SEATTLE (Reuters) - The computer worm that exploited a flaw in Microsoft Corp.'s database software to cripple global networks turned out to be an unwelcome if unintended anniversary for the No. 1 software maker's effort to make its programs more secure.

Microsoft said the damage caused by the "SQL Slammer" worm over the weekend, which targeted the company's corporate database program of the same name, showed it was on the right track with its "Trustworthy Computing" initiative, launched a year and one week earlier by Chairman and founder Bill Gates.

But critics, who noted that some of Microsoft's own computers were crashed by the Slammer worm, said the incident demonstrated that Microsoft's tighter chain of security was only as good as its weakest link: the thousands of harried network administrators charged with updating Microsoft's systems.

Saturday's attack on the Internet, the most damaging in 18 months, clogged the pipelines of the global Internet. Web access was nearly shut down in South Korea, which bore the brunt of the slowdown.

"We still have a lot more to do, but it (the worm attack) shows how important the Trustworthy Computing initiative is," Scott Charney, Microsoft's Chief Security Strategist, told Reuters on Monday.

Charney said the main goal for Microsoft in the wake of the attack was to make sure customers were aware that a patch for the security hole in SQL, which had been available since last summer, could be downloaded and installed to prevent the worm or some variant from flaring up again.

"The single largest message is: keep your system up to date with patches," Charney said.

In response, security experts lashed out at Microsoft, saying that the software giant still needed to make a greater effort to plug potential holes in its products.

"I don't buy it," Bruce Schneier, Chief Technology Officer of networking monitoring company Counterpane Internet Security said regarding Microsoft's call for system engineers to install updates to its software.

"That's blaming the victim," Schneier said.

Although the security patch, which addresses a security hole in SQL, was available since last July, many system administrators had failed to implement the fix because they often required extensive testing before installation, Schneier said.

With numerous patches for all of its products, security experts said the main objective should be to develop software that was free of patches or less prone to security flaws, not to constantly issue fixes and risk attacks from malicious programs.

While governments were still probing the source of the worms, which remained a mystery, security experts dismissed the idea that the worm might have been deliberately timed to coincide roughly with the first anniversary of Microsoft's secure computing drive.

BITTER MEDICINE

Microsoft also saw some of its own computers taken down by the worm, after the malicious program infected SQL servers on the software giant's own network that had not had the appropriate patch installed.

Microsoft spokesman Rick Miller said none of Microsoft's SQL server connected to the Internet were affected. Instead, internal SQL servers running on computers used by developers were infected, causing a slowdown in the Redmond, Washington-based company's own internal network.

Charney said the greatest challenge for Microsoft was making sure that information was being passed on to users and that they learn of critical updates for software.

In response to Saturday's attack, Microsoft said it had built an installation program to make it easier to implement the patch, offered top-level support to its customers, offered a toll free service number (1-866-PCSAFETY in the United States) and was working with the Computer Emergency Response Team and other agencies to investigate the attack.

Other security experts said software users would have to accept the fact that software, whether it be Microsoft's or any other platform, would remain buggy and nearly impossible to secure, given the complexity of modern software design.

"In their defense, they provided a patch six months ago," said Marc Willebeek-LeMair, Chief Technology Officer of TippingPoint Technologies Inc., which developed an "inoculation" that allowed networks to shut out SQL Slammer.

"We all know that when you have millions of lines of code (the underlying instructions for software programs) there are going to be bugs, said Willebeek-LeMair.