Slashdot Mirror
70% Of 2004 Virus Activity Down To One Man
arpy writes "According to a report produced by anti-virus software provider Sophos, 70% of anti-virus activity in the first half of this year can be blamed on Sven Jaschan, an 18-year-old German who wrote the Netsky and Sasser worms. According to the report, "Sasser claimed the top spot of the virus chart, in spite of the raging battle between the widespread Netsky and Bagle worms." The Register has a good summary of the report."
I could of sworn it was Bill Gates..
Get a rope.... (raspy cowboy gunslingin' voice)
> The Register has a good summary of the report.
70% of slashdottings were caused by Slashdot.
Sheesh, evil *and* a jerk. -- Jade
Probably not a good article to have floating around with your name in it. I'm sure there are plenty of helpdesk personnel, network administrators, and "computer guy" friends who would like to punch that guy in the mouth.
Scapegoat?
Isn't he the one Valve blamed for the HL2 source code theft as well?
70% of virus infections in my neighbourhood are caused by just one woman.
For all intensive porpoises your a bunch of rediculous loosers
To be honest, I'd rather have to do AV work on one virus 70% of the time, and spend the other 30% fixing a couple of others. Maybe write a script if need be, and 70% of the time, I just do the same thing over and over.
Or, you could spend 10% of the time working on each of 10 viruses. Suddenly, you think, I wish I could be 70% sure what the problem will be, it is alot easier.
The mainstream and tech press is always implicating Russian crackers or links to .ru sites...
What's the real deal? Someone is feeding us disinformation with a shovel.
You got to wonder why Microsoft never did this before. From a business standpoint, the return on investment for this $250,000 bounty is probably going to be quite impressive.
...99% of virus activity this year due to bugs / vulnerabilities in products from a single company.
"The computer worm he created continues to spread despite the fact that their creator has been taken out of the equation."
duh!
The computer worm he created continues to spread despite the fact that their creator has been taken out of the equation.
How on earth must one believe that a worm works (or think that one's readers believe that a worm works) in order for them make such a statement?
I'm reminded of a great quote by Charles Babbage. Babbage was asked (by a member of parliament... of course) whether his analytical engine will, in spite of being given erroneous input, nevertheless arrive at the desired answer. Babbage's response?
"I cannot rightly apprehend the kind of confusion of ideas that would provoke such a question."
Accountability on the heads of the powerful.
Power in the hands of the accountable.
Yeah Netsky and Sasser have gained much more notoriety but actually phatbot has been (and still is) the more dangerous worm/trojan/backdoor around in 2004.
There are currently several thousend different modifications of phatbot around and in contrast to Netsky/Sasser, phatboy infected systems are being commercially exploited as spam relays for UCE/UBE and Hatemail. In Europe neofascist/neonazi groups use phatboy to finance and also to distribute their propaganda.
You can buy lists with the ips of compromised phatboy-infected computers to use for your own spam-enterprise. There are even groups which will code you your own version custom-built to your likings.
Strangely the author of Netsky/Sasser has gained much more public interest. Yeah it was probably more annoying and a real hassle for the sysadmins. On the other hand phatboy is more dangerous than netsky and is actively exploited with criminal intent. Although the writer of phatbot has been arrested as well (coincidently also a german) all you ever hear about is the author of sasser.
Jeff
THANK YOU!
People like you help me argument against the beady-eyed managers that a computer-monoculture is bad for business.
How else could I easily bring Linux or Firefox on Windows to our enterprise customers? And hey, what people know from the office, they will also use at home.
Not to say that you help the OSS community, but you do.
Thanks again.
I dont know about the rest of you, but even if guys like this keep some of us in jobs I'd still like to drag him outside and have a good old fashion blanket party.
Anybody got a few extra baseball bats? If not we can just fill socks with penny rolls.
?SYNTAX ERROR IN LINE 42
I made sooo much money from fixing and securing against those viruses its not even funny.
:D
That guy might as well have bought me my new computer and a car
Netsky forms a major share in that 70%.But that is including all its variants.I do not know if u attribute the credits for the Netsky variants [A,B,C,D...] also to Sven.I beleive the variants are from other virus hobbists as well.It is not fair to attribute them all on Sven at a staggering 70%.
fifteen jugglers, five believers
"...one of Jaschan's schoolfriends revealed the worm author's identity to Microsoft."
http://www.sophos.com/virusinfo/articles/netskyher o.html
The only thing new in this world is the history that you don't know.[Harry Truman]
I, for one, welcome my Yahoo Serious Overlord.
Vinge is a great(!) SF author. Many of his novels deal with an idea he calls the Singularity; the concept that technology will keep accelerating until we gain the ability to increase our own intelligence, at which point the changes will come so fast that we we will become unrecognizable to pre-Singularity humans.
... perhaps Sasser and Netsky were worse?
One of his fundamental ideas is that the growth of technology will give individuals more and more power. I'm not sure if he explicitly says this himself, but one of his themes is that individual people will have the power of atom bombs. It won't BE atom bombs, it will be something else... like the ability to write viruses.
In terms of direct harm, it would appear that Sasser may have done more damage than slamming planes into the WTC. Indirect damage, everyone overreacting and doing stupid things, was tremendously greater with the WTC, of course. But in terms of direct, measurable damage
Speaking, again, purely in economic terms, I wonder how Sasser and Netsky rate against the Hiroshima or Nagasaki bombs? I realise that the viruses probably didn't kill anyone, and they didn't start or end any wars. We don't feel it as much because everyone paid a little bit, instead of a few people paying a whole lot... but in terms of actual dollars/yen/economic value, I wonder how they compare?
However that comparison comes out, being singlehandledly responsible for 70% of all virus activity over the last year is *a lot* of power. Vinge's Singularity may not be that far off... assuming we don't virus ourselves to death first, anyway.
Because a guy with a compiler will do alot less damage than a company with a govenment which will do whatever they say.
Think...how hard is it to clean up Sasser? How hard is it to get DMCA/INDUCE/etc. revoked? Which would you prefer to try?
And the virus writer who can do this has put a lot of effort into it. MPAA/RIAA/SCO just sue people again, and again, and again.
You DO NOT speak Latin. Stop making up words. There is no plural tu the latin word virus. It means "poison", the plural of which is "much poison" (notice the absence of an s) in most contexts.
Even if it had a Latin plural, it would not be "virIi". That would be the plural of "virIus" which doesn't exist. It cannot be "viri" either, as this is the nominative plural of "vir" (man).
In terms of direct harm, it would appear that Sasser may have done more damage than slamming planes into the WTC.
Number of people killed in the WTC collapse: ~3000.
Number of people killed by Sasser and Netsky: 0.
You Idiot Normal Person
This guy wrote the worms. He is directly responsible for 100% of the damage they caused.
I'd say people are justified to be angry at him.
"Ask not what your country can do for you." --John F. Kennedy
I'm getting an awful lot of 503 or white pages here this morning.
Guess this must be the sickening effect of the stupid new color scheme
605413? Yes, it's a prime.
"So what does your son do?"
"He's in prison after writing the worlds most successful computer viruses. Ouch! Don't hit me! Ouch! Stoppp!
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"It's bad enough that they feel the need to "compete" against other virus writers for some internet version of "street cred" but now we're fucking ranking them?
How long until people start writing viruses just to "get points" on some chart somewhere? Christ, you people have no logic whatsoever.
Companies that got hit badly should sue him. Even if he doesn't have any money and lives in Germany, they could go after him to make an example to deter people from writing viruses in the future. Sure everyone can point the finger at microsoft, but this guy sat down and wrote a program specifically to piss people off and mess up their computer. If I own a bank and I get robbed because the vault was shoddy, I'd be pissed at the vault manufacturer and of course the person who robbed me.
I doubt companies that bring civil lawsuits would ever get a dime, but if that stops another sasser in the future, then it's money well spent.
Coincidentally, 70% of my voicemail messages are Sophos salespeople. Andrew, if you're reading this: for the love of God, STOP CALLING ME!!!
irb(main):001:0>
"On two occasions, I have been asked [by members of Parliament], 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question." -- Charles Babbage (1791-1871)
Sindri Traustason.
GMail now supports Safari and Opera
"Doing what i can, with what i have." ~ Burt Gummer
Speaking of dodgy maths, before my School Certificate (an exam all high school students do in year 10 in Australia)...
e ducation.htm
Not wanting to be a pedantic prick, but unless things have changed substantially since my fun filled days of Australian secondary education, not every year 10 student in the country sits this 'School Certificate' thingamo.
In fact, if this web site is to be believed, only students attending high school in the ACT and NSW have the pleasure:
http://www.teachers.ash.org.au/aussieed/secondary
As Australia consists of a further territory and 5 states, for your sake I hope 'Australian Studies' wasn't a component of the exam.
---
Any man who can drive safely while kissing a pretty girl is simply not giving the kiss the attention it deserves. -- AE
"these are probably the same sort of people who blame doctors for letting someone die when they're forcecd to work 100 hour shifts with no budget, aging equipment and abusive people."
Talk about a retarded analogy...
No, if you want to compare those doctors to someone, the apt comparison is with the net admins who had to do overtime to remove worms. If you want to compare this particular cretin to someone, it's with someone who deliberately creates and releases a new strain on flu to make a profit out of the cure. (Remember the cretin made the virus to drum up his mom's business.)
Would I be angry at the doctors or sysadmins there? Nope. They worked hard to repair the damage.
Would I be angry at the cretin who deliberately set the virus loose (whether computer virus or new flu strain)? Damn right.
Or maybe not necessarily angry, but I'd want him roasted slowly at the stake anyway. Or if that's not an option, hey, put him behind bars for a couple of decades. Just to deterr other such vandals.
So here's the deal: get brain already. If you can't tell the difference between someone working to _repair_ the damage, and the vandal who deliberately _did_ the damage, you have a problem. You need professional help.
It's like not being to distinguish between the asshole who keyed your car, and the shop who repainted the car. It's like not being able to distinguish between the vandal who threw a brick through a window, and the people who worked to replace the glass sheets. It's that idiotic.
A polar bear is a cartesian bear after a coordinate transform.
it's a military/boarding school/other miscellaneous dorm tradition for dealing with malcontents. One person covers the party "guest" with a blanket so they can't escape while the others take turns beating them (often with soap in a sock, aka a "sock party").
Everyone has to take a swing so that everyone is culpable and no one can report it without incriminating themselves.
See Pvt. Pyle in "Full Metal Jacket" the night after he eats the jelly donut for a graphic reference.
And I'm sure more hours than that were spent trying to clean this up... try him for murder.
Who wore the towel: Bush or Saddam?
"Long run is a misleading guide to current affairs. In the long run we are all dead." (John Maynard Keynes)
"Sasser claimed the top spot of the virus chart, in spite of the raging battle between the widespread Netsky and Bagle worms." If my bagels..errm Bagles had worms I'd just throw em out... uh... I think what it meant to say is Beagle, cause I get about 30 admin alerts a day about e-mail attachments with beagle in em...
Viruses work differently...they keep on spreading...or attempting to spread. Law enforcement needs to remind itself of this difference from time to time because "cyber-crime" is a very small percentage of overall crime.
Microsoft isn't willing to pay the bounty, because the informers are suspects themselves.
That was a cheap one for them and they will surely go on with this practise - it's way cheaper for them to pay a little bounty than to fix some bugs.
Nearly half of german youths ready for work cant find meaningful employment due to the sluggish economy and heavy-handed government regulation of industry. The adult unemployment hovers 10-14%. Germany still widely uses the apprentice system for working youths into the economy, even for white collar jobs. Other youths become perpetual students (6,8,10 years) in the low-cost university system. So there's lots ofidle, creative people to get into mischief.
In nature, the most vulnerable species end up extinct. Of course, if they have some kind of monopoly to leverage, they might survive.
"More power to him I say.[...] Expecting people 'not' to crack/compromise insecure systems, a daydream you're having"
Newsflash: the real world was not built on being 100 unbreakable and unpenetrable.
E.g., your front door would _not_ be unbreakable to someone determined to get past it with an axe. It's a known vulnerability, for the past few thousands of years, and noone's fixing it. Your windows are likely even more vulnerable.
E.g., locks can be picked. Locks with master keys allow for escalation of privileges by attacking one pin at a time. It's a known vulnerability too.
The way Real Life works isn't to waste manpower and money to make something 100% impenetrable. Real Life works by basically just setting up a big sign that says "you're not allowed past this point." And if you do, we'll throw your sorry ass in jail.
That's really all that your front door and lock are: a sign that other people are not allowed past that point. If someone actually does the effort to pick the lock or hack down the door, it's proof enough that they did get their hint to stay out and deliberately circumvented it. So we throw them in jail.
If someone entered your home, it's not the door manufacturer's fault, it's not the lock manufacturer's fault, it's simply the thief that's to blame. That's the one who deserves some fine time in a state prison.
That's the security model that the Real World society was built upon. It's not perfect, but it worked wonderfully so far.
And here's your free complimentary clue for the day: those Windows users' instinctive expectation of computer security is the same. They don't expect their computers to be an impenetrable fortress, since their RL home or car isn't either. They do expect that whoever breaks past the boundary of their home, car or computer be thrown into state jail.
Unrealistic expectation at the moment? Maybe. But not an _unreasonable_ one. As in: it's not unreasonable to throw the script kiddie or virus writer in jail anyway. Sure, we won't stop trying to make the apps more secure, but in the meantime we also throw the asshole in jail to deter other assholes.
And maybe it's time to give users what they ask for, instead of idiotically insisting that they addapt to what we feel like programming. Not even just in this aspect. The software industry is a fucking disaster in this aspect, and all this whining about "idiot users" and "idiot managers" is just proof of it.
