General discussion

Locked

Appropriate punishment for Netsky author

By Bill Detwiler Editor ·
Sven Jaschan, the 18-year-old, alleged author of the Sasser worm and several variants of the Netsky virus, was charged with sabotage by German police last week. Jaschan is believed to be responsible for 70 percent of the virus infections in 2004.

With the cost of virus infections steadily on the rise, what are appropriate punishments for convicted virus authors?

This conversation is currently closed to new comments.

20 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

punishmment for virus writers

by alan In reply to Appropriate punishment fo ...

Crimes against society need punishment that, at least to some degree, represents the impact. The fact that the author is a very young person should be overlooked and an extreme penalty should be applied. The many thousands of dollars spent to recover from and protect against the virus writers should dictate long prison sentences and a ban, even if not enforceable, from ever again writing program code.

The crook with the gun is more directly threatening but causes far less monetary damage on a much smaller area of impact than a virus writer. Every virus impacts thousands of people. Equate the crime with embezzlement and apply the stiff penalties.

The knee jerk reaction is "break every finger and make sure they never work again", which is not a civilized thing to do.

Collapse -

Removal

by Oz_Media In reply to Appropriate punishment fo ...

Of hands, ears, eyes, feet, sexual organs, frontal lobe.

Anything short of that is simply a slap on the wrist. What's the differece between someone destroying companies and invetments around the world and a terrorist?

We shoot terrorists without question and with full support, we JAIL virus writers?

Just send 'em all my way, I'll sort it out for you.

Collapse -

Bring here @ Philippines

by rnlmush In reply to Removal

please bring them here & we will punish him..

Ricky

Collapse -

by Montgomery Gator In reply to Bring here @ Philippines

What happened to the "I Love You" virus writer? I understand he was from the Philippines. Hope he got what he deserved.

Collapse -

by rnlmush In reply to

yes. he was! actually he was hired by foreign company abroad. at that time no laws pertaining to cyber hack or spreading virus so, he never punish. but now there will be a law, economic sabotage & be sentence to death.

Collapse -

Well I'll go against most others here

by HAL 9000 Moderator In reply to Appropriate punishment fo ...

Instead of pointing the finger at the particular person who wrote the virus I'd like to see the people responsible for supplying such a mess of an OS held to account.

Currently M$ has just released its latest Service Pack which allegedly addresses a whole host of "Security" problems in Windows and within 2 week of that being made available there are more to add to the list.

It is an acknowledged fact that SP2 is expected to break at least 10% of all computers that it is loaded onto as well as remove a lot of existing software from use all of which isn't Microsoft supplied but we are expected to put up with this at best "Leaks like a Rusty Sieve" OS and then transfer all the blame onto those who take advantage of the holes in the OS of choice by most companies.

Maybe it's just me but I think the responsibility for these problems should be passed directly back onto those people responsible for supplying both the original OS and patches as they quite nicely provide a very detailed account of any holes that they find when they release a patch hot fix or whatever else they like to call it. There are very few of us who will willingly apply untested Patches/Hot Fixes to our systems but at the same time we all know exactly what is at risk by not applying them because MS makes the holes well known to justify their new patch.

To me complaining that someone has taken advantage of these holes is a bit like complaining that someone has used your check book credit card when you left it lying around. Surely we as supposedly IT professionals are supposed to keep our systems secure as possible from outside attack and anything that gets through is more our fault rather then the fault of the person/s who wrote the offending code in the first place.

Col

Collapse -

What!?!?

by p_piluk In reply to Well I'll go against most ...

There is no logic with this line of thinking. It is still a crime if someone enters your home and robs you blind if you left door unlocked. Would you hold the lock company criminally responsible for any break-ins? And for the record, why would you propose we blame the victum of a crime rather than the person responsible...

Peter

Collapse -

Well lets have a good look at the alleged crime

by HAL 9000 Moderator In reply to What!?!?

Firstly this person was supposed to write code that had an adverse affect on Windows Operating Systems. Now if the company who makes windows didn't make the problems widely know when found and patches provided he would have had a much harder time of it.

