News anchors can’t seem to understand the difference between a worm and a virus. It’s the victims who usually learn the hard way.

A worm is transmitted from computer to computer automatically – no email attachments required, whereas a virus spreads via actions from computer users. Symantec’s Security Response reported that the W32.Sasser worm’s geographical distribution was “high”.

Fortunately, the worm really doesn’t cause any damage to an infected system. However, it significantly degrades system performance. For the normal home user, it’s an unwelcome annoyance. On the corporate side of things, it can amount to productivity losses in the thousands of dollars.

In addition to the degradation of system performance, the worm can crash infected computer systems. Security experts say the crashing component of the worm wasn’t intentional, but rather a result of “bad coding.”

Microsoft has released a set of removal instructions on their website, as well as a free patch uninfected users can install. Visit http://www.microsoft.com/security/incident/sasser.asp.

Most experts immediately blame Microsoft for occurrences like the Sasser worm. Ironically, Microsoft released a patch on April 13 of this year, which eliminates the vulnerability that Sasser exploits.

This raises an interesting point. If a company doesn’t patch their systems in a timely manner from when the patch is released, and then a vulnerability that the patch would have fixed is exploited, who’s fault is it? Many immediately jump on the vendor of the software that was exploited.

Liam Gladdy, (http://gladdy.co.uk) a System Administrator and Programmer from the UK thinks otherwise. “System administrators face an extreme challenge in deciding at which point they should roll out updates globally, while the vendors do test them thoroughly, a certain amount of network specific testing is vital, The fault, however, cant be put on the vendor, virus creators are getting quicker, and personally, I think its our job as administrators to ensure we're still ahead of them.”

Benjamin Segal, a Computer Security Expert from the US has a slightly different view. “Both are at fault. The system administrator [is at fault] for not patching their system of course but also the software vendor for releasing software that can be exploited at all.”

Regardless, authorities in Germany arrested a high-school student who has reportedly confessed in detail to creating the worm. The Secret Service, FBI, and German authorities worked with Microsoft’s investigative team to track down the author. The suspect has been released pending charges.

The worm was reported to have infected over 18 million computers globally.