Slashdot Mirror
Microsoft Offers A Bounty On Virus Writers
Iphtashu Fitz writes "According to news.com Microsoft will announce a bounty of $250,000 on Wednesday for information on who wrote two recent Windows viruses. The bounty is offered for information that leads to the arrest of the people who released the MSBlast worm and the SoBig virus. Microsoft will officially announce the reward in a joint press conference with the FBI and U.S. Secret Service Wednesday morning. This is the first time a company has offered money for information about the identity of the cybercriminals. Could this be the start of a new trend in going after the writers of viruses & worms?"
How about paying their developers $250,000 to write secure software instead of the bug-riddled crap they currently put out?
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
My guess is that Microsoft will never pay anything to anyone. Once Microsoft finds the name of a person who wrote the virus, that person's name will be given to the police. Microsoft can claim they got the information somewhere else. "Oh yes, you were the 110th person who reported the virus writer." To use your example, Microsoft won't pay, and the family in Laos will be powerless to compel payment.
It seems likely that whoever admits he or she had knowledge of the creation of a virus will be arrested and jailed. That person certainly won't get any money.
Another guess is that the bounty is an idea from a P.R. person associated with Microsoft, someone who knows nothing about technical things. He probably said, "We can shift the blame from Microsoft to the virus writers by offering money. We'll get a lot of free publicity." Instead, the bounty will encourage people to write more viruses. Virus writers will say, "Wow, fame! I wonder if I can write a $1,000,000 virus."
The bounty will cause a lot of news stories to be written. Those stories will correctly identify the viruses mentioned as Microsoft vulnerability viruses. That will cause much more than $250,000 worth of damage to Microsoft to Microsoft's reputation. (If that is possible.)
What the story doesn't mention is that it shouldn't be necessary to offer a bounty. The real story is why doesn't the United States' FBI federal police investigate the crime? The bounty provides publicity for the fact that virus writers aren't caught unless it is very, very easy to catch them. Look at this story: FBI arrests MSBlast worm suspect | CNET. Here is a quote about a teenager they caught:
"Parson also admitted that he renamed the original 'MSBlast.exe' executable 'teekids.exe' after his online name 'teekid.'"
In the story, law enforcement is quoted as saying, "We believe he is a key and significant player..." Here's another quote about catching the teenager who simply renamed the files after his own name: "I wouldn't characterize the work as being easy,
If anyone from Microsoft reads this, I suggest that whoever promoted the idea of a bounty be fired.
...is it cheaper for MS to pay 250K to jail each person that writes a virus exploiting on of their security holes than it is to pay the developers to avoid creating them in the first place?
Troll troll troll!
You know damn well that if Linux enjoyed the sort of desktop ubiquity that M$ has right now, we'd all be bitching about the latest exploit/virus/worm and complaining about how it takes so long to get them patched and why in $#%^&$%@#&* couldn't it have been written correctly in the first place!
You're using her as bait, Master!
Which files do you care about more - the ones in your home directory or the ones in /bin ?
The whole "it only effects one user so it's ok" argument is specious, and becomes more so every day. And even that is completely ignoring the simple fact that Windows Nt/2k/XP has _better_ "privilege separation" that Linux and it isn't helping.