Slashdot Mirror
Arrest In The ILOVEYOU Case
jacobm writes "All the news sources- CNN, ABC News, Security Focus, CNET news, and everyone else on the planet- are reporting that a man in the Phillipines has been arrested in the ILOVEYOU virus case. It appears that the virus had identifying information all over it, which makes me a bit suspicious that this could be a set-up, but on the other hand, you should never attribute to malice what can be explained by stupidity." Update: 05/08 12:50 by J : Because you haven't yet read enough about ILOVEYOU,
read this (Gates opines that breaking up MS will lead to more viruses).
I believe the only true solution to Microsoft's abusive monopoly is to have at least three independent companies each offering their own compatible version of Windows. Each company could choose its own priorities -- adding features, fixing bugs, improving security -- and the market would decide which version of Windows suited its needs best, instead of the current arrangement where the market is forced to accept whatever Microsoft chooses to release. Have a look at some of the Windows 2000 features listed at "http:/ /www.microsoft.com/windows2000/guide/professional/ features/default.asp"; wouldn't you readily give up some of those new features in return for not having to worry about the next macro virus trashing your company's computers again?
Skeptics claim this would overly complicate the market, but I don't think it would confuse matters any more than having so many different versions of Windows already out there. They also say that this would result in many incompatible versions of Windows running around, but to that I say that any company releasing a version of Windows with compatibility problems would suffer in the market, so they have an incentive to strive for simplicity and compatibility... and, besides, how many compatibility issues are there between Windows 95/98/NT/2000 already?
Meanwhile, Microsoft is making noise about trying to appease the government by offering a version of Windows which merely 'hides' browser access, thereby demonstrating that they have no interest in legally recognizing their illegal tie of two products. They've shown that they have no qualms about breaking the law as long as they can defer or escape punishment (by tying it up in drawn-out courtroom cases); it should be obvious by now that any further legal restrictions on the company would be pointless, and that any 'solution' which results in a single company still being responsible for the operating system isn't a solution at all.
[...]
Who's really responsible for genetically-engineered virus? Conventional wisdom would blame one of these groups:
1. The virus author
2. Clueless victims
3. Microsoft
4. Public health systems
[...]
these are all wrong.
1. It takes one mad scientist to create a virus, there are 6,000,000,000 people on the planet. A policy of trying to dissuade anyone from engineering a virus is unlikely to be successful.
2. You can't really expect everybody to become a medical expert, they're unaware of the dangers until they've been hit. Also, not all viruses propagate through people stupidity.
3. Microsoft is only partly to blame. Their main crime here is encouraging user ignorance (you get your medical information form Encarta?).
4. Public health systems do what they can, but there will always be a trade-off between how much power the patient has and how much damage they can cause through carelessness. Also, goverments won't pay for the extra care unless they know it's necessary, ie illnesses will only be cured after they're extended.
[...]
Suppose the FBI manages to catch and prosecute almost every mad scientist who puts together a virus. A strong chance of getting caught will discourage legions of mostly harmless experimenters from trying out new viruses. This will certainly cut down on the number of weaknesses explored. Patient carelessness will steadily grow, security measures will become half hearted and forgotten, meanwhile reliance on body health will increase, healthy habits will be ignored. However, someone sometime is going to put together a truly effective, malicious virus. Even AIDS was not deliberately malicious, and furthermore only relied on a single propogation exploit. Without a constant flow of new viruses a dedicated team will be able to exploit multiple unguarded vulnerabilities.
[...]
Trouble is, this policy has left her child sickly and pitifully devoid of natural defences.
[...]
If you want your children to grow up healthy and strong they must be exposed to viruses. Instead of clamping down on virus developers, we should reward them. Encourage a legalised virus industry. Everybody periodically gets injected which would occasionally pop into existence with symptoms along the lines of:
HI, YOUR LEFT KIDNEY HAS CAUGHT A VIRUS FROM VIRAL INFECTIONS CORPORATION A CURE FOR THIS VIRUS CAN BE PURCHASED FROM WWW.VIRALINFECTIONS.COM AT $2 PER PERSON, YOUR ID FOR THIS MACHINE IS 239884623. THANK YOU FOR GETTING CAUGHT. WE'RE OUT TO HELP YOU (tm)
[...]
It's worth reflecting that the AIDS virus achieved far more in protecting society from careless sex, junkies and Third World people than the FBI could possibly hope to achieve. So a would-be author gets blamed for "billions of dollars" worth of damage, and gets a longer jail sentence than the average rapist. There is no way of directly calculating how much more money would have been lost if AIDS had arrived on the scene before smallpox.
