim (http://www.exim.org)

Microsoft Internet Information          Apache (http://www.apache.org)
Server

Microsoft Office                        OpenOffice.org
                                        (http://www.openoffice.org)

Microsoft Internet Explorer             Mozilla (http://www.mozilla.org)

Until recently, it is fair to say that the use of open source software
to completely replace proprietary software was not a real option for
most office networks.  Now, that is no longer true.  Many businesses,
schools and government departments are turning away from Microsoft right
now.  The Federal Government is in fact holding a seminar next month on
how departments can make the switch.  When you switch to Linux, you can
also forget about being forced to upgrade, or paying annual licence
fees.  Worrying about software audits can also be a thing of the past.

Australian research shows that the Total Cost of Ownership (TCO) of a
Linux-based office network is 34% lower than an equivalent Windows
network, including the cost of hardware, software and support. 
Additionally, Linux is immune to almost all computer viruses.  Although
bugs and security flaws are found in open source software, since code is
peer-reviewed by thousands of paid and volunteer programmers around the
world, the bugs are typically found and corrected within hours, rather
than days or weeks.

Another concern that was previously raised about making a switch to
Linux was that support is unavailable; for example some of our clients
ask us, "What if Terminus Network Services goes out of business, I
wouldn't know where else to turn!".  This need no longer be a concern,
with the establishment of the Society of Linux Professionals (WA)
(http://www.slpwa.asn.au), a professional association for Western
Australians using Linux and other open source software to provide
technology solutions.  Many highly qualified consultants are members of
this Society.

Linux is now incredibly easy to use, even on the desktop.  If you can
use Windows XP, then you can use Linux, and you don't need to sacrifice
any of the functionality that you now take for granted.  Exchanging data
with Windows users is not a problem either, since modern open source
office software such as OpenOffice.org is able to import and export
Microsoft Office documents seamlessly.  You can even run many of your
old DOS or Windows applications, if you really need to, by using the
open source Windows emulation software, WINE.  (Alternatively, you can
run OpenOffice.org and Mozilla on your existing Microsoft Windows
machines.)

Last week, Australia's annual national Linux Technical Conference was
held in Perth.  In attendance were speakers and representatives from
organisations such as IBM, Sun Microsystems and Hewlett Packard (who are
all investing heavily into Linux), along with some of the world's
leading open source developers including the original developer of
Linux, Linus Torvalds.  I presented a paper at the conference, and came
away with the strong impression that the ascendancy of Microsoft has
reached its peak, and that open source software such as Linux will begin
to attain dominance in a matter of years rather than decades.

Although this may seem like a lengthy diversion from the main topic of
this message, which was to advise you of the cause and resolution of our
network downtime today, I do seriously recommend that you consider
whether you can continue to afford running Microsoft software on your
network.  If you would like to discuss the available alternatives, I
would be happy to discuss them with you.  Please also feel free to
obtain independent advice from Linux Australia (http://www.linux.org.au)
about how more and more real organisations are making the switch every
day.

-- 
JEREMY MALCOLM  Managing Director, IT Manager, Terminus Network Services
Web sites: http://www.terminus.net.au http://www.linuxconsultants.com.au
Disclaimer: http://www.terminus.net.au/disclaimer.html. GPG key: finger.


On Tue, 28 Jan 2003 01:07 pm, Kai Jones wrote:
> Same here pls :)
>
> shayne oneill wrote:
> > Hey, Can someone fwd me that 'dont use windows;- bad security & sorry
> > bout Ms wormies' memo.
> >
> > I'd like to fwd the warning onto the IT management committee at murdoch
> > university, but I've gone and wasted the
> > original from my inbox.
> >
> > Cheers,
> > Shayne.



More information about the plug mailing list