Slashdot Mirror
Microsoft Offers A Bounty On Virus Writers
Iphtashu Fitz writes "According to news.com Microsoft will announce a bounty of $250,000 on Wednesday for information on who wrote two recent Windows viruses. The bounty is offered for information that leads to the arrest of the people who released the MSBlast worm and the SoBig virus. Microsoft will officially announce the reward in a joint press conference with the FBI and U.S. Secret Service Wednesday morning. This is the first time a company has offered money for information about the identity of the cybercriminals. Could this be the start of a new trend in going after the writers of viruses & worms?"
But this is ridiculous!
Well I find him...Untouchable!
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
Didn't The Borg try to turn the Enterprise crew against one another?
It's not that hard to deploy a virus and not get caught. There are so many open access points and people who forget to log off of an email account after leaving.. how would you track it?
--
"I'm not bright. Big words confuse me. But Wanda loves me and that should be enough for you." - Cosmo
If only I could find a way to plant evidence on Darl's home computer...
No disintegration! /darth
I did it, now give me the cash plz!
I offer $250'000 for the name of the person that
came up with the idea of the bounty.
--
"Why not instead invest in training your developers
to write secure code?" - anonymous
Tomorrow: $500k reward for writers of Linux or Apple viruses
It was me!
(Not really.)
Assassination Politics
Well that should up the stakes a bit for virus programmers to have a couple of thousand money-grabbing digital hunters on their heels as well. Better start coding that Bloodhound v 0.0.0.1
-.sig sauer-
Next up for microsoft's bountys: A VERY evil man who has cost them so much more than just downtime:
LINUS!
When life gives you crap, Make Crapade.
Sluggy Freelance.
If you cant fix the bug, just get rid of the bug writers, so that you dont have fix anything! HA!
A morning without coffee is like something without something else.
Or does Microsoft actually make money from spam? I seem to call they were not exactly a staunch supporter of anti-spam legislation recently.
UNIX? They're not even circumcised! Savages!
please keep your verbs in order.
The not-very-malicious worms that we've seen exploiting e.g. the NT RPC vuln are good things, IMO. They encourage admins to patch their systems, giving black hats less opportunity to do real damage.
they should invest the 250000 into their security team and fix the vulnerabilities instead of chasing after 13 year olds
I mean you would expect the l33t hackers that wrote the worms to tell a few close contacts...
I suppose we just have to ask the question, in the l33t hacker circles, is money or loyalty worth more?
...closer together.
Later in the same press conference, newly appointed Communications Secretary William Gates III announced that sale of all software in the United States will cease Monday, to be replaced by a Federally subsidised regime of nationally distributed software based on a uniform technology. In response to questions Mr. Gates indicated that the vendor supplying the software had not yet been selected, before laughing maniacally.
Read Pynchon.
There seem to be a couple of programs in Windows, I don't know their name, that shut-out competitors applications and routinely tunnel useage information back to it's headquarters. Not only that, but they seem to integrate with the system itself and mysterious de-configure my existing software. Strange.
They definately seem to be illegal, possibly even viruses; maybe I can get some payola from Microsoft for letting them know about them. Oh wait...
Comment removed based on user account deletion
"This is the first time a company has offered money for information about the identity of the cybercriminals."
Is this really true? It seems kind of unlikely.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
"I am the Law!"
i'm pretty they will never offer a reward for finding bugs in their software.
This just in! Windows users offer a bounty for Microsoft programmers that write buggy, insecure code that allows computers running Windows to be compromised by various virii! More on news at 11:00!
Devin
Take the money out of the developers who were responsible for the bug in the first place and there might be some incentive for MS code monkeys to write better code in the first place.
$25,000, hah. billy boy probably drives a more expensive car.
How about a bounty for successfully prosecuting the company behind the software that seems designed to aid viruses in spreading?
How many Outlook / IIS design flaws / bugs are we counting now?
Really?
All this demonstrates is that Microsoft (and, perhaps, the FBI) are dumbfounded and need to offer a monetary reward to determine who's the culprit. As far as Microsoft is concerned, that's not really a big deal; even as much as we all may hat them, tracking down worm authors isn't their business. But a joint press conference with the FBI?
Something tells me that:
a) The FBI has jack shit for leads (big surprise) and cajoled Microsoft into making this lovey-dovey announcement "for the consumers' benefit"
b) Both the FBI and Microsoft are embarassed to all holy hell about the fact that no leads have been forthcoming
c) The money is probably coming from taxpayers, not from Microsoft
d) Regardless of where the reward comes from, any success would benefit both Microsoft and the FBI
Just my opinion, of course.
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
And why should they care whether the real perpetrator is caught and punished as long as someone is and held up as an example to others. Knowing the way lawyers, politicians, tabloid newspapers and other tyrants work, mud sticks.
Stick Men
So there will be cyber-bounty hunters..even less scrupulous than cyber-invsetigators and all too eager to claim their prizes. It's pretty easy to frame someone in cyberspace. And if you point the finger at some teenager who happens to have been posting on a 'hacker' website, after planting some code on his machine, people would be all to happy to believe you...Before there was no incentive to do this... but 250,000 dollars...
NetInfo connection failed for server 127.0.0.1/local
ANYTHING that mixes Microsoft and government is bound to screw up something - After all, can anyone name two entities that have managed to milk people for all their worth and still claim to be in their best intrest?
I'd rather propose Microsoft to pay money for users who
download and apply securitypatch. Giving them, let me say,
$5 everytyime would be enough reason for users to
keep PC updated to defend from worm. Furthermore, it
would give Microsoft a reason to improve security quality.
Better software quality means less frequently security fix be
issued. Microsoft would be less damaged, at least financially.
Otherwise, as of now, Microsoft has no reason to improve
their software quality. Just to blame lazy users not applying
security fix.
In American football there is a defense called the "Prevent Defense". It only prevents one thing: the prevent side's winning.
just another media circus set up by Microsoft to show the people they care about virus infections.
They know they will never have to pay this money, because it' practically impossible to catch virus writers. These are people who take pleasure in knowing they brought down a few millions of Windows PC's around the world. They don't want to share that with anyone, so who'd know?
"Hell hath no fury like a hippo with a machine gun."
... so to help promote SP2/NX which is media wise being used to soften up the consumers to heavier DRM Technology.
MS to intro hardware-linked security for AMD64, Itanium, future CPUs which failed to mention BSD already using it???
Or does this mean they are looking for a fall guy?
I assume you mean the promotion of a Linux/Apple virus writing community. :)
Dear MS,
I am a virus writer and would be happy to sell you my virii. These can be purchased by depositing 250,000 USD in my numbered Austrian bank account. By doing this you will save future embarassement, and you can look through your wonderfully robust windows code and provide patches to it before a similliar virus is seen "in the wild".
I know this may just blow my pay day, but perhaps you could just write secure code in the first place? Just a thought.
cluge
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
I thought these guys are meant to be terrorists. $250k to give information leading to the arrest of a terrorist ? Not enough, I want $10m which I thought was the standard US terrorist suspect reward.
Its not even a figure Dr Evil would get out of bed for.
An Eye for an Eye will make the whole world blind - Gandhi
The virus writers have demonstrated on a headline-grabbing basis that Windows is inherently insecure. How will arresting the virus writers fix Windows' reputation for (in)security? There are other people out there who are just as capable of writing the next "killer" virus
Well, ask any doctor and he'll tell you it's better to cure a disease than to treat its symptoms. No virus writers means no viruses, which means no headline news virus alerts and scares.
Of course, the question is how much of the "disease" is the virus writers and how much is Microsoft itself with its sloppy approach to secure computing?
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
plus, fuddles'.con will get some mynuts won: patriotic, ?pr? ?firm? payper liesense stock markup FraUD execrable hypenosys, without spending a dime.
I'd like to spammers on FBI's ten most wanted list instead of this.
zWhat would an EWOULDBLOCK block, if an EWOULDBLOCK could block would? -- me
I imagine every single person on IRC will turning in their avowed rival. LOL.... thanks for the inspiration... i knew one day i was gonna learn something useful out of slashdot.
How about a $250k bounty on whoever at MS wrote the code that has so many silly security holes?
Radioactive cats have 18 half-lives.
What I find truly sad here is not that you have these ideals, it's that you have traded rational thought for them.
Every post of yours that is in your history is either a knee-jerk anti-capitalist diatribe or an exercise in name-calling.
You have these ideals, but you have no idea why.
That's the sad thing.
hehe, of course we know who wrote the virus: usloth! so which userf is going to get that early bonus this year for turning himself in?
sigh, what wombats.
shamefully neglected by Apple's Switch Campaign.
just don't give them any more monIE, & eveNTually they'll go away into bad history/hysteria.
be like making faulty baby bottles, & prosecuting/placing a 'bouNTy" on the babies who have/eXPose problems with them.
I don't really see anything diabolical here. Someone write a virus(s) that cost MS a lot of money and time. They want them to be caught, and so put up a substantially lesser ammount of money as a reward. It boils down one way or another that distributing a virus is a crime, whether it's against windows or not, and whether or not it causes them to fix a vulnerability. If you're really that worried about it i'm sure they wouldn't mind you simply telling them about it instead of costing thousands of completely innocent people hundred of thousands , if not millions, of dollars of non-MS money just to "get a point accross". It's not like I can call up the FBI, turn in some guy I don't like with no evidence whatsover, collect $250,000 and viola, he goes to jail and I get rich. There are rewards posted all the time by government as well as private organizations for info leading to the arrest of criminals. The only new thing about this is that it happens to be cybercrime instead of murder / kidnapping / burglary / etc etc etc... I'm sure i'll get flamed to hell for seeming to support an MS position, so flame on!
...and on his way to see Jaba^H^H^H^HBill in a rusty old spacecraft shaped like male genitalia.
for every virus- and wormwriter that caused problems on their virus-runtime-system called Windows, they'll have to file Chapter 11 in no time ;-)
In that case will one be not only able to claim bounty for *self but also get an employment offer?
Soon the sources for ramen worm will be most sought wares on the net...
The moon is not fully subjugated. I demand a second assault wave preceded by a massive nuclear bombardment.
Isn't this like the manufacturers of cars that don't have seatbelts putting a bounty on the heads of drunk drivers who crash into their unsafe cars, say, killing families of four in the process?
Yeah, it's all the DUI guy's fault, no product-liability here! In fact, we're really swell guys, closing the barn door after the horse got out and all..
It's a great PR move for people who don't have a sense of irony, which fortunately includes the majority of Americans, and Alanis Morissette.
SCO employee? Check out the bounty
This is a lovely bit of marketing. It deflects all blame for the viruses onto the writers, and implies that Microsoft have no responsibility here.
Don't get me wrong, I'd cheerfully beat the living daylights out of a virus writer on the basis that I can barely use my email now. Let's have an analogy:
You are a major company with expensive commercial premises. [You are a company who uses IT kit.]
You employ a security firm to look after your building. [You install an OS.]
Your building burns down because there were no doors and some bored teenagers wandered in and torched the place. [You get burned by a virus, and trust me, that costs business money in downtime and/or admins.]
Was the teenager guilty? Yes. Was the security firm negligent? Yes. Does going after the teenager mean the security firm is not negligent? Nope.
I'm rather bemused as to why a major business hasn't sued Microsoft over some of the security scandals this past couple of years. Much as I'd like to see it, I don't think any will really vote with their wallets; migrating desktops for plain ordinary business work (mail, Word, Excel) from Windows is never even discussed, no matter what the servers are.
My solution? XML document formats! Even if it's not XML, something common. Until we have that there'll always be a monoculture on the commercial desktop.
(For what it's worth, I bought Office on my Mac OS box. It's nice. I don't like Windows, but I don't object to Office at all, realising that LaTeX isn't for everyone.)
...hiring an army of testers and programmers in some 3rd world country.
Whats the easiest way yo learn about an OS/APP and so compromise it??? By working for the company in question of course - access to the source code!! I think it would be very funny if this turned out to be true. In any case, the person may have used to work for M$ or knew someone that leaked the source. Another issue This kind of behaviour (if it takes off) could change thew landscape dramatically. Let me put it this way.There are allot of people that could crack if they wanted too, but have a moral concern. With these bounties, they can use their guile to ensnare crackers. Honeypots could be used. I t may well be that the kinds of people that track down the creators of MS blast etc. are people that hack microsoft themselves!!, obviously they won't tell them that. We may start to see hackers infiltrating other hacker communities to betray them... It's all quite scary!