[...]
Isn't cut 'n' paste great?
__
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
OK, so he didn't endorse it BY NAME...;-)
DNA is a Turing machine. You, however, being dynamic and emergent, are not.
If I were inclined to destroy the information on a HD, I'd (1) remove the HD, (2) drive several nails through it, (3) drop it in the nearest reasonably deep body of water, and (4) install a new HD. This process can be performed in fifteen minutes or less, not counting travel time, and works with any version of PGPwipe.
Before we accuse someone of a crime, we have to define what that crime is?
What crime did the virus author commit? How does this crime differ from companies placing hidden functions within their software (ie, spy-ware and delete-the-competition's-dll-ware)?
What I'm getting at here is that any prosecution of this fellow would require dragging Steve Case and Bill Gates into court also.
Aah, change is good. -- Rafiki
Yeah, but it ain't easy. -- Simba
That relationship would suffer because the Justice Department's proposal for breaking up the company would result in fewer innovations of Windows programs, he said.
The breakup order also would end improvements to the Internet software in Windows and cripple company efforts to develop a write-on tablet that allows notes to be transferred seamlessly to a personal computer, Gates said.
"The benefits of developing operating systems and applications software under the same roof will increase as new intelligent devices emerge over the next few years," he said.
Having read that, I understand Microsoft a lot more. It is hard for a company to consistently spout the same lies and ignore reality as consistently as they have--unless they don't think they're lying.
Microsoft doesn't see themselves as megalomaniacs trying to take over the world. They are here to help us.
Microsoft believes that the single worst thing in software today is chaos and incompatibility. They are trying their best to save us from it, and these damned Government nincompoops are getting in the way!
My honest belief is that Microsoft truly believes that the way to provide the best user experience is for one company to provide a unified suite of products, untainted by those of other vendors. They, of course, are in the position to do just that, providing that the government get off their backs and pesky competitors such as Linux, Netscape, and Java stop polluting the computing environment.
They believe the Devo quote: "Freedom of choice is what you've got. Freedom from choice is what you want."
To Microsoft, this isn't about billions of dollars. This isn't about market share, though market share is the best measure of how they are doing. This is completely altruistic, and is about giving the end user the best possible computing experience.
This sounds patently ludicrous to the open source/free software crowd that hangs around Slashdot. Here, the general belief is that open standards is all you need, and that competing implementations of these standards will provide better software. Unity of software is less important than technical excellence among Slashdotters.
The above may explain Microsoft's near-religious bullheadedness, and why Bill simply can't understand why so many people think that he is the Antichrist. We're starting from absolutely different base assumptions, and have completely different goals, and we both think that we are doing what is best for computing as a whole.
Personally, I think that he is reaching for quite laudable goals with entirely the wrong tools.
--The basis of all love is respect
First slashdot spelled "Terrance" as "Terence" and "Philip" as "Phillip". Now extrapolating from the latter, we find "Philippines" spelled as "Phillipines". We can do better, guys.
As for what the Philippines will do with the guy, I'd hate to be in his shoes. Remember, the Philippines is the country that is most expanding its use of the death penalty (whereas most countries are banning it or continuing to enforce it for certain established crimes like murder). Legislators in the Philippines have recently called for the death penalty for negligent ferry operators (in response to the recent ferry disastors there). Perhaps we'll soon see calls for the death penalty for billion-dollar-in-losses virus writers?
Back when the Philippines were a US colony, they were bound by the equivalent of the US's constitution, including the right against cruel and unusual punishments. My understanding is that the modern Philippines have moved away from such standards. It's sad, really.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
This is super funny, you _could_ think it was posted on The Union...
Thimo
--
Avoid the Gates of Hell. Use Linux!
"Such as virus writers":
Bullshit:
Sounds like another attempt to ship an intentionally crippled and broken product for the sole purpose of then saying, "see, we told you so": Bust them up! Any company so fat and arrogant that they feel safe making threats at their customers, the economy and the justice system needs to be spanked and put in the corner
Honk if you hate Microsoft
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
HI, THIS MACHINE HAS CAUGHT A VIRUS FROM VIRAL INFECTIONS CORPORATION A CURE FOR THIS VIRUS CAN BE PURCHASED FROM WWW.VIRALINFECTIONS.COM AT $2 PER MACHINE, THE ID FOR THIS MACHINE IS 239884623
Umm so lets get this straight. I write a malicious virus that encrypts every file on the system so you can't access them without knowing the key. I distribute this around the world and 1,000,000 people use it. I then charge them $1000 dollars a time (hey I'm allowing the fix out and I can name my price as they're buggered if they don't) to send them the patch.
