Things have been quiet on the NutterLog front for the past couple of weeks for the usual reasons of deadlines to meet, but also because of the dreaded Nimda virus/worm/trojan and its unexpected consequences. Normally you'd expect a virus to have direct consequences in terms of the number of machines it infects, but in this case the primary effect seems to have been in the anticipatory reaction of sysadmins all over the place, myself included.

To elaborate, upon reading a description of Nimda and the various nefarious ways it uses to worm its way into your Microsoft-based machine, I blanched. Here was a digital nasty that simple common sense would not keep out of my system. Common sense had been my primary anti-virus tool up until that time, you see. That, and a reasonable diligence in keeping my copies of Internet Explorer and Outlook Express up to date with the latest patches. (Nimda also attacks Microsoft IIS, but I've never used that as a server platform, myself.) But this nasty was nasty enough that I wasn't sure I'd closed all the appropriate holes. The only way to be sure I didn't get infected was to stop using Internet Explorer and Outlook Express, and they were pretty much the only reason I used Windows at all.

That being the case, it was time for a quick migration to Linux. I use Linux exclusively for my servers, but not on the desktop. In all frankness and honesty, and despite my general disdain for all things Microsoft, Win95 in conjunction with Outlook Express and Internet Explorer is the most convenient email and web-browsing combination I've found, given my particular needs. With regards to email, in particular, I need a package that supports multiple accounts, both IMAP and POP. That wipes out a very large portion of the contenders, and all the remaining (Linux-based) contenders are version 0.x pre-release things, so far as I'm aware. After much searching and trying, I decided that Mozilla 0.9.1 was the least awful available candidate.

It turns out that this version of Mozilla is somewhat incompatible with Zope at the administrative level. This made it impossible to add new entries here. I suspected this was the fault of Zope, rather than Mozilla as such, and so I decided it was about time to update Zope as well. Zope is one of those rare pieces of software that I install directly from a tarball rather than waiting for the appropriate Debian package to become available, so upgrading to the latest version is not much of an issue. Still, the migration had minor hitches — more work for the beleagured hobbyist sysadmin. But sure enough, once the upgrade was in place, Mozilla cooperated with it quite nicely. I'm pretty much back on the rails again.

But for all that, I haven't seen much evidence of Nimda mail attachments go through my system, and Nimda in general doesn't seem to have been as bad as I expected. This can be explained, partly at least, by the general reaction of sysadmins everywhere to this threat. In short, they all went into siege mode, where "all" is all the sysadmins that I encounter on a regular basis. In particular, I mean my place of work. I don't go there very often: now that I'm a full time student I only work on a casual basis, but there's a two-week break from uni at the moment, so I went in to work on Monday this week. The network administrators had blocked outgoing port 80 (http) connections entirely whilst they set up defensive measures against Nimda. That block was in place all day until about 11am the next day. That's an unusually serious reaction.

I think that the severity of Nimda has been reduced by the fact that many sites realised up front how serious a threat it posed, and took severe measures to protect themselves. Some still got caught out — even some that should have known better — but the up-front reaction by sysadmins has been much more pro-active for Nimda than for other successful trojans like SirCam which relied primarily on social engineering and associated user stupidity. Sysadmins recognise a technically clever exploit, it seems, but not a good social engineering exploit. More or less.

But possibly the most interesting aspect of Nimda is the fact that I'm not the only one advocating such severe measures as dropping Microsoft products entirely: Gartner suggests dropping IIS in favour of iPlanet or Apache. Perhaps people will finally be driven away from Microsoft products after all, especially if, in addition to rotten security, Microsoft start gouging more on prices and licensing, an issue which has also been in the press recently.