From a pure PR point of view, I do not know how it look in the US, but I am convinced that for european minds it sounds a bit too tough cow-boy style and corporate justice.
... but for computer virii ?
European people have a bad feeling when it comes to money and justice, and they usually have a very bad opinion of the people who sell their friends / neighbours / whatever.
This could be acceptable for child abuse or serious matter
Because we know these virus-writing punks can't resist bragging about their exploits in whatever low-rent Usenet hang-outs they frequent, it should be interesting to see if there is as little honor among them as there is rumored to be among thieves.
Script-Kiddie: "Dude! You turned me in to... to... Microsoft!?! That's cold!"
Former Friend of Script-Kiddie: "Sorry, man, tuition at MIT is a real bitch, yo."
S.K.: "MIT? What choo talking 'bout, MIT? You go to Westchester Community College!"
F.F.o.S.K.: "That was before I got this here letter of recommendation from my new sponsor, William H. Gates III. Hey, whaddya think of these new Birkenstocks? Too gay? I kinda think they set off my eyes pretty well, yo..."
S.K.: "Dooooooood....!" (As two big guys in MS-branded butterfly suits drag him into back of van)
F.F.o.S.K.: "Hey, look me up when you get out, man. By then I should be setting myself up in my own company and will be able to use a guy with your leet skills."
started to write a "viral" software back in 1991 when he was studying CS in Helsinki. It has infected both of my computers. MS Windows won't even boot on them. I know his name and contact info, so do I get the bounty?
Escher was the first MC and Giger invented the HR department.
"Next thing we know is that they go after the people that publish vulnerabilities, because those people help that people that write viruses/worms"
...
Well,
1. They already are after the publishers of vulnerabilities.
2. It is a criminal offense to write and release a worm/virus, otherwise the police wouldn't be after them
3. Offering a bounty is in their interest, serves their new policy (security),
I'll split it with you: I turn you in and you claim your computer was just an infected drone. When the charges are dropped we split the 1/4 mil, k?
A vacuum is a hell of a lot better than some of the stuff that nature replaces it with. - Tennessee Williams
Certainly the government has been doing so for a while, considering the various bounties for information leading to the arrest of international criminals and terrorists. Maybe corporation joining the bandwagon to do the same is the next good thing..
And remember, MS has ~ $50BN in case, so it isn't a big deal to them to put the money where their mouth is. In fact, $250K is rather cheap considering how much bad PR they got recently due to the attacks (that must have cost them $BN's in lost revenue from customers switching), so imho they cound't hope for a better use of the same amount if they tried to make up for the negative publicity some other way.
The problem is not many people look further than Microsoft products because they know no better, and the mainstream press doesn't do much to help this. Microsoft throwning money into the pot to catch criminals is unlikely to solve the problem, in the UK there's a lot of schemes that offer rewards for finding criminals, but although they often catch people, it doesn't seem to deter people. I mean we can't tell people in the UK that they can install new Windows and doors in their house and not bother to lock them, and installing an MS OS (and to be fair many Linux distributions) without doing a 'lock down' is just as stupid, but most people don't know how to go about securing their PC.
We know that other products aren't perfect but variety in software does do something to reduce the dramatic effect of these worms.
So the more people we can educate about alternatives to Microsoft products such as Mozilla Firebird, Thunderbird and Seamonkey (the app suite) will help to restore some balance and will hopefully reduce the number of email viruses. Commercial alternatives such as Opera should also be mentioned because although I think the interface is awful, other people like it and choice is good. Many home users just use thier computers for web browsing and simple documents, so Mozilla + OpenOffice would do all they need.
Then on the desktop you have various options as well as Windows, although unfortunately for most people they may be depending on it for certain applications. MacOS X is ok, but would require buying new hardware if you currently have an ix86 PC.
I was wondering, does anybody have any first hand knowledge on whether or not offers like that work at all ? Not necessarily meaning computer field and viruses, but simply law enforcement as such ? Example: there's been a HUGE prize on Bin Laden's head, but has he been caught ? Otherwise it only makes news.
I like my outfit, it's inexpensive, but cool -- April Ryan
Bounties, Bounties everywhere,
...
....
....
And I am loosing my Counties of how many there are.
Every Mountie must now be getting this idea,
that if they can't catch the Evilers Dead or Alive -
Make an Announcie of "X" Million Dollar Reward.
X is 25 for Osama, and 0.25 for MSBlatie,
10 for Saddamie, and 10 for his baby boys.
Some you will catchie and some will get away.
No Osama, but M$ might catchy MSBlastie,
No Saddam, but they got his progeny.
When will someone get the idea,
of Putting up X for the Lunactic,
or X for the Dubya who sammed the Iron Door shut,
or X for entry into the Pearly Gates
so that friendy turns on friendy,
and all Evilers become suiciders and deadenders
leaving rest of the worldie as a nice place,
when friends have turned on friendies,
and hacker on hackers,
and evil file sharers on eviler file sharers,
when Open Source Nigerian Scammers
have turned in their Princeton buddies
what is left of the world,
I hope I am not around to see
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
People have been starting to see Microsoft as a vendor of poorly-written, insecure software. What this offer makes people see is that Microsoft is just the victim of evil criminals. And you can never blame the victim for the crime...
Finally! A year of moderation! Ready for 2019?
..to leave out my comments, version number and author contact details on any new creations.
This is just SO unprofessional.
1) Claim to be the virus writer
2) Get $250k
3) Bail yourself out of jail
Wow! Profit at stage #2 and no ???! This *has* to be a good plan!
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
Come on, in the scheme of things $250,000 is not an awful lot, especially to a company like MicroSoft.
Morals or no, most people have a price. Had they made it something a little more interesting, say in the $1,000,000-$5,000,000 range, most everyone involved would shop their friend/brother/business associate.
If some of the recent spate of viruses were funded and unleashed by organised crime/spamming syndicates (as some have conjectured), do you really think anyone will risk being found at the bottom of a river in a fetching pair of concrete boots for 250,000?
I am NaN
Given that the Sorbig virus has been linked to spammers, finding the person who wrote the virus might be a blow against spammers as well. Any trial will be well publicised and having the public connection of spammers==virus writers==evil hackers (yes I know the proper term is crackers, but this is public opinion I'm talking about here)==terrorists could be a big blow against the reputation of spamming so that it is no longer seen as just an annoyance but something potentially dangerous. This probably won't bother the spammers so much but it might help get legitimate companies who hire them give the whole email marketing process a second thought, especially if any connections come up during a trial. "Trial: Virus used to advertise for Company X." "Virus writers hack computers to advertise for X" does not sound good for Company X on the front page. At the very least it might make them more careful about who they hire and who the people they hire outsource to (as I'm sure there will be so much outsourcing something known as "plausible deniablity" will be used).
And a connection in the public consciousness between spammers and hackers who write viruses might give a bit of impetus to the government for harsher anti-spam laws. I mean look at anti-hacking laws vs anti-spam laws. Which one has more teeth and are tougher?
I now claim responsibility in the name of the Semi-Conscious Liberation Army!
...who really know how to write secure code instead of offering Bounties. You get two quality coders for a year for that price.
Alex.
You look like a million dollars. All green and wrinkled.
I know you're just trolling, but unfortunately a lot of people really believe this. It's like blaming homeowners for burglary.
"Ask not what your country can do for you." --John F. Kennedy
This reminds me of O.J.'s promise not to rest until he personally found the real killers.
Cantankerous old coot since 1957.
REDMOND -- Stuck in the unenviable situation of "we have too much cash and we don't know what to do with it", Microsoft today unveiled it's new "Window$ $ecurity $trategic Re$pon$e", which added new meaning to "throwing money at a problem..." and the often-used monkier "Micro$oft"
Or maybe the virus writers will have a field-day deploying the virus' via innocent third-party trojaned PCs, and then point the finger at the owner of said PC. A quick way to make a quarter mil.
Rediculous, but possible I guess. *sigh*
There are 10 kinds of people; those who know ternary, those who don't, and those now hunting for a dictionary.
1. Get Cuban nationality
2. Send proof of me guilty to M$
3. Profit!
Do they want them dead, or alive?
Lisp is the Tengwar of programming languages.
In a country such as Laos, people earn about $75 a month... or $900 a year... if they work from 15 until 65 they will earn $45,000 in their life forgetting the fact that they are extremely unlikely to have work all the time.
So it now becomes a career move to write a virus, get your own brother (or someone you trust) to hand you in and collect the money. You do your time in relative comfort and your whole family is rich (comparatively)...
I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
Don't Microsoft realize what a stupid idea this is? How many people are going to sit down tonight and write their own viruses, then hand themselves in at the end of the week? Sometimes, I wonder what they're thinking. Oh, wait... Nevermind.
This idea is about as retarded as saying that:
- throwing stones through people's windows is good. It encourages them to buy bullet-proof glasses before a real thief breaks through that window.
- lockpicking into someone's house and spray-painting their walls is good. It encourages them to buy better locks, giving a real thief less opportunity to steal stuff.
- poisoning the neighbour's dog is good. It encourages him to get a dog which won't wag its tail when a (potential) thief throws him a piece of meat.
- keying random people's cars is good. It encourages them to park those cars in proper park houses, where presumably a real thief would have a harder time getting away with their car.
And so on, and so forth. I'm sure you get the idea by now.
Basically, no, there is no proper excuse for vandalism. Neither in the proper world, nor in the IT world. And just as any judge would probably just have a laugh if someone pulled the retarded excuse "but the lock wasn't 100% secure, so it's not my fault" in a break-and-enter trial, the same should apply to breaking-and-entering someone's computer.
And if you do go around keying cars or flooding the net with RPC exploit packets, no matter how well intentioned you are, I do hope they throw you in a nice jail cell, with two convicted anal rapists as cell-mates. Yes, that same heartfelt wish goes to whoever thought that an RPC patching worm is a good idea.
A polar bear is a cartesian bear after a coordinate transform.
This sounds like a great idea to get funding for all the open source projects out there! First write a virus while telling the community how to patch against it, then cash in the 500000$ and get coding on the real stuff.
I'm not trolling.
When somebody would install a big red button in the middle of a highway with a sign saying "pressing this button lets explode 1000 atomic bombs" and somebody would really stop and press the button, who would you blame: the one that installed the button or the one who pressed it?
Felix von Leitner wrote an excellent article about this general problem, unfortunately it's in German (use the fish for translations):
http://www.fefe.de/iloveyou.html
It's about the ILOVEYOU virus, but generally the same kind of problem.
A monkey is doing the real work for me.
Slightly off-topic, but related to what you said, this is part of a recent journal entry I made.
I don't think most people who bash Microsoft really know, cognitively, why they do it. But there is a social dynamic in effect that causes people to resent, and therefore attack, what they cannot quite understand.
Most people imagine that the United States is a democracy. Others will correct them and say, no, it is a republic. Both of these are really a statement of expectation, not actual fact.
The US is in truth a plutocracy. Firstly, the freedom of the press is only truly open to those who can afford to publish. The emergence of mass media in the 20th century further centralized the primary means of communication in a small number of corporate hands. That person or corporation with the most power, in economic terms, can "speak" with the greatest volume.
The Internet has lowered the barrier to communication, and is the leading edge of the revolution (see, it's not being televised, is it?) in terms of giving a greater and increasing voice to those with the greatest persuasiveness, rather than those with the most financial means to promote their message. What will hopefully emerge from this process is a totally new form of government, a meritocracy. In my opinion, music will be the greatest power. Some might suggest pornography will rule. Much of what goes for popular music today (given current media) is some combination of the two.
In the meantime, and returning to the subject of this journal entry, the company with the greatest financial clout in the world right now is Microsoft. Moreover, the company is controlled in large part by a single man, William Gates III. What he says Microsoft will publish, they will publish. When he wants to back a candidate for office, he can ensure that candidate will have the full power of the press behind him.
I am not trying to say that Gates is a bad man, only that he is a man who controls the largest share of the liquid assets which confer power. There are many other wealthy individuals and families, some of whom probably resent Gates. His power is counterbalanced by the old money still very capable of exercising their power.
If my thesis is right, and this is a plutocratic system, then Gates is nominally the king, with no hereditary right of succession as such, unless he can prolong his wealth into the next generation.
Thus the GNU project, and associated free software and open source projects, originally aimed at AT&T, has become a loaded gun pointed at the king himself.