Incidental I would blame the lock company if they provided details of way to use existing problems in their products that had not been fixed after they released fixes for the problems that they had either been told about or discovered and then went on to tell the world about the problems at the same time as telling everyone that they had a fix available that I had to install and it may or may not cause more problems than it was supposed to fix. It would be even worse if that lock company in question had a virtual monopoly of the lock market and I was forced to use their products as they where all that was available to suit my needs. Although I do think it is a bad analogy I think you'll get the point.

Now not only did this person allegedly write a virus that adversely affected a few computers but it is alleged that he was responsible for 70% of all that years virus attacks. Well if he was that good I would put him to productive work filling the holes instead of throwing him in jail and being a drain on society.

I would do exactly the same with a bugler if he/she was supposed to have broken into 200 homes and ransacked them then I'd be for locking them up and throwing away the key. But if that person had broken into 70% off all buildings within a year it would be a different story as they would have to be on the go all the time all around the world. Now if they where capable of doing that I would want them designing better locking systems to stop people like them from gaining entry to my house.

The difference here between writing a single virus that affects people/companies and being responsible for 70% of all infections is purely a matter of scale and if they where actually that good I would want them working for me to plug the holes rather than being nonproductive or worse still passing on their ways of doing things to others while being locked up in prison.

What would you prefer 1 person writing these things that prove such an adverse affect on Windows based computers or having them instruct 5 people who then go on to instruct 5 people each and so on. If that was to happen we would be spending all of our time fighting off attacks instead of doing what we are supposed to be doing.

Incidental have you as yet tried Service Pack 2 for Windows XP on a network wide installation yet? If you are like me I running into more problems with non core applications than is expected and while it can be argued that these applications are not important there are things like on line banking that have been found to no longer work. But I suppose it is unimportant if a company is unable to access their bank to pay you right?

What the problem here is not that the person in question actually broke so many computers but that he was able to with relative ease on a system that is universally accepted as the normal for almost all business and home users.

Do I think he did the right thing? **** NO!! But anything else is nothing more than a waste of valuable resources that could be better applied elsewhere. Remember the release of 2003 Enterprise Server? e where all told it was the most secure OS that M$ had ever built and that after extensive testing they had been unable to find any holes in it. But 3 weeks after its release there was a patch which was admittedly for IE6 was a problem for 2003 ES and I am certain that it was known about at the release of the product. Now if they had not have pushed the idea that 2003 ES had far better security for e-mail which prevented it from being altered/forwarded or printed without permission it might not have been such a big deal but it was one of their so called features in a core application that had a huge hole in it that has been patched numerous times since as well.

Currently we have M$ talking about "Trusted Computing" but how are we expected to believe them when we see such things happen in such a short time? Even SP2 was only available for a few days before other patches where required but SP2 was sold as a cure all for everything Windows XP.

They have a major credibility problem which they seem unwilling to address so I would want someone who was capable of breaking their OS's with apparent ease on my side rather than working against me making far more work for me to do.

Col

Collapse -

Credibility problem is yours

by wordworker In reply to Well lets have a good loo ...

To suggest, even in jest, that the little terrorist should be forgiven and integrated back into society, is absurd. To blame Microsoft for selling vulnerable systems is even more absurd. I can crack open the lid on a car's gas tank, so does that mean Ford should pay for a new engine if I pour sugar into the tank? Maybe the sugar cane processing companies will hire me for my advanced knowledge of sucrose.

Collapse -

20 to life

by Cheyra In reply to Appropriate punishment fo ...

Giving the criminal mind the green light to destroy because someone or something is vulnerable is acceptable? That?s ludicrous.

Is a terminal patient with internal cancer less ill than a bleeding arm for all to see? Because the damage isn?t visible to the viewer doesn?t make it less.

This person is responsible for an internal (to coin a phrase) weapon of mass destruction, costing companies and individuals world wide millions of dollars, not to mention the personal stress suffered for many.

This was an intentional criminal act. If 70% of virus infections for 2004 are his responsibility, then 70% of his life should be taken. Anyone with the intelligence to do this kind of damage knows right from wrong regardless of age.

I feel 20 years without parole, to life, would be JUST. In his case life!

Back to Malware Forum
20 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums