Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Combatting the Virus 1

Status
Not open for further replies.
This to me is kind of scary. At first I just dismissed it as headlines... but now I'm thinking... why do you put out a quarter million dollar rewards when it doesn't really benefit you to catch the guy, and rather than being a conspiracy theorist, I went with the simple solution. Namely, a deterent to future virii writers. If software security tries to use the law to any significant extent, we're in for a bumpy ride.

-Rob
 
I don't find it scary at all, nor do I have a problem with it. The people who write virii are criminals, they need to be caught and prosecuted just as any other criminal. Why would they be exempt from criminal prosecution? Rewards are posted for many crimes and this is no different.

I certainly hope that MS is continuing to work on fixing the software as they have an obligation to do, but what is wrong with doing both, defending yourself, and trying to remove the threat?

"If software security tries to use the law to any significant extent, we're in for a bumpy ride."

What does that mean?

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Making software as bullet-proof as possible is, of course, always important, but I think this idea is great. I hope other vendors sign on and add more money to the pot.

Virus writers are repulisive little slugs that should be reviled by all decent human beings. If this deters thism and helps catch them, I'm all for it.

The next step is to toughen the penalty phase for those who are caught. A slap on the wrist in unacceptable. Throw them in real prison for a while. Also, fine them for the full amount of damage caused by their handiwork. Example, Stupidchild Virusidiot writes a worm that causes $100,000,000 in damage. When caught, he is sentenced to 10 years in prison and a $100,000,000 fine.


Jeff
If your mind is too open your brains will fall out...
 
While I see no problem with it myself I don't really see it changing anything - virii writers may just be a little more cautious in their deployment.

It is, of course, just another MS publicity stunt.
 
"Example, Stupidchild Virusidiot writes a worm that causes $100,000,000 in damage. When caught, he is sentenced to 10 years in prison and a $100,000,000 fine."

<tongue-in-cheek>
Let's see, at 17 cents/hour working in the prison laundry...
</tongue-in-cheek>

Seriously, how can such a thing be proved? Suppose I want to cash in on this reward and point the proverbial finger at Mr. Virusidiot. Outside of the source code being left on his hard drive, will this come down to a &quot;Yes, you did!&quot; versus &quot;No, I didn't&quot; contest?

[sup]Beware of false knowledge; it is more dangerous than ignorance.[/sup][sup] ~George Bernard Shaw[/sup]
Consultant/Custom Forms & PL/SQL - Oracle 8.1.7 - Windows 2000
 
I side with BJCooperIT so far.
First, we're not necessarily dealing with hard, tangible losses, so it'd rather difficult to assess restitution, if restitution were even a real possibility. Have a look at &quot;traditional&quot; criminal cases and see how effective collecting restitution is.
Further, I don't believe you're going to find many jurors - unless you can really stack that box with IT folk - who'll go along with hard time for a script-kiddie.
...'course, Microsoft'll probably pay out the bounty, then cut a deal with the Court to bring the virus writer on as a consultant as part of the terms of work release...
 
The fine is not meant to be restitution - how do you know who to pay how much to? The fine is punitive. Virusidiot is never allowed to profit from what he did - he'll be poor the rest of his life for what he did.

Viruses are not a harmless little prank that only affect IT people. Viruses can effect the entire economy, which harms everyone. Releasing a virus is an act of terrorism plain and simple.

If someone were to taint the water supply of a city with a powerful laxitive, would that be considered harmless because no one was killed? I think not - it would be treated pretty seriously.




Jeff
If your mind is too open your brains will fall out...
 
The big advantage of cash rewards is that it will make virus writers mistrust each other. Of course I can imagine someone being set up for the cash, but I assume that Microsoft know more about their own systems than any outsider ever gets discovered, and could spot the real culprits.
 
Would anyone else rather MS use this kind of money to hire these virus creators to find flaws in MS operating systems and applications?

I would.

I'd rather better, more secure systems than less virus creation. Its like trying solve a problem by ignoring it.

Posting code? Wrap it with code tags: [ignore]
Code:
[/ignore][code]CodeHere
[ignore][/code][/ignore].
 
It amazes me how many people seem to think virus writing or cracking is a game or some minor infraction.

Would you put a serial pedophile in a kindergarten classroom to teach the kids about safety?

These aren't just cuddly little kiddies playing. A lot of these people are sociopaths.


Jeff
If your mind is too open your brains will fall out...
 
Would you put a serial pedophile in a kindergarten classroom to teach the kids about safety?

A bit over the top as a comparison.

A lot of these people are sociopaths.

A bit of an overstatement? Or maybe you've got the clinical creds to back this up?

 
I agree MasterRacker. It's amazing how so many, especially in the IT field, are so tolerant towards these miscreants.

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
It is indeed. Since these virii are designed to cause massive damage and the creator clearly won't be able to cover the cost of the damages, this should be reflected in a very lengthy jail sentence.

Perhaps shortened for good behaviour programming for charities or the like.
 
These people clearly have good computer skills (I wouldn't know how to write a virus). But equally clearly they could have used their exceptional skills to do something useful. The fact that they chose not to worries me. Would they continue to make such poor choices if they were employed as anti-virus experts? I can see some value in asking a burglar about house security, but I wouldn't employ him/her to look after a bank vault. In the same way, I personally would treat an ex-virus-writer with extreme caution in an IT environment. Like never-let-loose-off-a-lead.
 
If we get into the habit of hiring virus-writers into anti-virus jobs, then we're saying that if you are unemployed, you should work on creating a monster virus to gain employment. This will only encourage others to write virii.

How about sentencing them to 10 years, but not in prison. I'm talking about 10 years of watching Barney videos. Now that's hard time.
 
I think there is some reason to be glad the virus writers are active although those who write destructive viruses should certainly be fined and jailed. Without this threat, we would be sitting ducks for a strategic attack. That is much more difficult with the heightened level of security which exists today.

I think the real firepower should be directed at those who build and distribute programs which automate the construction of viruses. This is what enables the 'kiddies' to create widespread problems.
 
I think targeting the virus-writing toolkits is a good idea -- as a secondary attack to the problem. I think you'll find that the most destructive virii are ones that are hand-crafted.

For example, I don't think that the SQLSlammer worm, which infected M$ SQL Servers and was a whopping 376 bytes long, was produced by a virus kit.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top