Peace and love, y'all
No, I suspect he does mean the 'bug writers' (ie those who codes for MS). After all, we are on Slashdot, and the prevailing opinion here is that whatever is wrong with anything on a wintel-boxen, it has to be the fault of Bill Gates and his evil empire. Newest game wont run on your four year old machine? Blame DirectX, and hence MS. Lost your files in a harddisk crash? Off course that has to be because of the FAT32... which is a product of MS. PSU blew up? Must be because of buggy code in NOSMOKE.EXE ...
Blaming MS for the fact that people write viruses for wintelboxes is like blaming those who make doorlocks for burglary. People write viruses that attack wintel-boxen because wintel-boxen is what there is most of, as well as the fact that most of them are run by Joe Avrage who knows zip about security. Had *nix been the most prevailing system, then people would have written more viruses for 'nix.
Blaming MS for making an OS thats easy to break into is another matter - that would be simular to blaming locksmiths for making doorlocks that are easy to pick.
Everything in the world is controlled by a small, evil group to which, unfortunately, no one you know belongs.
It's about time corporate America got involved hunting cybercriminals. Money talks. I for one welcome their decision.
By offering a bounty on their heads, they only serve to increase the status of worm and virus authors. What was once the loserdom of the script kiddie community is now glamorous.
Now consider what this means to their "secure computing" initiative, how the frustrations from dealing with this shit can make people more accepting of their draconian security measures. Consider the financial benefits of "digital rights management" that they can only realize after the hardware and software is locked down.
You can imagine the conversation that lead to this, like something out of "24" or the Bush administration: Lets allow, no, lets *encourage* a virus 911 so they'll let us lead them to safety!
$250K come on. Phalease. Thats not even one drop in the proverbial bucket for Micro$oft. See this for what it is, nothing more than a media grab.
This will get lots and lots of press and generate hundreds of 'leads' each of which will need to be tracked down, wasting the FBIs time. In the meantime M$ looks all nicey nice, like they actually care or something. I would be very very surprised if this actually has any effect on virus writers, the number of viruses, or how effective the FBI is.
- SR
That's horrible. Is that supposed to pass for a poem or something? First, the rhyming is terrible, the rhythm is awkward (one line is followed by another line with more than twice as many syllables), it's full of nonsense words (what the hell does "catchie" mean? My spell checker doesn't seem to like it, and Merriam-Webster doesn't seem to have a clue either), and it contains no detectable humor.
after all, most of them use email? &/or dislike the felonious kingdumb of payper liesense softwar gangster execrable?
they would probully do the same thing for/to you?
whatever it takes to make US safe for the fraudulent ?pr? ?firm? hypenosys, georgewellian fuddite bullshipping industrIE?
If they put really valuable stuff in a house without doors or windows and painted a sign outside it saying "Please do come in and take whatever you want", yes I'd blame they homeowners after laughing at them.
1. Write a virus
2. Include some obvious spelling mistake your foe regularely makes
3. send out via cybercafe, aol temp internet connection, wha-ever strikes your anonymous bone.
4. Be a Rat
(5. Profit!)
Gr "/Dread"
then it isn't a secret.
The only thing necessary for the triumph of evil is for good men to do nothing. --Edmund Burke
But it's more like if I take all my valuable goods, stick it in a box, put it in the middle of Central Park and then go home. Sure, in a perfect world, I could count on it being there when I get back tomorrow ... however in reality no sane person would.
Really putting thirteen year olds in prison for longer than they've been alive isn't going to solve anything.
ustr: Managed string API with ave. 44% overhead over strdup(), for 0-20B
while i'm no big fan of M$ as most here, i think this is a good idea. Especially the Sobig virus author is becoming a menace. So making him watch his back, may set back the release date for Sobig.G.
Please be aware that the Sobig viruses were written with a comercial interest. Putting a bounty on their arrest something worth considering and in line with all ethical codes i know.
As the Sobig author pobably has his roots in the SPAM community and they would sell their next-of-kin for half price their, i guess the chances are quite good.
Regards, Martin
P.S. Putting 250 K$ (better M$) into R&D for more security would be good thing too.
If MS offers this 250K, they are actually indirectly donating 250K to the FBI. I don't know how independent the FBI is/should be (I'm not from America), but to me this doesn't seem to be a very healthy situation.
"Most people imagine that the United States is a democracy. Others will correct them and say, no, it is a republic."
...)
Yeah, I know these kinds of people, and it's usually someone who has their main political experience from playing "Civilisation".
(Although it seems the US doesn't get as many unhappy faces for going to war as other nations
To have democracy is to be ruled by the people. When a nation is a republic it just means there's no king/queen/tsar/other hereditary figurehead or ruler.
Nepal is not a republic and doesn't have democracy.*
Great Britain and Denmark are democracies but not republics.
China is a republic but hardly a democracy.
USA, France and Germany are all democratic republics.
For instance.
* Actually I don't know how much is left of their royal family, there was some massacre I think.
xkcd is not in the sudoers file. This incident will be reported.
See my journal, I write things there
I am glad that M$ has finally decided to not only take the near non-stop parade of serious flaws in their OS seriously, but attempt to do something about it. What is disturbing is the fact that they have chosen to take of things AFTER the fact and react to poor decisions to begin with. It's great that a message is being sent out to the script kiddies who know just barely enough to read through bugtraq and security sites and slap together chunks of code they barely understand. This may curb some, but by no means all if not push things to the next level of cat&mouse and force new more creative ways to unleash slop code upon the masses of clueless users and admins.
A proactive use of chunks of chump change like that would prove much more useful. For instance, use $250,000 - $500,000 to hire a few security ananlysts and a few programmers to find, proove, and relay to the main codemonkey department security risks, flaws, and unstabilities that could be exploited. Not only would this save them face, but it would give them a chance to fix things in house and put out patches in updates for a short time before releasing the information. It would also show to the public they so heavily market themselves upon and the corporations they try to bully that they are indeed serious about security and not just serious about cleaning up a mess that was not cared about until it showed somebody's fecal stained undies to the world.
-1 Overrated (Too many big words for me to comprehend)
I bet McAfee is shakin' in the their boots. It's gonna look bad when the FBI finds out they wrote those viruses.
© 2004 The SCO Group, Inc. All Rights Reserved.
had better make sure their paper trail gets covered. Aw, C'mon now, everyone knows that McAfee, Symantec, etc, all pay kids to write viruses to keep the money coming in!
It's the same game the radar detector companies play, supply weapons for both sides and encourage it!!
-- I am. Therefore, I think!
Actually, you're a troll.
-- I am. Therefore, I think!
While don't get me wrong, $250,000 is a lot of money. If MS was really serious about this they should invest about 10x that into either a) going though all of their code with many many coders and stomping out every bug hole they can find even if it is at the expense of some "features" or b) offer that much up as a bounty.
Either way, if your MS with pockets full of cash this seems more like a PR stunt (aka cheap way) to try and fix their problems than any real type of effort.
Really, I know what I'm doing...Ohhhh, look at the shiny buttons!
What if the worm author turns himself in.. to the cops? Will he be allowed to keep his bounty ?
The bounty is offered for information that leads to the arrest of the people who released the MSBlast worm and the SoBig virus.
:)
They are both worms, not viruses (alright, technically, worms are a subclass of viruses, but its still incorrect to call them viruses when they are worms).
Virus = code that replicates to files without user authorization.
Worm = code that replicates to other computers without user authorization.
They only offer the money if the person who wrote it is arrested. If these worms originated from China, Brazil or Indonesia, I'm pretty certain no-one is getting arrested. There are still more countries that doesn't have a law against writing viruses/worms, than countries that do. Hence, if you're turning in the author(s), make sure they are in a country where its illegal to write worms, or you're just setting yourself up for some asswhopping
Wanted "Virus Writer", $250,000 Reward, Dead or Alive, Preferably Dead.
I wonder what strings are attached. MSFT attacking Virii only? Any statute of limitations?
Where's that Morris guy hang out these days?
...but this can only be a Good Thang. More crimes are solved by snitches than any other way and making it profitable to snitch will have a positive effect. Thank you, Microsoft - for once!
More like blaming people who build houses with inferior door locks for burglary. Most crimes are crimes of opportunity - if you make something so easy to break into that the world and his dog could do it, don't be surprised if the world and his dog break in. Of course, the sensible thing for people who buy such houses to do might be to improve the locks, fit a burglar alarm, erect a wall around their property, and hire a security firm.
Windows users can put a firewall between themselves and the net (preferably a dedicated firewall machine, running OpenBSD or a specialist Linux firewall distro), install an intrusion detection system, install virus scanners and spyware detection software, keep their OS patched up to date as far as possible, and hire security specialists. It's still the same old house, but a lot more secure. Which isn't to say they'd not have been better off starting off by buying a fortress, but it's better than sitting in a vandalised room moaning about it.
How the hell to you get rated "Score:2"? If a government designed a virus to infect people with a certain "flaw" in their DNA... is it the persons fault for having the flaw or is it the damn designers of the virus.
www.thejulingtoncreekplantaion.com
...turn in my own grandmother...
so would that 250K be in cash, or in Microsoft's favorite currency, vouchers for Microsoft Products??
"Our funds have never taken part in toxic or death spiral convertible financings of any sort" -BayStar's managing partne
We plan on offering 250,000 dollars to anyone who FINDS a security exploit in windows and reports it to us without utilizing it. Oh wait they don't have enough money in the bank. Seriously though it is ridiculous now that people are forced to silently submit security exploits to windows for fear of being prosecuted. MS is just beating around the issue, trying to make themselves look like heros whenever they catch the bad guy.
We're not talking about a big red button here, we're talking about obscure little bits of code that allows people WHO LOOK FOR THEM to exploit whatever the poorly-written code allows them to do. It's not as obvious to the casual observer as you would have everyone believe.
"Ask not what your country can do for you." --John F. Kennedy
Knowing microsoft they will just spank them and then try to hire them for some eleet new microsoft security project.
...ultimately, you'd have to backtrack the spread of the worm.
A first start would be for the federal agencies charged with cyber defense to set up a network of boxes across the internet awaiting "infection." Such a box should be able to determine the time, source and type of attack. The resulting logs would be examined to determine, hopefully, the first stages of such outbreaks. From this information and preliminary "tests" of such attacks as SoBig potentially, a source can be indicated.
This can only provide a loose net with which to track the spread of such activities and has a low likelihood of actually catching the originating source but there is a chance that additional clues could be pasted together to form a better picture.
The next level would be for citizens to volunteer their machines for the purposes of catching the spread of these worms. This would involve a public effort of creating a TRUSTED daemon that would intercept and log significant bits of information regarding the spread of such worms. This would tighen the net significantly though privacy issues would arrise... I recommend an open source initiative for this P2P client/daemon.
With such a tool, we could actually come pretty close to zeroing in on the point of entry these worms take.
It's not a complete answer, but it's a start. I don't feel bad about the idea so long as the citizen clients are open source and can be thoroughly examined by experts in the field not to contain "extra" code.
Microsoft acted grossly negligent by leaving a number of serious security flaws open and unfixed, and that was my point.
A monkey is doing the real work for me.
I've used Windows for a long time, and never once have I seen a button or anything that says "Click here to disable every computer on your network" or any such thing.
A more appropriate analogy would be a house whose doors and windows are locked, but the padlock on the old cellar door is rusted to the point where a burglar who is looking for a way in may be able to break it.
Sure, does some responsibility lie with the homeowners to make sure their locks are in good shape? Yes! But let's blame the real criminals who commit the actual break-in.
Crackers and burglars seem to equate poor security as an invitation, but that doesn't make their actions any less illegal.
"Ask not what your country can do for you." --John F. Kennedy
In particular, Microsoft would like to locate and permanently detain the individual responsible for the treacherous malware program called "Linux." This highly dangerous program causes Windows to not be present at all on any infected computer! Since, as Steve Ballmer keeps telling us, every time you fail to buy a Microsoft program, God kills a kitten ... Microsoft is offering a large bounty to find the author of this "Linux" program.
God Bless Mom, Apple Pie, and John Ashcroft! Preseve the American way of life! Find and destroy the evil virus writers!
Tired of FB/Google censorship? Visit UNCENSORED!
...for framing their enemies. In another stunning development, worlds biggest Spammer collects $250k from Microsoft for turning in author of SpamAssassin. ...or...
Local Kinko's manager arrested for releasing SoBig virus. "No need to look any further, we have our scapego... er... virus author." Says MS Spokesman.
666-607: 6th floor apartment of the beast
This bounty is just a PR game to distract from anti-trust, patent violations, anti-competitive fines, security fines. Microsoft's executives and other investors have had enough time now to dump their stock. Game over.
Mind you, some conspiracy theorists also claim that the world is ruled by alien lizards, so I think it's fair to take what they say with a pinch of salt.
:-)
... but it has certainly been exploited in analogous ways by the FBI and the secret service to grab unprecidented power in the United States).
... their theory, while quite possibly false, is certainly worthy of consideration, particularly given the amount of historical fact that illuminates similiar behavior by Microsoft in the past.
Yes, but they aren't the same conspiracy theorists.
On a serious note, folks on slashdot (and indeed, people in general) tend to equate all types of conspiracies (and conspiracy theories) and lump them together...somehow equating Enron with the X-Files, at least until Enron is exposed publicly (then, for some reason, people are able to grasp the difference). This is a real problem, because it means that people will live in denial of real-world conspiracies that are taking place (e.g. Monsanto's conspiracy to dump toxic waste into the rural groundwater of the deep American south in the 1990s, or the current SCO conspiracy to defraud their investors and steal the copyright of thousands of software developers around the world) by dismissing them in their minds as no more likely than alien invasion, UFOs in storage at area 51, or silent black helicopters hovering overhead.
We do know conspiracies exist, therefor, it logically follows that some conspiracy theories are likely to be not out in left field, but rather quite correct.
We know as a matter of historical record that the Nazis conspired to stage a "terrorist" act against the Reichstag as a prelude to a coup d'tate, however, listening to the "conspiracy theorists" of the time would have been like listening to a conspiracy theorist today claiming that 9/11 was staged by Baby Bush (it obviously wasn't
Microsoft has a history of conspiring to do dishonest and disingenuous things that directly (and illegally) harm and coerce their customers and their competitors, indeed, they have been convicted of doing so on numerous occasions (the DOJ anti-trust trial and subsequent sell-out being only the latest example). A conspiracy theorist pointing out a economic or tactical political advantage Microsoft might gain through ill-behavior toward its customers is not out in left field
So IMHO it is a mistake (and disingenuous) to equate actions by Microsoft and the copyright cartels that directly threaten our digital freedoms, and the conspiracies that do in fact drive these agendas (even if said conspiracies have the most banal of motivations: greed for cold, hard cash), with tin-foil hats, ghosts, and UFO sightings, as is so often done by the apologists of such groups.
Expressing concern about corporate or government malfeasance (conspired or not) isn't even remotely analogous to X-Files-like nonsense, and it is time we stopped allowing sceptics to use dishonest means (equating suspicion of the Reichstag burning ^H^H^H Microsoft's exploitation of their woeful security record to political advantage, with suspicion of Alien Lizard ruling the earth) to denigrate those who do express such concerns.
The Future of Human Evolution: Autonomy
Maybe Symantec will offer $250K for release and aquittal of virus authors -- It looks like a good business model to me.
If you're really determined to blame someone other than the writers of these worms, blame the lazy sysadmins.
"Ask not what your country can do for you." --John F. Kennedy
I would rather use my money to search for the inventor of the blue screen.
This person has done more harm then the poor viruswriter they are chasing!
G.
My guess is that Microsoft will never pay anything to anyone. Once Microsoft finds the name of a person who wrote the virus, that person's name will be given to the police. Microsoft can claim they got the information somewhere else. "Oh yes, you were the 110th person who reported the virus writer." To use your example, Microsoft won't pay, and the family in Laos will be powerless to compel payment.
It seems likely that whoever admits he or she had knowledge of the creation of a virus will be arrested and jailed. That person certainly won't get any money.
Another guess is that the bounty is an idea from a P.R. person associated with Microsoft, someone who knows nothing about technical things. He probably said, "We can shift the blame from Microsoft to the virus writers by offering money. We'll get a lot of free publicity." Instead, the bounty will encourage people to write more viruses. Virus writers will say, "Wow, fame! I wonder if I can write a $1,000,000 virus."
The bounty will cause a lot of news stories to be written. Those stories will correctly identify the viruses mentioned as Microsoft vulnerability viruses. That will cause much more than $250,000 worth of damage to Microsoft to Microsoft's reputation. (If that is possible.)
What the story doesn't mention is that it shouldn't be necessary to offer a bounty. The real story is why doesn't the United States' FBI federal police investigate the crime? The bounty provides publicity for the fact that virus writers aren't caught unless it is very, very easy to catch them. Look at this story: FBI arrests MSBlast worm suspect | CNET. Here is a quote about a teenager they caught:
"Parson also admitted that he renamed the original 'MSBlast.exe' executable 'teekids.exe' after his online name 'teekid.'"
In the story, law enforcement is quoted as saying, "We believe he is a key and significant player..." Here's another quote about catching the teenager who simply renamed the files after his own name: "I wouldn't characterize the work as being easy,
If anyone from Microsoft reads this, I suggest that whoever promoted the idea of a bounty be fired.
How the hell to you get rated "Score:2"?
That is called "good karma". When you exceed a certain karma, you get a karma bonus of +1 for every posting.
A monkey is doing the real work for me.
...that it's more cost effective to pay out bounties and scare virus writers into not exploting their security problems then it is to actually fix the code in the first place.
Scene: an interrogation cell in the Redmond Police Dept., shortly after the arrest of the virus writer.
Dramatis Persona:
Skip Kiddie - the alleged virus writer.
Sgt. Fritz DaMan - a police officer
Bill Gates
Skip: 7h!$ $u><orz! 1 d!n`7 dew 7hj!$!
Bill: Sargent, could you go get me a glass of water? For your troubles (hands Fritz a bundle of US$100 bills).
Fritz: Sure thing, Mr. Gates! You know we are all here to serve you! (Backs out of room, bowing)
Bill: OK, sparky, here's the deal. You have a choice to make. One choice leads to a chushy job, lots of pay, and a long life. The other leads to years in "the pokey" being pounded in the ass by convicted felons.
Skip: 0K, !'m 1!$73n!n9.
Bill: How'd you like to write viruses for Linux?
www.eFax.com are spammers
All this will do is send our valuable virus-writing jobs overseas, as domestic virus writers will be afraid of being caught.
-- Fratz, human
It's Microsoft's job that something like this doesn't happen in the first and if it does happen that the damage is kept minimal. That is called "quality assurance" and "good operating system design", two subjects where Microsoft seems to have failed.
A monkey is doing the real work for me.
...and threaten to sue everyone who uses Outlook Express or Outlook for perpetuating the virus!
My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
* splitting the money into 100 parts of $2500 each
* Giving the money out to the 100 first unique reported remote vulnerabilities
* Actually fixing the vulnerabilities
Now that would improve security, as well as give people an incentive to report bugs instead of exploiting them in worms etc...
Better yet hack the computer of someone you don't like place source code for the virus on the computer. And erase all traces of the virus include source from your computer. Turn him in He goes to jail and you have 250K.
...shifting attention from the fact that their operating system contained critical flaws that allowed the worms to flourish to "they shouldn't have exploited them."
So... it looks to me as if (of course Microsoft is piloting the program) software security is no longer an issue. You can write as much crappy code as you want, leave it full of swiss-cheese-like holes, and then offer up bounties and prosecute those who actually take advantage of them.
Strange... this sounds an awful lot like the "if I don't lock my front door and someone breaks in, should I prosecute them" conversation I had a week ago.
Anyhow, $250k is a small price to pay for a little diversion. It also makes the blame game a lot easier to win... you know... if you're a total idiot and don't see what's going on.
Now if you can prove in civil court that, despite your best efforts (patching servers, closing non-essential ports, etc.), your machines were compromised and damage was done, I'd say you had a good lawsuit.
"Ask not what your country can do for you." --John F. Kennedy
I can just see the Cowboy Bebop episode based on this bounty. How many planets will be destroyed as they hunt for the virus writer? And will it ultimately turn out to be Ed?
If telephones are outlawed, then only outlaws will have telephones.
would you nark on someone for $250,000?
Some people have done this already. It's called a Honeypot. You put up a machine either with nothing of importance or with faked material in order to attract people to try and break into it for the purpose of figuring out how they are doing so. Paul Robinson <Postmaster@paul.washington.dc.us>
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
I wrote the MsBlaster and the entire SoBig series! I'll plead guilty! who will split the bounty fifty-fifty with me?
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
All they have to do is find the program with the serial number on YOUR computer...you say you downloaded that of a warez site...I'd be thrashing stuff right now dudes. They'll get 'cha for virus writing or pirating software....take your pick now!
Okay, I'm offering $250,000 for anyone who can bring me a version of Microsoft Windows that is not full of security holes, bugs, and functional flaws.
"Ain't I a stinka..." - Bugs
I personally do not 'hate' Microsoft, and I agree that this is definitely a Good Thing as well.
The lessons of history teach us - if they teach us anything - that nobody learns the lessons that history teaches us.
The ???! is supposed to come at the end of item 1.
If you claimed someone else did it then there is no need for number 3. Personally a Mr. B. Gates is at the top of my list for co-conspirator.
From excellent karma to terible karma with a single +5 funny post...
Also, by offering a reward and pointing at the virus writer, they are reinforcing the idea that computer viruses represent a simple criminal problem. This effectively removes the spotlight from the software vendor who produced the buggy code in the first place.
...who is willing to spend a few years out of circulation for $125,000...!
Contact me on 555-EASYCASH.
----------------------------------- My Other Sig Is Hilarious -----------------------------------
It wont be cyber bloodhounds that get em.
It will be the step dad that wants the room vacated and a few bucks to raise his own kids.
Ask any doctor and he'll tell you not to get sick in the first place.
"An ounce of prevention is worth a pound of cure."
Wow. I mean I'm no MS fan but statements like that are just crazy. "Writing worms and viruses is the only way to demonstrate security holes in Microsoft software" Um no it is NOT the only way. You could tell them that this hole exists or you could tell others. It might not get a result quickly but it is an option. Worms/viruses are not civil disobedience and should never be justified by saying I wanted to teach some one a lesson.
500 dollar reward for tip(s) leading to the arrest of the person(s) who stole my sig.
Shouldn't the reward be in wulongs?
--- Ban humanity.
Microsoft knows that these new viruses are spammers trying to create a distributed spam farm. By eliminating these virus writing they are accomplishing a minimum of three things:
- they help prevent spam from spreading by cuting off a potential new lifeline to hardcore spammers. Bare in mind these spammers make millions. They will do anything they can to keep the money flowing.
- this can be looked at as Microsoft trying to curb the problem of viruses. MS in part allowed these viruses to continue to be created and spread due to the fact the same vulnerabilities are discovered over and over. This will allow them to say, "Yes we are doing something about the problem of virus creators, as well as attempting to secure our products.".
- and finally, PR. This is very obvious. If I were MS, I would get as much good press as I can right now.
Spammers must be stopped at any cost. I, personally am seeing quite a large number of customer infected PCs that are causing all sorts of grief (getting us blacklisted, causing outbound mail delays, etc). Keep in mind that the current "Windows Messanger" vulnerability will result in more spam, due to the fact of the sheer volume of vulnerable PCs out there. So this type of tactic from Microsft may result in some would be spammers/hackers from backing away from the idea of exploiting this vulnerability, and of course any new ones that may come out.
Maybe we should draft the known spammers in the US military and send them to IRAQ?
Take care everyone,
-reid
You would think that would be that case. When you consider that if they decide to do this for every virus, it could actually put them out of business. Here's hoping...
Boom Shanka
Gimme mah money!
I do not fear computers. I fear the lack of them. Isaac Asimov (1920 - 1992)
I have just had at least 6 emails from "Microsoft Corporation Security Support" containing a .exe for me to run, which will fix ALL of my microsoft security problems for me.
Too bad my ISP filters out virus attachments, I don't get to run it...
Wonder how many of these emails have just hit the world.
If I had a DeLorean... I would probably only drive it from time to time.
Gates: "I want them alive. No Disintegrations."
BOBA FETT: "As you wish."
"History teaches us that the greatest thieves and criminal got caught "
No, history teaches us that the clumsy get caught. You never hear about the greatest criminals.
You were mistaken. Which is odd, since memory shouldn't be a problem for you
...but only about their bottom line.
The worm/virus debacles this summer cost them over $700 million in unearned income in the form of future contracts. Since their usual PR spinning didn't stem the flow this time, stronger measures needed to be taken. Of course, since actually spending sufficient money to tighten up Windows is out of the question, they're just taking the easy route and putting prices on the heads of a couple virus writers.
People are finally getting really fed up with Microsoft security issues, and I don't think they'll fall for this cheesy ploy. At least, I hope they don't.
~Philly
At least Microsoft is dealing with the problem in an arena they are competent in: Rather than deal with it through code, which they suck at, they deal with it through money, which they are good at earning.
Listen - it's hard enough to type leet-speak, esp. using >< for x's.
Add to that doing the scene formatting, and trying to get it all done in time to go to work...
I was going to give Fritz a few more lines, but decided to just go for my punchline.
www.eFax.com are spammers
What Microsoft's PR needs is a scapegoat. $250k is a cheap sum to pay, if it works.
PJRC: Electronic Projects, 8051 Microcontroller Tools
Face it, the local district attorney's office doesn't have the technical savvy to prosecute somebody for hacking - but I'd bet with a bunch of MS money helping to build the prosecutor's case we'll see a few of these guys put away.
we see things not as as they are, but as we are.
-- anais nin
(sigh) Here we go again. You weenies really seem to get a hard on about anal rape. Everytime someone mentions crime and/or punishment someone's sure to make some remark like the crap above.
Is it because your not getting enough yourself?
No but, yeah but, no but...
"I'm not sure your head is out of your ass just yet, young jedi."
Let me spell a few things out, because based on this, my guess is you are a sophomore at state university.
First, and most importantly, quoting Star Wars or using it in a joke or anything makes you one of those weirdos who go to the star-wars movies months in advance to watch more crap from Captain Crap, Lucas.
Second, he was and is joking.
Third, he isn't great, or brilliant, but compared to you, he's albert fucking schweitzer
Fourth, you don't know who that is
Fifth. Oh hell. Just go away.
Sixth. You're welceom
Considering the damage done and the time and money spent fighting these virus and worms 250K is piddling amount.
It took a real world war to end the airplane's patent wars. - Fâché Rouge -
and offer bounties on the heads of the chickensh!t idiots who came up with this idea?
Or is everyone a little freaked about Microsoft offering money for the information. $250k is a lot of money, and can make a lot of people go nuts. I'm also a bit fearful of the part where they're announcing with the secret service and FBI. Since when did goverment investigative agencies work with multibillion doller corperations? From what I understand they shouldn't be putting an act together on stage. If MS wants to offer a bounty that's one thing, casnio's in las vegas do it all the time, but to work with law enforcement authorities so tightly that you can barely tell them apart makes me quite scared.
Another thing that scares me shitless is the idea of MS actually getting the corperate right to bear arms so they can fight cybercrime or some other bullshit reason (take your pick). For some reason, MS having blackops(which they already have no doubt, but on a much smaller scale) on a police-force sized scale gives me the hibblyjibblies, especially if they decide to force their coders to eat, sleep, work and live on the MS gated community where they have to sign a contract to work and the contract takes away all their rights.
Candy-Coated Knowledge
Paypal.
Is the writer the responsible party or is the person who deploys the virus?
/. How can I be prosecuted? I wrote some code but did not use it or set it free on a network. You could take this to extremes on either side. What if I give code examples? What if I only documented HOW to write code to exploit an existing hole? What if I only describe the hole? I can make a machine gun and provide you with plans for a machine gun but unless I use it to kill people, I did nothing wrong. Seems to me that the prosecutors and MS are trying to hang someone as an example but that is a very fine line. Is there a law that clearly states that you can not knowingly write code that may cause millions of computers to crash? I know this is a touchy subject but I view this software as free speech.
What if I make a spreading virus that works with a known flaw in a MS product. I post this virus and code to say Bugtraq, IRC, or here on
Bad boys rape our young girls but Violet gives willingly.
would I get $1 Million ?!!
Although I don't agree with the $250K bounty. I think it's better to have a bounty than to not have one.
I am not as smart as most of the Slashdot readers here but nobody has come up with a beter solution.
I know investing that money into MS to make the products more secure makes probably the most sense. But if Linux was the most popular OS (even with it's open source nature)wouldn't we be facing the same security problems with Linux now?
It will be interesting to see how and why these "individuals" did what they did. Although I seriously doubt that, assuming they ever get caught, they will reveal the big brother behind them...
Identify the poor code writers at Microsoft and present them with a copy of OpenBSD.
I know alot of people here will bag any idea just because it came from Microsoft. I don't know why people personally hate them. True they have done bad things, but they have paid for some of them, and will pay for others eventually. They are also showing signs of picking up their act, no one can say that there software has not improved.
Besides opensource software has just as many flaws as MS, there is just less people trying to exploit and find them.
VENI, VIDI, VICI, DIXI
I know that MS has put blame on the virus writers before, but not so vocally and they did not isolate the virus writers, they usually also blamed the system admins for not patching servers. By offering a bounty, MS has put the virus writers in the 'terrorist' category - at least in the eyes of common people. To me, this looks like an escalation. Well, the virus writers could escalate this from their side too. Even though they could, most viruses have not done much damage to the infected computers. The angry virus writer could say - 'Dude, you seen nothing yet. Wait for the next virus, and I will make sure that people hate you (MS) for making the shit you make.'
Th next virus could possibly be from a pro virus wirter and very lethal. Has MS done anything to prevent this?
I copied this sig.
Now wait for a spammer trying to exploit formmail to take your ISP out of service!
It will be interesting to see just how many people will bebackstabbed for something like this... Many of the techies in the online world have at one point, whether intentionally or not, written code that will mess around with a computer in the wrong way. I believe that the online community will hold together instead of sell each other out. This is just a Q&D way for Microsoftto dispose of "a problem" without having to pay a team of trackers from their side double the amount... Only time will tell how far/low a techie wil go for a buck.
Business \Busi"ness\, n.;
A scam in which all people involved perceive as beneficial...
[APPLAUSE]
The bounty does nothing more than helps inflates the ego of the virus writers. You guys are talking about being famous, M$ just made the virus writer/s heroes by offering a reward.
;-)
Those guys have now become heroes and believe it or not they are going to get a higher paying job without much effort when they get out of prison. Also by offering a reward M$ just signed its own death warrant because now virus writers will try harder to produce something as destructful as blaster etc and their main target would be M$ because the open source community doesn't have financial resources like M$ to offer rewards. One of the merits if being poor.
I know my friends would turn me in for money like that. Now who will I brag to?
"Tempt not a desperate man" - Willy S.
It was Cowboy Neal. He did it all.
I want the money in small bills.
Now, if Gates would only get a clue...
Seastead this.
Somebody mod parent up insightful.
Maybe there is a conspiracy to divert attention from real-life conspiracies {SCO; the backdoor privatisation of the NHS} by setting up bogus conspiracies {area 51, black helicopters} in order to discredit all conspiracy theories!
3) This is going to spark a new underground industry: write a virus secretly, then turn around and tell microsoft you have info about it (of course in an imaginative enough way not to get caught but still get the bounty). ...was giving someone you hate a joejob imaginative? ;) The scary part is, most people are so clueless I think most of the readers on slashdot (and script kiddies in general) could have framed other people without problems...
Kjella
Live today, because you never know what tomorrow brings
I'd test it on a segregated network, and when I figured it worked as I wanted, I'd go to the public library, Internet cafe, or even better, non-secured access point to launch the thing. How, exactly is one supposed to track who releases a virus? Then there's always just trojaning it onto an AOL install CD and then swapping CD's at the post office, wal-mart, sheetz, etc, which always has hundreds of the things.
It is quite possible that someone without scruples would turn in a hacker who had nothing to do with it, just to get the reward.
They could pick any convenient security researcher off of the shelf, plant some evidence, and run with it.
Then the analogy holds a tiny bit better.
blog.jonnyro.com - Jeep/IT blog
Your post is one of the most rational, thoughtful and well written I have seen here for a long time. Unfortunately I have no moderation points today and thus all the praise I can give is this post.
- ebh
Why not MS pay rewards to people who can find exploits, say 100K, wont it help them fix it themselves. What I dont like is they act as if they dont have any responsibility for their security holes!.
Phase 1) Write Virus
Phase 2) Launch from Ex-G/f's and her new B/f's computers
Phase 3) Turn them both in....PROFIT!
How about offering the $250K to whomever writes something to remotely clean up all these blaster infected computers that are clogging up internet bandwidth and routers with their scanning?
----- sXe
Welcome to wild digital west, i hope to see Clinteastwood dressed up as Neo, riding a horse and gets those motherF^&@^@s
The lunatic is in my head
Agreed. Pure shite.
It's probably a parody of some mass marketed wegro wannabe-rapper.
That's a damn expensive candy bar!
I've said this before, and I'll keep saying it until people stop making this absurd arguement. Apache runs 2/3rds of the web according to Netcraft, yet IIS is responsible for, I would guess, at least 90% of the web-based worms. Using your logic, Apache should be begging for mercy from the worm writers.
The driving force behind this crime is noteriety,
... Take away the ability for the criminal to brag without consequence. (IE. Confess). They say that's the cops best friend ... the urge to confess.
That being said, these people do not come out to the world stage to brag. They brag to their friends.
For the most part these "friends" are not computer savy. They do not begin to comprehend exactly why these acts are supposed to be "cool". They do see their friend happy and for the most part enjoy seeing them happy.
Stroke of genious
It would seem that I can always count on having the opposite opinion as posters in this forum.
Idiot Children,
--El Duderino
They freeze the bastards in carbonite
End of Line.
I did it. Now where's my money?
Laptops are always a touchy issue when it comes to network security. I think in the end the only thing you can do is firewall individual pc's and run a good intrusion detection system.
And if a particular system is running an operating system too old to run a firewall (some ungodly old unix system or windows 3.1 machine), as happens when expensive custom software still needs a host, you can still cheaply build a firewalling bridge to sit between this unit and it's network connection (linux is your friend).
You can try all you want to strengthen the border of your network, but those executives with their laptops (hell even most regular employees) will always put stuff behind your firewall.
Can your switches put machines into VLANs automatically based on their mac addresses? You could probably set it up that all unknown MAC addresses get put into a vlan that only has a dhcp server and a simple captive portal, telling the users that they need to register their unit to get put onto a regular network. You could make it so this vlan has only a simple web proxy going out (for temporary use).
The Ro Factor - Jeep/Linux Weblog
12 September 2000
every day http://en.wikipedia.org/wiki/Special:Random
Download Squid and set it up to block all advert sites. I did and it makes the internet an altogether much more bearable experience.
Je fume. Tu fumes. Nous fûmes!
Why don't they offer the $250k for a copy of a successful windows virus prior to public release using a previously unknown/unused exploit?
How many virus writers would prefer the cash over the fame? I'm assuming you can't be sued for creating a virus, only for releasing one....
Steve Linford of Spamhaus seems to think he knows who is behind the Fizzer/Sobig/Mimail attacks, and will be releasing the information in the near future.
In the article, he leads one to believe that Fizzer is still active in the wild. As a member of IRC Unity, the group founded to eradicate Fizzer, I have not seen a report of Fizzer in months.
If Steve Linford actually knows, he needs to contact Microsoft. The money would help him pay for the losses incurred by the DDoS attacks against Spamhaus.
Pete Carr Owner Chatmag.com
Typical "wag the dog" kinda case. Opportunity creates the virus-writer...
Decrease the opportunity, and 90% of the writers will leave the scene of the crime: unsafe MS-products.
Slashdot: stuff for news, nerds that matter, matter for news, stuff that nerd
It is not that much. Considering the amount of contractors Microsoft hired to deal with the virus explosion recently. Multiply by the going contract rate, times 8 hours a day and they're easily burning through that on a daily basis!
Of course, the idiots and drunkards are to blame. But really, shouldn't the firm build bridges that are more resistant? You can predict that a fraction of the population is made of malevolent bastards who get a kick out of chaos and mayhem. Good engineering should deny these idiots the opportunity to do real damage.
Putting a bounty on the head of the vandals just give them the aura of cleverness and dangerousness that they crave. As a result, idiots will flock to the bridges and collapses will multiply.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
let's out source virus writing to 3rd world country as well ... But I guess we are already out sourcing those long long time ago.
Je fume. Tu fumes. Nous fûmes!
Linux ships with a firewall in place by default that blocks incoming packets to any port, unless you choose on install to disable it. MS03-039, MS03-043, MS03-026, all remote root holes in the default install because Microsoft had not caught up to this Linux innovation.
Moderators, please delete parent post it is factually incorrect.
I have $16.50 on my paypal account. I'll give it to the person who can give me the means to bill MS for the bandwidth their sub-standard OS security costs me each day...
