Why Worm Writers Stay Free
savaget writes "There is an interesting Wired article explaining why worm writers are getting scott free despite their destructive deeds." Nothing really new: overworked law
officials, bragging worm writers, you do the math ;) I still find it amazing.
The bandwidth wasted by a successful worm is gigantic. To say nothing of
time and disk space.
Pretty soon you won't be able to sneeze in a subway car without someone accusing you of biological warfare.
"It's not a war on drugs, it's a war on personal freedom. Keep that in mind at all times." Bill Hicks
As SirCam virus e-mails average 250kb per message, each month we pass over a gigabyte of bandwidth on this crap.
I wonder if its possible to approximate how many dollars worth of bandwidth and lost productivity have been lost to these kinds of worms. I don't see why the authors shouldn't be prosecuted more harshly. This is just large-scale vandalism that raises the prices for everyone else to make up for it.
Adversive
My cat's breath smells like cat food.
A criminal is, by definition, someone who commits a crime. Speeding is a crime. It doesn't compare to murder in severity.
Actions have consequences. We can (and should) blame Microsoft all day for their flippant disregard of security, but that doesn't mean these script kiddies aren't commiting serious crimes. What if a teenager broke into a factory and managed to shut it down for several hours. Would we be sitting around saying, "Oh, well, he's just a kid with too much time on his hands!" or would we be considering the fact that he cost the company thousands or millions of dollars. Well, Internet servers have reached the point where they can have as much impact on a business as the physical property and machinery.
We need to recall that consequences (and punishment) should fit the crime, not the criminal. A relatively harmless crime needs a small punishment (or possibly even just a warning), whereas a larger crime requires a larger punishment. Otherwise you end up with anarchy.
I don't want to see young kids pulling years of hard time for youthful indiscretions aided by bad security measures, but if there's no threat of punishment, then there will be no deterrent.
I wish it were possible to focus a little less on fuzzy IP issues (which are important, but the government is listening too much to the money and not enough to its own law, precedent, and common sense) and a little more on the fact that the entire global computer network is being bogged down by the actions of a small number of penny-ante vandals.
You are in a maze of twisty little passages, all alike.
Ages ago, there was something of a scandal in the news when a prominent anti-virus company CEO warned of a doomsday of a new virus or worm making the rounds. Of course, sheep bought the software, but nothing much materialized and the CEO resigned in disgrace after being accused of trying to create a market by scaring people, some people went so far as to suggest the particular company was actually the orgin of virii and worms. Wish I could remember who that was, maybe this is article alludes to it (the Michelangelo virus)
A feeling of having made the same mistake before: Deja Foobar
An interesting conversation I had with my dad went on similar lines. Consider this:
You are in a car accident, your fault. The other guy was wearing a seat belt and suffers minor injuries. You are charged with failure to control. You pay a minor fine and maybe do some community service.
Now consider your same action:
You are in a car accident, your fault. The other guy was not wearing a seat belt and dies. You are charged with vehicular homiside. You spend a few years in jail.
Your same actions caused two different events based solely on someone else's choice. Is it truly fair that you should be punished more severely for the second result than the first? The same situation exists in your example. You wrote some stupid virus that spreads, but doesn't do much more. Clearly, you're not a saint. However, because some putz in charge of the airport control system left out the patch, your "innocent" virus spread through the airport control system, and unfortunately DOSed it offline. This brought down planes.
Should you really be charged with terrorism when the intent was not there? Where is the responsibility for the other person who allowed this to happen?
I am of the belief that there is practically no piece of software that should be illegal. This includes viruses, worms, spamware and other software with no redeeming qualities. It's one of those slippery slope problems where you're banning certain types of speech, but it could easily get murky as to what was a worm or a virus. Some security software has just as much legitimate use as it has potential for misuse.
The only rational solution, as is the case with other "banning the tool vs. banning the act" problems, is to ban the act of dissemminating virii or worms maliciously. Banning certain types of software is an ill-conceived notion, just like banning certain guns.
Those who believe that software (in the US at least) is constitutionally protected speech may want to think twice if they believe virus writers should be prosecuted. Judging software based on its purpose is probably impossible - is deCSS a tool for piracy or for interoperability? Depending on who you ask, you will get 2 different answers. Is back orifice a security tool or a hacking tool? Is it a virus? Should the writers be prosecuted?
Virus/worm software does have redeeming educational value, however little.. it's useful for exposing vulnerabilities, even if it only shows that the end user is stupid.
So even though virii, worms, spamware etc. are a pain in the ass, I do support your right to create any type of software you like. The other alternative, banning classes of software, is actually more dangerous.
Note this has nothing to do with my view on copyright. Of course if you infringe someone else's copyright in your software you are breaking the law.