This has to be just about the 3rd stupidest idea I've heard so far this month.
There is a name for the above mentioned "legalised virus industry" its called "blackmail" or "extortion".
People who write this stuff deserve to be forced to pay the associated costs of the damage they cause, and if they can't they should be declare bankrupt and sent to prison. There is NO noble side to virus writing.
An Eye for an Eye will make the whole world blind - Gandhi
Tasty Bits Technology Front has an easy kludge fix to disable all VBscript by editing a single Registry key. You could also use a similar approach to disable the running of most "active content" attachments. .reg file and you can run it by double-clicking it (such as an attachment to an email). Which brings up the question, how much harm could be done just by changing registry keys. The .vbs trojans accomplish alot of their mischief by simply changing a bunch of registry keys, including changing the default IE start page to the WIN-BUGSFIX.exe secondary trojan. Should we disable Windows ability to automatically install .reg patches?
By saving the fix to a
Work for Change & GET PAID!
Either this is a setup, either the government needing a scaprgoat, or the real author misdirecting the authorities...
... or this guy is the king of all idiots and desperately deserves to be caught and removed from the gene pool.
Okay, for starters, it's worth repeating that the security experts who traced the melissia virus think the REAL author is some German kid living in Australia.
But, if this Phillipine guy *IS* the author of the "Love Bug", he is desprately in need of a good bludgeoning.
Think about it for a sec. The media (CNN, AP, and Fox at least) was reporting ALL WEEKEND that "authorities" suspected him, but they could NOT get a search or arrest warrant because the courts were closed over the weekend.
Now, if *I* had done the "love bug", and *I* had a whole weekend of warning that the cops were coming on monday, I would have spent most of the weekend shredding and burning any hard copy of the virus code; and, more importantly, PGPwipeing every related file AND free space on my hard drive. Then I'd move my swap file to a new partition and PGPwipe the old swap partition. Then, for good measure, I'd prolly pull out the HD and give it a good round with a bulk eraser or speaker magnent.
Reformat, reinstall, and restore. No evidence, no worries.
With two days warning, if he left enough evidence that they really DID arrest him today, he's too dumb to breed anyway, and deserves to be caught.
All of which assumes, of course, that the cops are right, and the computer guys who trackes Melessia are wrong; which is, amittedly, a rathar dubious assumption at best, but WTF.
john
Imagine all the people...
From ABCNews:
The suspect was tracked down by locating the phone line that may have been used to inject the virus into the Internet.
Am I the only one that gets a mental image of a lurking figure with a big syringe sticking a needle into a router in the middle of the night?
Question: If Irene has confessed to writing the Virus why is her husband being arrested as well?
Now they just have to arrest the millions who actually spreaded the virus by executing unknown programs. This is data darwinism at its finest.
Would this include using Exchange and Outlook as your corporate electronic mail standard?
Okay. Please explain why it's microsoft's fault.
This was not due to any bug. It was straight, clean vbscript (analogous to mailing a perl script)
It did not execute automatically, unless users had their machines configured very strangely.
I could mail you a perl script as attachemnt that did the exact same thing. The only reason it wouldn't work is because you would be smart enough not to run it.
So. Blame the stupid users who, even though it's repeated over and over again, execute email attachments without thinking about it first.
Bill Gates complaining that a breakup of Microsoft would hinder fighting the I LOVE YOU-style email virus reeks of opportunism; instead of monoloplizing the industry, Microsoft should have been fixing their security-deficient products that are the root of the problem.
is there a real distinction between being detained and being arrested in the Philippines? i know there's a huge one here in the US, but i imagine the area might be a little grayer elsewhere. . .can anyone enlighten?
Well, I don't know enough about the facts of the case to even begin to judge whether this person is guilty or not, so I'll leave that whole hot-potato topic alone.
:-)
BUT I do know that this whole saga has proved a point that I've been shouting about for ages:
The computer world can be compared to the natural world. You need a good gene pool. If all of us had the same genetic make-up, we would get wiped out by the first new disease to come along. So why does the entire world insist on using the same software?
If everyone and his dog is using MS Windows and Outlook, then of course if a virus comes along which hits that combination, everyone and his dog will be affected.
The world is not a safe place if everyone uses the same thing. It doesn't matter if it's an MS app, or an open-source server, you have to have healthy competition. Diversity is the only way we can protect ourselves.
Usually, when I start off like this, people say "Oh, but I need to be compatible".
I say: "You don't need to run the same software to be compatible - just use compatible file formats".
Sorry if my ranting is straying off-topic; I needed to say it.
(Spudley Strikes Again!)