What nerve pointing the blame away from the really guilty party who has cost businesses billions with shoddy sub-standard software they want people to pay for!
realkiwi
how about investing the money in writing software. i mean what they write right now is suckware
A big difference here is that we don't have much control over biology. In fact, we have a relatively limited understanding of biological systems - much less the ability to engineer them.
This is why analogies based on physical events don't work well with information security issues. Just like biology, we don't control the laws of physics. We are limited in what we can and can not do about the world around us. Although a large part of technology is a better understanding of said physics (for lack of a better term) - and a consistent redefining of what is or is not possible. Information security differs simply because we directly control and engineer information systems.
When there is a fatal flaw within an information system architecture, we as the engineers of those systems are certainly capable of changing them. Now - that's not to say that every issue is trivial. And we still deal with certain physical limitations (enter comments about users being the weakness to any system). But we certainly have full control over those systems and are in the position to change the system - or the rules by which it works - at will. This is important when you consider that the nature of many common vulnerabilities lie in either bugs or simply a lack of proper design.
Any flaws in an existing information system is our own doing. We are not only in a position to correct those flaws - but also to avoid them in the first place.
Coming from someone whose username is "DNS-and-BIND".
Granted, they may have finally gotten it mostly right this last time, but there's certainly DNS software that was written correctly the first time.
WMBC freeform/independent online radio.
Microsoft weighed it. They determined that it is acutally cheaper to offer bounties that it is to fix the OS.
For $500,000, Win 2000/XP must have a lot of holes (still undisclosed) that would require a ton of manpower to fix.
Political correctness is the newest form of slavery.
With 6 Billion in the bank, they are only offering 250k? Ha! That is chump change.
On another note, do you think this is their new "security model"? Instead of writing and testing for good, secure code, just scare off the virus writers by putting a bounty on all their heads.
Switching to Linux can be an adventure!
This is so dumb that it's mind boggling.
Doesn't Microsoft realize that a bounty merely encourages criminals to frame total innocents? For $250k, they'll have no qualms at all in destroying someone's life.
The rewards mark the latest move by Microsoft and law enforcement to track down the people responsible for infecting hundreds of thousands of computers in August and September.
Actually, I think this is a really good idea. Since most virus writers are probably teenagers, they probably shoot their mouth off to their friends, who would find it irrisitible to turn down $100.00 let alone $250,000.00
So, when are we the Open Source community going to get some money together and offer rewards for the identity of the _programmers_ who wrote the buggy code that virus writers exploit? Maybe we can't see the source, but we can shame the crappy coders.
Ruby on Rails Screencast
This is lame. Seriously, lame. It seems to be pretty pathetic that they have to find the genious that wrote those virus and put him in jail becuase there are scared for their 'product' which they release everytime without fixing all of the known problems. I all I have to say is *&^$ M$
Stop using Outlook as your email client and stop using IIS as your web server and most of your problems will go away. When will people realize that every big virus only affects/propagates through two of Microsoft's software programs. Most viruses exploit bugs in their insecure software and our trivial to write.
The ubiquity of Apache has absolutely nothing on the ubiquity of Windows clients. If I wanted to write a virus I would much rather target IIS which will in turn be able to more easily infect Windows machines. It has never been about the number of servers, and I don't see why people make that distinction a valid argument.
Is Windows less secure than Linux? In certain areas (older versions of IIS, Outlook XP and older) it definitely is. However, if Linux was really more ubiquitous there would be more worms targetting Linux.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
If you turned them in before the exploit is reported!
JAV
$250K going from one pocket to the other. Microsoft **IS** the prime virus writer.
No, I'm New Here
Ya, but will they actually pay it? I am still waiting for my $3,000 bonus for sending all my friends the Microsoft spam letters ;-)
I don't have a problem w/ ads, I like to support sites that I frequent...I just think that the new ones need to be prettied up a little or something
I've always gone by the saying "locks are there to keep honest people honest."
I do agree with SysKoll's reply, but I think we need to look beyond even Microsoft. It's pretty much impossible to write software which will defend against a DDoS attack; even those that do simply prevent the system from crashing. The service is still unavailable for normal use while under attack, and other parts of the Internet will likely be affected as well.
I don't care about the expanded address set of IPv6 nearly as much as the security features it offers, but it seems like we're going to implement it about the same time as we (the U.S.) convert to the metric system.
Granted, Microsoft is not doing as much as it could, but there are also problems that need to be addressed at lower levels.
WMBC freeform/independent online radio.
A 250,000 virus that sets people on a witchhunt against virus writers... could be a small price to pay for the deterrent value it will create.
It's one thing to write a virus that goes big, and then brag to your friends about it etc etc. It's another when you have to worry that if it becomes big and somebody who knows you did it will turn you over for cash.
As much as I like my friends, I don't respect virus writers at all, and if one write an internet-crippling virus I'd be in the middle as to whether to turn them in *without* a reward. How about you?
my boss did it. come and get him... and
you can even keep the 250k, just keep him
tied up for a few months and i'll be happy.
"Another guess is that the bounty is an idea from a P.R. person associated with Microsoft, someone who knows nothing about technical things. "
Yeah, this sounds more like a PR stunt than anything else. The Microsoft security initiatives sound like 90% PR and 10% yelling at the developers to be more careful.
Microsoft's droning on in the press about security issues sounds a lot like OJ Simpson saying he would spend the rest of his life tracking down Nicole's murderer.
Such statements can only be made by people or organizations who are so self absorbed as to not know that they are being watched by people with very long memories.
It's always better to fix a problem and then talk about it rather than the other way around.
Induced an perpetuated by the FBI to catch stupid criminals. Using that old vanity ego thing which has existed when bronze was quite popular.
Criminals collectively follow a path of least resistance, walking hand in hand with law enforcement and the other outlets. It just takes time for a simpified language to develop so that everybody can utilize the newer behaviour.
I have a *real* *real* hard time concidering hacker/virus writers criminals in comparision to a company like microsoft.
Yes, because $250,000 is a huge financial burden to a company with $40,000,000,000 on hand. I highly doubt they're gonna wind up paying 160,000 of these...
The bounty will cause a lot of news stories to be written. Those stories will correctly identify the viruses mentioned as Microsoft vulnerability viruses. That will cause much more than $250,000 worth of damage to Microsoft to Microsoft's reputation. (If that is possible.)
Those news items are already written. The bounty will probably be reported as a proactive step to stop viruses - better PR for MS, not worse.
What the story doesn't mention is that it shouldn't be necessary to offer a bounty. The real story is why doesn't the United States' FBI federal police investigate the crime?
Offering a bounty does not mean they're not investigating. Bounties just open up extra avenues, extra leads - as an example, Saddam Hussein's sons were caught because of the $5 million bounties on their heads.
Jack the ripper and a few others ring a bell. Even with the high-profile of the killings.
But I think that in this case, the poster was confusing history with television. After all, it doesn't often make a good flic unless either the villian is caught, we can empathize with the villian (and thus applaud his/her escape), or - in fewer cases - we can martyr the hero (or have him die a heroic death).
People write viruses that attack wintel-boxen because wintel-boxen is what there is most of, as well as the fact that most of them are run by Joe Avrage who knows zip about security.
BIZZZTTT Wrong answer, until recently it was difficult to set up a non windows box. You had to have more knowledge of how a computer operates to get it to work. Microsoft's claim to fame was that just about anybody could get it to do what he or she wanted it to. Now that is coming back to bite them in the ass.
Had *nix been the most prevailing system, then people would have written more viruses for 'nix.
BIZZZTTT Wrong again camel breath. The fact that Apache is the most popular web server has not helped Microsoft with IIS has it? It is by far NOT the most popular web server but how often is it exploited in the wild compared to Apache?
Well???
Also, we're offering TRIPLE that much for an OS that doesn't run IIS, DCOM, SQL Server, or IE 6.
:)
Any takers?
They should just license the bastard - we'd soon see a concerted effort to clean it up then.
People see the victims of hack-attacks as victims, and often themselves as victims (as many of us are, due to decreased usability of the internet).
I'd say it looks more like MS is out to protect their assets, which is really exactly what's happening. It's a case of "oh sh*t our insecure OS is being hacked up the wazoo, we need to do something." Do you really think that a bounty is going to make people less pissed at Bill when the next windows hack takes them offline again?
How does looking at an advert support anything? The advertiser has already paid their money whether or not I take any notice. Frankly, I have no intention of purchasing most of the products they advertise. In fact, an intrusive advertisement makes me less likely to buy the product advertised, because when I'm paying the company's wages, I'd rather see my hard-earned spent on quality control than on advertising. Good wine needs no bush.
Je fume. Tu fumes. Nous fûmes!
Well virus for me stands for Very Inefficient and Really Useless System. And MS shit(s) fit the description. So i guess Bill can reward himself. That would be a nice way to save his money. Well (un)fortunately Windows cannot be saved for long.
No, MS intentionally wrote secureless software for a hardware solution. Being part of their business model to create necessity in turning the internet into a (user) serverless environment. Their next set of recommendations (rather then make them unpopular with their users) is already coming down the line and it's a hell of a way to make policy.
Think about it, if microsoft gave the slightest thought to security in the beginining, much of the laws governing such behaviour could be dramaticly different.
Isn't that like a gun maker offering a reward for those that kill people with guns? (no, I'm not anti gun, so let's not even go there).
people who write massive security holes into their code and don't fix them until 3 months after the vulnerability is published?
I mod down pyramid schemes in sigs.
Billions in lost revenue??? Kindly explain to me how they would lose revenue from people switching products, which thus mean that THEY ALREADY BOUGHT WINDOWS OR POSSIBLY OWN A HACKED COPY!!! Besides, I am VERY sure that Windows did not lose billions. The monopoly they have on the market (last I heard it was something like 98%) means that they really don't give a shit. People have to start realizing that MS isn't like every other business out there. There really isn't ANY economical opponent for them, aside from a small portion of (growing) Linux supporters.
Defender of Microsoft and Communism!!!
News Item: Microsoft to offer bounty for rock throwers who recently damaged the owners of GlassHome XP, a product of Microsoft's Housing Division. Microsoft and the US Government asserted that throwing rocks at glass homes was indeed illegal.
In other news: Microsoft to offer additional curtains for owners of its GlassHome XP products, and stated that GlassHome 2003 will be stronger than GlassHome 95, 98, Me, 2000 or XP and that users of those homes should upgrade soon at a cost of 2 million dollars. Most users will need to move to a neighborhood with firm enough soil to withstand the crushing weight that the latest GlassHome products require. Older neighborhoods have been largely abandoned in areas, and new glass patches are no longer offered for these older homes.
Microsoft further warned that customers switching to the free open-source Brickix houses may find that their current furniture may not fit, that home repairs aren't supported well, and the Brickix isn't nearly as easy to use as GlassHomes XP. Brickix has made significant advances in recent months with banking and government groups frustrated with GlassEnterprise's security flaws.
Me physicist. Me make rockets.
I put a $24K bounty on bill gates!
instead of trying to bounty them, why doesnt microsoft offer them a job. beings that obviously microsoft cant find these wholes and fix them before they release another version of winblows.
No, this is ridiculous.
Just because you say your not trolling, it doesnt mean you arnt trolling. Usually its a good way to know that you ARE trolling, if you feel the need to prefix your post which such a message.
for $250k I'd turn my mom in...hmm...maybe I could plant virus creation tools on her blueberry imac...
This CNN picture of Bill Gates as a sheriff is classic.
This is good news. They need to stop these insidious virus writers. Then people will see that Microsoft software will fail on it's own merit, rather than blaming all the blue screens, reboots, and downtime on "hackers". Once the virus variable is removed from the equation, then folks will realize that the software from redmond is still a steaming pile of crap, and they will migrate en masse to other platforms. Hopefully.
I'd rather be a conservative nutjob than a liberal with no nuts and no job.
True, this bounty might help catch the guys that wrote SoBig and MSBlast, if they bragged already to everybody about what they did. But for the future, Microsoft might have just put themselves into the worst position possible: the stakes are so high now that if some dude will take the chances to write a Windows virus or worm, knowing what he faces if he gets caught, he won't just launch a DOS attack; he'll do real damage. We might start seeing really vicious attacks from now on. God help Microsoft.
So, what happens when the virus writer turns out to be from somewhere in Eastern Europe? What good is this going to do?
;P
Remember the guy that tweaked Blaster and re-released it? He was scapegoated..
Also, it says that the reward will be paid if *there's a conviction* - that's a "Get out of jail free" card for them. The person actually has to be convicted. It could take a few years for you to get the reward, if you get it at all.
