Then the center of the network became exposed. VPN users from home got infected and spread the worm through remote connections that bypassed normal firewall rules. Unprotected laptops got infected on the road and came home to roost when plugged back into the corporate LAN. Extranet business partner networks got infected; CEOs got infected picking up non-corporate HTML e-mail; and vulnerable consultant computers plugged into the network.

The number of MS-Blaster infections on Days 1 and 2 wasn't bad, but by Day 3, every unpatched corporate computer was infected and rebooting over and over again. Computing literally came to a standstill that week for many enterprises; it was impossible to install a new Windows PC and patch it before it was exploited. It took some companies months to fully eradicate MS-Blaster.

This single malicious event led to the default enabling of Windows Firewall in the XP Pro and the strengthening of many core Windows services. Today, when you install Windows Server 2003 and Windows Vista, Microsoft disables all non-essential networking services until after all patches have been downloaded and applied.

MS-Blaster proved that network firewalls have never been enough to prevent malicious attacks and never will be. The "soft, chewy," hypothetical network center that Bill Cheswick became a practical reality overnight. That's why Qualcomm's decision not to fix the WorldMail vulnerability is unsettling.

There must be a valid reason why Qualcomm is not planning to fix a WorldMail exploit, right? Of course there is: Qualcomm no longer sells or supports WorldMail. WorldMail was just rebranded as . And Rockcliffe doesn't support WorldMail. Rockcliffe wants WorldMail users to upgrade to new versions of its MailSite SE product.