Fallout in the wake of the W32.Blaster worm outbreak has seen recriminations fly from customers of antivirus vendors that virus definition updates came too late and that Microsoft-issued patches are problematic at best.
Symantec customers seem particularly cranky, with a number posting to security discussion lists claiming that updates did not become available until as late as 11am Sydney time last Tuesday, by which stage many systems had become infected and crashed.
Symantec's Australian Web site dates an update availability for Blaster at August 11, but gives no time. A spokesperson for Symantec confirmed to Computerworld that the date on the update is also based on US time, which is behind the international dateline - or August 12 in Sydney.
Asked exactly when an update became available for customers, the Symantec spokesperson said that virus definitions were available as early as 8.30am on Tuesday (August 12) - within half an hour of most other AV firms. "It's not a race," the spokesperson said.
Race or not, Sydney University, a Norton Corporate Edition user, was hit particularly hard with several science-related department networks crippled from 9am.
"It was down when I came in at 9am and they didn't start to fix it until after 11am. I was OK, I updated XP on Friday arvo when we had beers. Everyone else got screwed; they're still patching. Who knows what happened, but whatever it was came too late," one cranky USyd scientist told Computerworld.
Prepaid communications provider CardCall was another Blaster victim, with its Gold Coast call centre suffering an outage for around three hours.
CardCall's IT manager David Kenyon said, "Our Norton antivirus software was supposed to see it, according to Symantec, but it didn't. It's a constant battle to keep machines up to date with the latest patches."
David Banes, regional manager Symantec Security Response, responded that users need comprehensive security solutions rather than stand-alone applications.
"It's important to have firewall and intrusion detection in place [and that] organisations don't just rely on a particular piece of software, but have a proper [security] policy...including training and a security policy," Banes said.
Jakub Kaminski, manager of Computer Associates' virus research Labs in Melbourne, said Blaster had kept his enterprise support staff "flat out" with the tricky nature of the patching process compounding problems. "Some machines looked like they were patched, but were not patched . . . I've seen people do the updates and still be vulnerable. There are so many service packs [users] don't know which is which," Kaminski said.
Kaminski warns users should "Update Windows service pack - and then apply the patch - and then run a scanning tool to make sure the patch works. It's a complex process if it goes wrong. It will take some time before people are patched to a level where it does not spread."
Symantec upgraded Blaster to a level four [of five] severity rating at around 10am Wednsday August 13.
- with Lauren Thomsen-Moore