Nice idea, in a few ways.. but writing software that doesn't suck is probably a better idea.
Says who? There have been rewards before. AIG, the insurance company, has offered sizable rewards.
and the theory of acceptable risk. If a recall on 100,000 cars will cost more than he deaths of 4 or 5 people, they will take the deaths over the recall. Same deal here. Cheaper to offer a bounty than fix the core problems in the software...
Just go check the Symantec and/or McAfee Payroll office and Look in their booksn for Employees in the "Special Projects" Division.
Can I get one of those Oversized Checks, Like Ed McMan gives when he pulls up infront of your house?
(Score:0, Interesting)
But, do to various semi-realistic sounding reasons, cannot claim the reward themselves. If you send them $5000 USD they will buy airfare for the hooligans and ship them to you. You then turn them in and get to keep %75 of the $500,000 reward for yourself!
Lets see...
1) Write a virus.
2) Frame someone.
3) Profit!!!
of code cowboy bounty hunters? How very Gibsonesque. I doubt this will become a trend, but if it did, it just might create a new type of hacker. More likely the guy's friends will get greedy and just give him up. It's pretty easy to get a virus out there and not get caught.
TallGreen CMS hosting
Gee, I knew what most of these posts were going to say before I even read them. Most of them say that this is just a marketing ploy by Microsoft to deflect criticism, that Microsoft's poorly written code is what is really the cause, and Microsoft this and Microsoft that and oh, by the way Linux rules.
Let's put all of that aside for a minute. I'm not going to be pro-Microsoft or Pro-anything here. I am going to be Anti-virus writer though.
Cyber-crime be it scams, viruses, trojans, worms, password/identity theft, carding or whatever affects all of us personally. It does because it casts things like the internet, ecommerce, and technology in a poor light. It causes "big money" to think twice before they invest in technology, it causes things like e-voting to come more slowly to the forefront and, it forces companies to take sometimes extreme security measures.
In a sense, the 'net hasn't matured yet. It can be compared to the Wild West where crooks didn't have to run very far or hide very long or even worry very much about getting caught. I have no doubt that over time we will see the net change and cyber-criminals and other scumbags will have more to fear. But right now, a wanted poster with a reward is appropriate. It is what Wells-Fargo did to catch outlaws way back when and it will work as well today.
Making this move and publicizing it like Microsoft is doing says, to me anyway, that the security of your computer and your data is worth, at most, $250k and no real work on their part.
Awfully reassuring.
Jet: 250K Wulans?! That won't even pay for the damage you did to the ship last time, Spike,
Spike: We've got Ed on the case, it should take 10 minutes.
Oh Lord, when did I become such a geek?
Electric Monkey Pants
And open source has no bugs.
/dev/null now.)
People have no bugs.
Some virus I got N copies of relied solely on people being dumb enough to run it. (Swen, was it? I forget, and they go to
Sometimes, the code is not at fault. A virus the user runs can be equally destructive to ~/office/resume.sxw on ANY system.
__CmdrTHAC0__
In Soviet Russia, Spanish Inquisition doesn't expect YOU!!
"History teaches us that the greatest thieves and criminal got caught due to their hunger for fame."
History teaches us that the greatest thieves and criminals use their wealth to employ the educated to sing their praises, justify their murders, demonize their victims, and legalize their thefts; in book after book, law after law, play/movie after play/movie.
What is paying money to congress elections to get an extension on a monopoly other than a THEFT justified by LAW by a GREAT THIEF?
> It's not that they're in kernel space,
> it's that they run as root.
> There is a difference.
Not really, on windows. Running as root means you have permission to load drivers, which means write into kernel space...
Always blame it on the guy who doesn't speak English.
No.. he really did write the viruses you teabaggers.
Instead of actually fixing the bugs they figured it's cheaper to just offer bounties for turning in virus writes. That's fucking brilliant! Well screw Microsoft. I hope more and more people write viruses for Microsoft operating systems.
ill just turn in the whole CS dept
You know, there are thousands of microsofties. And, there are about to be about 20 thousand less.
Let's say you work there, and your job is in QC. Let's also imagine that you have found critical flaws in the underlying technology, which exists in all current NT deriatives. You proposal to fix the problems is an entire rewrite of all the networking and RPC calls in the system.
You are told to shut up. Fine.
Then, you find out you, and your department, is being shipped to India, where the sheep-like Indian workers will never rock the boat. You see, Indian programmers are very smart, but not very creative. They can write whatever you tell them, but if it doesn't work, its because you didn't supervise them closely enough. They won't offer any criticism or feedback, at all.
So, what do yo do?
Sabotage of your employers is the only real way to strike back without undue fear of prosecution. While driving a big SUV through the entrance and doing a Terminator 1 police station recreation might be your first choice, sabotaging the operation is the best way.
Of course, this person(s) did not do that. They wrote a nasty worm that could be to blame for such things as the recent NYC blackout, among others.
Law enforcement frequently offers $ for crime tips, but almost never pays. Who could force them to do so, since they are (above) the law?
MS's stock fell down $1 or so where Microsoft sited it was concentrating on security issues and viruses.
So they did lose actual money.
To ensure the safety of the world lets just put all Windoze programmers in jail.
"If you can't do the time don't code for Bill"
Virus victims put a bounty on Bill Gates.
This is one of the most blatantly false statements I have seen get modded up to +4 or +5 in a long, long time.
Windows Media Player, Internet Explorer, and Outlook do NOT run in kernel mode whatsoever. They may talk to kernel-mode drivers like 95% of all user-mode software does (read from a file, talk to the network), but they absolutely do not run in kernel-mode!
C'mon, people. If you want to bash MS, you can do better than make up ridiculous statements like that.
if I just turn in the /. community as a whole.
"We shall party like the Greeks of old! You know the ones I mean." - HedonismBot
How is that a troll? Some idiot with mod points didnt like it, or didnt like the sig, or didnt like the sentence structure, or perish the thought, mentioned that Bill Gates gives money to charity.
1. Write really nasty virus ...you know...
2. Frame some chump for it
3. Claim bounty
4. ???
5.
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
... of about $90 for an Operating System that's invulnerable to virii.
Ceci n'est pas une signature.
This harkens back to another /. article
about getting paid for finding bugs.
Seems to me, someone who wants to earn some big bucks could figure out a way to write a virus, pin it on someone else, then collect the bucks.
well widows comes with spyware/ad-aware installed. i know this because i built a computer for a friend and put windows on it, before connecting it to the outside it instaled ad-aware and spybot, and sure enough there was spyware.
and if you get one -1 mod, then you have bad karma. Go figure.
Lately (after reading a paper referenced in a slashdot post that presented the results of some worm propogation simulations), I've been thinking about a project that would build a worm to test some of the assumptions in that paper. After all, I want to know if it's reasonable to assume that a worm with all the intelligence described in the paper could infect and transfer itself in X seconds, because that impacts the threat we might face.
So I imagine creating a program called the "known buffer overflow service", (basically, just a gets() call after accepting a connection) that exists simply as a target for these sample worms, and then developing the worms and watching them spread on a private test network of 20 or so machines.
Now at this point there's really no chance of the sample worms as I would write them of getting out and infecting hosts on the wider network, unless people deliberately install my "come exploit me" service. However, were I to publish my worm source code you would then have a ready-to-go, tuned-for-fast-propogation worm, possibly with some kind of DDOS payload, which just needs to be customized for the exploit of the week. (and the DDOS target adjusted to whatever you want to take out today)
So then someone in India plugs the latest bugtraq post and this worm together, and thirty minutes later half the windows machines on the internet are attacking mcdonalds.com...
Now - this is where we suddenly start throwing around analogies to the difference between publishing bomb-making instructions and making bombs, and then try to argue what the result should be by analogy. Unfortunately, the analogies crumble because the worm source code is both the instructions and at the same time an almost complete worm-making kit. (just add water!)
So in this scenario would I have gone "beyond writing an exploit"? (the test used for "guilty" in the parent post)
Heh. Last time I turned someone in for a reward of 30 silver pieces, I got thrown out of the Thieves' Guild and my Lockpicking ability went down 15 points. Some reward!
Shop as usual. And avoid panic buying.
Ok viruses. You took all that time to write that. Anonymously of course. Glad you got the point of the message.
Microsoft is completely wasting their time here (and possibly money). What they should do, is to pay those who find the security holes in the first place. What do you think, would mr. Hacker Henderson write a virus that exploited a certain backdoor in some version of Windows, or would he tell Microsoft about it and get $200? I know that would be an easy choice for me.
Wrong approach, Microsoft!
If that were even remotely true then Apache would be swimming in remote exploits, which it is not.
You are wrong to compare the code base of an APPLICATION to the code base of an OPERATING SYSTEM. Try again.
Blaming people who build houses with inferoir door locks for buglary is just as inane. People shouldn't have to put locks on their doors to prevent intruders from entering.
A number of years ago I read part of the Iroquoi Constitution. Some political theorists say that the US Constitution was based in part on the pact these people held.
One of the 'rules' the Iroquoi followed was: If you are going to be away from your lodge for a time, put a big marker up on it, so that other people will know to keep away because you are not there.'
That rule implicitly shows that the people in that society respected one another enough to follow rules like that. Further, anybody seen meddling around the 'marked' lodge would be assumed by others to be doing something wrong.
Why is it that in our culture the victim of a breakin is blamed? Can't we assign the blame back on the malcontents and troublemakers who intrude in other people's business? When someone breaks into a computer, why is 'it was easy to do' an acceptable excuse to so many people?
After Microsoft has issued a few million in rewards and there are a half dozen virus writers in the slammer serving 25 year terms (with NO internet connection- enjoy sol.exe, buster), maybe the social climate will change. It's a shame that it has to come to that.
A Good Intro to NetBS
1. Write a virus
2. Turn yourself in
3. ?????
4. Profit!
The premise that virus and worm writers are somehow doing something "good" by releasing their creations on the internet is a belief that is seriously flawed and totally silly. These people don't give a flip about "educating people" or "helping to demonstrate lax security in MS Windows". They care only about pissing people off and getting to give the virtual finger to Microsoft. If they *did* really care, they would spend their time writing and distributing protective software to the masses instead of useless crap.
Anthony Papillion
Advanced Data Concepts, Inc.
"Quality Custom Software and IT Services"
1. write virus
2. hack innocent pc, leave source code, spread virus
3. turn in innocent pc owner
4. Profit!!
someone once told me that the standard fare for murder was some 50 000 (unless there was some sort of difficulty/public figure/security involved, i'd assume). I have been saying this for a long time, but if microsoft Is going to offer 250 000$ for the arrest of a person, and it costs roughly 50 000$ for someone to be 'offed...how long is it going to be before microsoft assassins start plucking specific people out of the genepool? microsoft could kill five people for that amount...imagine a world with no linus trovalds, no richard stallman, no bruce perens, no eric raymond, and no judge-who-ruled-against-microsoft-lately-person-wh o-i-don't-know-their-name.
mark my words, corporate sponsorred gang wars, complete with driveby shootings are coming, if not allready here. astroturfing is only the beginning. i give it 15 years, max.
GENERATION 26: The first time you see this, copy it into your sig on any forum and add 1 to the generation.
Tomorrow: $500 reward for every Linux or Apple virus written.
This is definitely in "the cure is worse than the disease" category, but in these Bushie days the big company boys like Microsoft can do this sort of thing without any problem. Justice for sale in today's America: How much justice can you afford today?
Can't announce this detail publicly, but Microsoft is also hiring a hit man to "finish taking care of" the culprit when he finally gets out of jail. Consider it insurance--after all and as has already been suggested several times, this is enough money to motivate a bit of fraud. It's quite possible that the convicted "culprit" might be scamming them, particpating in a frame job with a friend and planning to split the loot after a short jail hitch. Those shrewd analysts at Microsoft! Just covering their bases. If he really is guilty, then he deserves to die for his unspeakable viral crimes against millions, and if he isn't guilty, then he deserves to die for scamming Microsoft. Nobody gets away with that!
As recently noted, if Microsoft had been divided into pieces, the non-OS company would probably be producing Linux versions of Microsoft Office now. At least they would have a legitimate profit-maximizing motivation to do so. That in itself would be enough to make Linux viable in almost all corporations and for most home users. Incidentally, it would break up the Windows monopoly and increase everyone's security by solving the "Windows as one big target" problem. Good for almost everyone but Bill Gates.
Remember: How much justice can you affort today?
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Heh...
Karma: It's all a bunch of tree-huggin' hippy crap!
