Slashdot Mirror
Maker of Kournikova Gets Wrist Slapped Too
shelflife writes: "This story
says 'It is the first time in history that the maker of a computer virus has been tried in the Netherlands -- indeed one of the few times it has been done in the world. Hypponen knows only of one conviction. A man was sentenced to 18 months in jail in the U.K. in the early 1990s. The man served 11 months, said Hypponen.' but that can't be true. What about Robert Morris? Anyway, the requested sentence is amazingly light -- 240 hours of civil service." The really interesting part is that this kid wasn't even a programmer. He just downloaded a kit. Shows how far this Virus Craze has gone in the last few years.
Finally someone in a computer-related trial gets a semi-fair sentencing. I'm suprised he didn't get $4,000,000,000 worth of jail time for all the "damages" he caused. I must admit, I'm a little suprised at the people who are not happy with the outcome of this trial..
---
evelakamatt
I guess I am really tired of hearing people say this.
Yes, Outlook is prone to leaving gaping holes to run these things through, but let's not blame the responsibility.
Someone, an IT Manager, a Network Administrator, a tech, has made the decision that their company, group or department will use Outlook. That is where the blame rests.
No one puts a gun to their head and forces them to use Outlook. No one. Someone makes the final decision.
In that decision there may be mitigating factors such as software investments, training costs, etc. so if they find themselves in a situation where they feel Outlook is their best decision they then need to protect themselves.
After the first Outlook specific virus everyone should have realized this simple fact: anit-virus products exist for a reason.
A good anti-virus product will override your email and not allow it to happen. Automated updates to DAT files can be handled locally or over the internet.
There is no use in blaming Microsoft. You blame the people who handle IT for the organization.
The really interesting part is that this kid wasn't even a programmer. He just downloaded a kit.
and
The defendant, Jan de Wit, turned himself in to the police in his hometown Sneek, Netherlands, on Feb. 14.
I would venture a guess to say that those are the reasons why he was given such a light sentance, and the fact that he was 20 years old. A little remorse goes a long way in the courts, and turning yourself in too usually helps to give a lighter sentance.
If God gave us curiosity
It's a light sentence, as sentences go, but it makes the whole process, from putting it together to serving the sentence, more trouble than it's worth in entertainment.
The reason lame modern viruses get written is that it's really easy; you put in very little time, and then get to hear reports about how it spreads: very little effort, a little entertainment. If he'd known that it would take 250 hours of work, he probably wouldn't have bothered.
The same goes for hacking websites: people do it because it doesn't take any real effort. If it took 250 hours of boring work that you can't automate, people wouldn't bother.
240 hours of community service is quite a bit, at least in my book.
Say you work a 40-hour week (days)...that pretty much only gives you weekends to devote to service. If you work 8 hours on saturday, it will take 30 weeks to complete the sentence.
Anybody want to give up 30 saturdays? I didn't think so.
The punishment is certainly less than what one might have expected, but I think this is a good trend, not a bad one. I'd much rather see these marginally troublesome white-collar criminals get easier sentences than ANY drunk driver or other violent criminal acts. So the virus is bad. Sure. Was there any loss of life? Was anyone maimed or psychologically traumatized (heh) over the incident? Hell - he didn't even try to steal information or money.
Punishments should fit the crime. What he did was not excusable, but a little perspective check is in order - especially after tuesday's events.
sedawkgrep
Is that a salami in my pants or am I just happy to be me?
"How long does it take you to reinstall your operating system? My personal system takes a couple of evenings for the basics and won't be right for weeks. "
Two words dude: Norton Ghost
Besides which as most any computer oriented person will tell you, backing everything up is most important.
The biggest security problem is failing to distinguish between opening a file and _executing_ a program. Remember when the standard line was, you cannot get a virus just from reading a message? That is still true, but Outlook (and Windows as a whole) deliberately blurs the line between reading information and executing code, so it's possible for users to become infected just by choosing to 'open' a document. Really Windows should have two different actions, 'open' and 'execute', but given that it doesn't, Outlook should at least make some effort to figure out those file types that are likely to execute code when run (.exe .com .bat .pif .cmd, maybe others) and warn about them. It's been a while since I used it ('Outlook 98 copyright 1997 Microsoft Corp.') but judging by the spread of worms it doesn't seem to have improved.
.exe attachments at the mail server). So it's hard not to class that as in some way 'deliberate'.
Another factor contributing to the confusion between files and executables is the 'user-friendly' hiding of extensions, as used by Loveletter (loveletter.TXT.vbs, or something like that). And of course there is no excuse for basic errors like buffer overruns - a few such bugs are forgivable in ordinary applications, but an Internet mail client really needs more care in design.
Finally, these weaknesses have often been pointed out and exploited for several years now. Yet Micrsoft never seems to do anything about them (apart from some kludge to drop all
-- Ed Avis ed@membled.com