A powerful internet attack—dubbed SQL Slammer—that hit computers worldwide Jan. 25 has security experts worried that too many system managers are only fixing problems as they occur, rather than keeping their defenses up to date. The problem underscores the need for school technology managers to monitor security bulletins carefully and download the latest software patches as soon as they are made available.

The worm—which crippled tens of thousands of computers worldwide, congested the network for countless others, and even disabled Bank of America cash machines—took advantage of a vulnerability in some Microsoft Corp. software that had been discovered in July.

Microsoft had made software updates available to patch the vulnerability in its SQL Server 2000 software—used mostly by businesses, governments, and school systems—but many system administrators had yet to install them when the attack hit Jan. 25.

Some of those administrators were at Microsoft itself, the company acknowledged in a report in the New York Times. Some computers at the software giant were affected because appropriate Microsoft patches had not yet been installed. That irony underscored how hard it can be to ensure that all security measures are in place and up to date. But Microsoft's internal problems were cold comfort to those affected by SQL Slammer.

"There was a lot that could have been done between July and now," said Howard A. Schmidt, President Bush's No. 2 cybersecurity adviser. "We make sure we have air in our tires and brakes get checked. We also need to make sure we keep computers up to date." Network technicians worked furiously in the wake of the attack to repair damage caused by the fast-spreading worm. The problem was declared largely under control Jan. 26, though some experts were worrying about the possibility of lingering infections appearing for days afterward.

The FBI said Jan. 26 that the attack's origin was still unknown.

As the worm infected one computer, it was programmed to seek other victims by sending out thousands of probes a second, saturating many internet data pipelines.

Unlike most viruses and worms, it spread directly through network connections and did not need eMail as a carrier. Thus, only network administrators who run the servers, not end users, could do anything to remedy the situation.

According to Keynote Systems Inc., which measures internet reliability and speed, network congestion increased download times at the largest U.S. web sites by an average of 50 percent, and some sites were completely unavailable at times.

Bruce Schneier, chief technology officer at Counterpane Internet Security, said the attack proves that relying on patches is flawed "not because it's not effective, but [because] many [systems administrators] don't do it."

Two of the previous major outbreaks, Code Red and Nimda, also exploited known problems for which patches were available.