One year after Bill Gates declared that security was top priority at Microsoft, the company is recovering from an attack that crippled thousands of computers, shut down ATMs, and disrupted Seattle-area 911 operations. The bug known as "Slammer" has the computer industry rethinking how to protect software from attack.
Slammer manipulates a flaw in Microsoft's SQL Server 2000 software, a product used mostly by businesses and governments. Unlike the viruses that infect e-mails, this nasty critter spread directly through network connections. It trolled the Internet looking for other computers to hit and caused havoc.
The whole mess is a PR disaster for Microsoft. Days before Slammer showed up, Mr. Gates boasted that the company's "Trustworthy Computing" initiative progressed well in its first year. Microsoft had hired a chief security officer and put thousands of its developers through special training.
The software giant admitted it too was a victim, even though it released a tool to repair the problem last July. Many users-even at Microsoft-had not yet installed it. These fixes sometimes create their own problems that crash computers, so corporate computer administrators often procrastinate about deploying them.
When the Y2K bug proved to be a non-event three years ago, it reinforced the popular belief that vital services are safe from exotic computer breakdowns. Slammer slammed that notion.