If the fine is less than $250k, report yourself! ;-)
Karma: It's all a bunch of tree-huggin' hippy crap!
What, did their copy of MS Access delete the records of the MS Virus Developers Platform??
(also known as Outlook Express...)
Why should email be linked to running every script imaginable anyway?
Long Live TEXT !
Liar.
The line in question was not about Windows but about RPC. Morphing that statement into "Not only that, Microsoft's products just aren't designed for security, even by the admission of their own executives" is like stating that Unix/Linux/Minux shouldn't be on the internet becuase they support NFS and NIS/NIS+, both of which are also not designed to be used over a hostile internet. RPC is disabled by default over dial-up interfaces, but not network cards.
Here is the actual paragraph you were referring to:
The "Remote Procedure Call" feature exploited by Blaster is, to quote a Microsoft advisory, "not intended to be used in hostile environments such as the Internet."
I'm not blaming the victim - I'm blaming the victim who, knowing what the culture is, and knowing what is likely to happen, takes no action to protect him or herself. Such people don't appear to have the sense to come in out of the rain.
If we had a culture like that of the Iroquois, then doing as the Iroquois do would be acceptible. Did the Iroquois have the same idea of private possessions as we do? What did they do if someone did take their stuff?
I am a nurse, and am rarely in a position to require the services of a physician. That prevention thing you know....
It is the only way people actually listen to. As sad as true.
I had a talk with our new site admin. He tended to underestimate the security somehow. After a short demonstration, involving hacking into his machine from the next one, his opinions changed dramatically and quickly.
Practical experience is the best teacher.
We'll start by killing off all the virus writers, then move on to those evil "Linux hackers". Eventually, we'll run out of those people. The Jews/Chinese/Japanese/(insert race here) will probably be next, followed by Mac users, etc.
Eventually, we'll just be left with people whose VCR's don't flash "12:00". They'll be put to work building the next great virus-free software empire with Visual Basic and Javascript.
You can't judge a book by the way it wears its hair.
What WILL be interesting if these people are caught is what their background is like. What links can we find. Are they paid by spammers? Foreign governments? What benefit did they receive by writing and releasing a virus?
Instead of creating a witch hunt; fix the damn issues.
I for one have to applaud this. Doesn't matter where the funds come from, these viruses did a lot of damage. Yes, it make sense for Microsoft to spend the money on upping the quality of their own security, but offering this bounty now, in a timeframe where they won't be releasing a new OS for a few years, may help make future virus writers think twice before they write to exploit next week's security hole and knock half the country out of the loop once again.
Yes, of course I patched my machine right away and was reasonably safe behind my own firewall, but my ISP was still disrupted and when I DID have service, it was very slow. I was still affected, and would rather not have such a thing happen again. This is a positive effort on Microsoft's part to help attone for the damage cause by someone taking advantage of a flaw of THEIRS; doing this may help ensure that as a whole, people have more time around next time to PATCH and be protected before someone is brave enough to exploit.
Damon,
http://ActionPlant.com
http://actionPlant.com
Microsoft Offers A Bounty On Virus Writers
When I first read that, I thought they are offering bounty for all virus writers. Luckily I read the article before I wrote them the Website of one: http://www.microsoft.com
CHEERS
--RoadkillBunny
Cheers,
RoadkillBunny
If you think of it is $250 000 really going to be enough to get ppl to rat out anyone. Come on think about inflation.
How does this affect people doing *security* research on MS products. If one were to find an eploit or hole would that be considered a virus?
... and furthermore
Picture a man. He's standing in (Vietnam | insert random low-income nation here), and his annual income is USD$500 because he's better than average there.
Picture another man, also standing in (Vietnam | IRL-INH), also earning USD$500 a year. They read about an offer of 250 years' wages for both of them all in one go if one of them spends five years in the slammer because the other turned him in. A bargain is struck.
Picture a network. It's a busy network, and traffic is humming across it. Let the scene drift closer, and note that the busy workers aren't so much busy as frantic. Frown, and focus on the traffic itself. Outlook has a virus. See the virus flow. Flow, virus, flow.
Hello, says the virus, I eat hard drives wholesale. If you ask Man Number One he will tell you who wrote me. For a fee.
Picture the neighbours of Man Number One, considering their own family incomes and contrasting them with his.
Got time? Spend some of it coding or testing
Windows Media Player, Internet Explorer, and Outlook do NOT run in kernel mode whatsoever. They may talk to kernel-mode drivers like 95% of all user-mode software does (read from a file, talk to the network), but they absolutely do not run in kernel-mode!
Security is a perimeter-like thingee. A security fence that is mostly intact is really a very poor security fence, particularly if it leads to a false sense of security. If there is anything in kernel-space that has been rigged for the benefit of Microsoft applications, the parent's statement is effectively true. Considering that NT Server will stay up for many months as long as IE, Office, etc. are totally avoided, it's almost certain that somewhere, somehow, there is kernel-level stuff that exists solely for the benefit of Microsoft applications. With various cracks about uptimes, it's extremely likely that that stuff is buggy and has a lot of not-yet-publicized holes.
Once again, instead of fixing the problem, Microshucks is piling patch upon fix to hide the symptoms. Except in this instance, they are doing it with money instead of code.
I think many agree that Microsnobs is attacked by many viruses because of flaws in their software. These defects come in many shapes and sizes, from vague little bugs (like some memory leak) to really bad design decisions (like Outlook executing untrusted code because doing so is "convenient").
That's not to say, Bill, that you aren't smart. Hell, if I had half as much money as you, I'd buy my way out of all my problems, too.
From what i see of whats comming - Win 2003 will be a much more secure box relative to its counterparts and ready for the Internet particuarly for Joe Shmuck. Hence, I think your comments arent totally correct. MS arent that stupid to not see that bad programming does affect the bottom line to a degree and defintely their image. When their top 100 customers have several days a year without being able to use internal business systems because they use MS products - then they listen. Mindsets are changing within the dirty, ruthless company. But im not sure that I agree nor understand how MS could be driving a Wanted - Dead or Alive with US government agencies. Next it will be a reward to find out who (or who's money) is really behind SCOs stupid law case......it could back fire on them. Bz
Gee, I wish that I needed a tax break that badly...
I've been wondering for a while why we haven't seen any really nasty virus epidemics -- I'm not talking massive DDOS, or spamfloods. I'm talking, a virus that infects a few million hosts over the course of a day or two, and then at a predetermined time, starts formatting the hard drive.
Given how fast some recent viruses seem to have spread, it certainly seems feasible. So why do these viruses always have fairly innocuous payloads? It would seem a relatively simple thing to write a virus like this -- not to mention release it anonymously and never tell anyone about it. Is it just that the people capable of doing this are all ethical enough not to? Or that the ones who aren't ethical enough, are dumb enough to get caught? Or that nobody, I mean nobody would want to see the havoc wrought by such a virus?
Why haven't we seen a virus like this yet? Is it because such a virus isn't possible, or just because no one's bothered yet?
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
Long live the Speaker Bracelet
Rolo D. Monkey
The biggest conspiracy theorists, are, of course, the spies: after all, that's what we pay them to do. That's why they spy on protesters at student anti-war rallies as well as run moles into foreign embassies: they're looking for conspiracy. Of course, not all conspiracies are equal, and some conspire to bring about democracy, while others conspire to bring it down. Like the word terrorist, to conspire is a plastic concept in the hands of those who can set public agendas.
This is a real problem, because it means that people will live in denial of real-world conspiracies that are taking place (e.g. Monsanto's conspiracy to dump toxic waste into the rural groundwater of the deep American south in the 1990s
Of perhaps more direct concern to nerds is Monsanto's ongoing collusion with other Life Sciences conglomerates to sow genetically modified crops throughout the food chain, in an attempt to end run around public concerns like labelling, organic certification, seed savers, and the whole notion of germ lines as a public trust.
Yes, there are many conspiracy theorists out there in left and right field. Yes, some are right, and some are looking for reptiles under the bed. Strangely, though, some conspiracies happen in public right under the noses of naysayers, people bray about it in the newspapers, but little is done (e.g. the implementation of Free Speech Zones).
The big question: Why aren't there more viruses and worms rising out of conspiracies? Where are the claims of victory for [__insert cause x__] after one of these viral plagues?
Damn those pesky terrorists
"Prisons are full of criminals who did things the hard way or the stupid way."
~REZ~ #43301. Who'd fake being me anyway?
A bounty? Why?
Virus writers do an extremely important service for us -- they demonstrate just how insecure our systems really are.
Seriously, why aren't virus writers owed our thanks? Would you rather they not write viruses, which would lull us into a huge sense of collective false security, leaving us vulnerable to a true Internet apocalypse in the future?
This is exactly analogous to being grateful for having a lot of small earthquakes, because you know that they relieve the geological pressures that would otherwise build up to become a single massive deadly quake.
By pumping out viruses daily, they are keeping us constantly aware of the need to fix our security problems. If the virus writers didn't provide that service for us, then who would? Seriously?
Do you think people would pay any attention if known security vulnerabilities were simply reported on the web? Only by experiencing mass inconvenience and damage could we ever be motivated enough to take Internet security seriously.
-- Anonymous with good reason.
It is as though Microsoft is in the cabinet: "The Secretary of Microsoft requests a bounty on some idiots MS doesn't like".
Nobody has yet indicated whether the award is good whether the virus writer is alive or dead.
A clearer statement is in order.
The switch ports could have been better locked down but that takes better administration. I would have liked to see laptops dropped into a firewalled VLAN. However, we have money problems and cannot afford good techs.
See my journal, I write things there
Ok, I'll walk up to someone and shoot them in the chest with my beretta. Multiple times (there's 11 in clip, 1 in chamber, .40) too. As they lay gasping their last I tell them "Welp, you shoulda worn kevlar today."
AAHHHH THE POLICE ARE TRYING TO SUPPRESS MY FREE SPEECH!!
You, sir, are a moron. I'd mod your ass down if you were up on my meta-list. The virus writers were deliberately planning on causing harm/aggravation/corporate damages (if a bunch of your workstations suddenly start crashing at startup, you lose money in productivity, and paying the poor IT bastard to work overtime fixing the little mess) by releasing those viruses. They may have wanted to be seen as being all "Robin Hood" about MS but in the end, they were about causing damage. It is justified to punish malicious coders. Imagine the 'net if these criminals were allowed to proliferate their actions. We wouldn't have ANY games. Period. Nor would we have P2P. Or IRC. For security, yeah. If these assburgers wanted to actually HELP the tech society, they should have released software patches to close security holes, not exploit them.
Wasting the money in coders would be the solution for them -specially since they announced longhorn for 2006...
I Reckon we'll have a hole new breed of bounty hunters then...
After all, without Microsoft designing the features so easily exploited, there would be none of these viruses.
I suggested something like this just a few days ago...
I think Microsoft is just hoping that in every geek there is a secret longing to play Boba Fett - I mean, he is everyone's favorite bounty hunter ..
And Microsoft posing as the bloated Jabba the Hutt is fitting somehow...
My concern is that MS, with the help of law enforcement authorities who need to buff their image, will focus their efforts on tracking down the little vandals and do very little to improve security.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
Who do you think pays when companies are struk by a virus be it on a UNIX or MS platform? We do because the cost is passed on to us through higher prices for goods and services not to mention the need for anti-virus subscriptions.
I don't like the idea that I may have to pay more for some goods or services because of some geek who wants to prove how clever they may be, do you?
These people are criminals and should be treated as such, I think the bounty is a good idea...
As for microsoft's programming practices...I agree, they could and should do better. Taking it out on end users is not the solution, offering a better alternative is...
It has been the complexity of the unix os that has kept it from being adopted by the average person. Widespread Linux desktop adoption by ordinary average people...be careful what you wish for because a stupid user is a stupid user no matter what platform they are on and I suspect that as the Linux os is made easier to use and is adopted by more and more of the general public, the Linux community will begin to feel the same pain that MS users experience.
Just wait and see.
Seriously, the PR design here is quite good: shift the blame. By putting a bounty on the bad guys, Microsoft frames the issue as the bad guys are the problem, and gets the heat off Microsoft's absymal security. I congratulate Microsoft's PR talent here. Very slick.
I like the bit about the cat... i makes me think of sending this to microsoft:
Microsoft,
the cat walked across my keyboard and created the virus and sent it to everyone in my address book. Can i have my $250k now?.. you can punish my cat.
Why me? Why not!
BACKUP YOUR PARTITIONS
You overestimate how many people really, really care about this sort of thing.