Any other industry, they try to make things comfortable and obvious for the user. In the software industry we just call them idiots and have whole sites dedicated to whining about them.
A polar bear is a cartesian bear after a coordinate transform.
I have one client that no matter how many times we tell their receptionist not to open files from people she doesn't know... She'll come into you office and say, "Did you sen me this?" after opening an e-mail with a worm in an attachment.
Every other user understands that when a new virus slips through the system, or an old one with a new face... you don't open suspicious mail.
Blame comes at every level, admins, users, but I think that the virus coders themselves should face more severe punishment. Would you release a virus into the wild knowing that potentially you could be hunted down and either:
Go to prison for twenty years.
Be saddled with millions in debt from civil lawsuits?
Before anyone freaks out, realize I'm floating a theory. The people that do this boost one sector of the economy and destroy another. Just like thieves and their activities sell alarm systems indirectly. Except these folks are stealing millions of dollars in productivity. Does that make them white collar criminals worthy of a slap on the wrist and six months in "Club Fed"? Or does it make them the equivalent of a burglar stealing 4,000 TVs at $250 a pop and 2000 years in prison? To those that think that sounds unreasonable consider this: In most states a third burglary conviction at any level results in a three strikes life without parol sentence.
To use your "real world" model, Windows is not analagous to a locked car sitting on the street in a relatively nice neighborhood. Windows is analagous to a car with all its doors open and a key in the ignition, sitting in the middle of downtown Gotham City.
It's *going to* get stolen (hijacked) unless you do something about it.
I'm all for putting this guy in jail. But at the same time, it's unrealistic to expect hackers to stay away from a computer whose OS is full of vulnerabilities, from which they stand to profit.
You say you want to give users what they ask for....what all MY users are asking for, primarily, is "not to be bothered with this bullshit virus stuff," and the best way to make that happen at this point, IMHO, is to make it far more difficult to gain access to their computers.
Sure, you can make an example of this guy, but I don't think that's going to stop the tidal wave of virus attacks. Instead of relying on the courts to enforce things like this, I'd much rather see an increase in computer security. Just give all your users personal firewalls (the RL equivalent of locks on their car doors)....something really simple like Zone. Software that DOES make things comfortable and obvious for the user.
And when the problems go away, they will remember that security, not the court system, solved the problem.
--B
Maybe it's true, but it just smacks of a comforting message to sooth those PHBs out there. Regardless if some/all of the code is based on this guys work, the fact that is spread so far, so fast says it's about way more than one guy.
He's actually built a bright future for himself once he gets out of prison ;) There will be no shortage of people who want him to work for them. Lucky for him he won't be in for long.
While I agree with the essentials, you are very wrong. Devil in the details.
My front door is out of reasonable reach except for maybe 15000 people. My computer on cable modem is available to (however many people are on the internet) spread all over the world. This is a fact, and if I sell a door that opens to such a huge number of people, it should be designed to handle it.
I may want to beat this particular character, or prosecute him. Another fact gets in the way. He is in a different country 9 time zones away. I can't talk to the local prosecutor to get action. I can't even make it an issue country wide, since it is outside of my country. Laws, iow, mean nothing. So again, my door has to be built with that in mind.
With these realities in mind, perhaps it is sheer incompetence to sell a product that, for example, has ports designed for a lan open to the whole world. Or allows execution of things from who knows where.
Derek
I fully agree with you, but if someone knows about a certain fault in your lock, or has a master key, and the Lock manufacturer does jack shit, then he can also take some of the blame for the break-in! Exactly how microsoft knew about the hole and did nothing about it until like, a month after
Just compare it to this: One teenager puts a firecracker on a bridge. As a result, not only does the bridge disintegrate - it starts a chain reaction which destroys 70% of the bridges in the country. Now tell me: Who is responsible? The teenager who did something potentially dangerous or the people who built bridges which could be brought down by a teenager with a firecracker?
How long until people start writing viruses just to "get points" on some chart somewhere? Christ, you people have no logic whatsoever.
Hey now, just because you don't like the logic of a situation doesn't mean there isn't a logic operating. In fact, your post is speculating on what that might actually be. Virus writers are already competing, and as other respondents have noted there are already rankings put out by the anti-virus industry/community. Not to mention the New York Times, theregister.co.uk, and other press outlets.
You associate yourself with the rankers ("we're fucking ranking them"), yet you say that "you people" have no logic. Do you mean the virus writers or those of us who are neither ranking nor writing?
When I was a kid, we only had one Darth.
What an honor! I'd like to send to a congratulations gift. What's your email?
You know what?
I was thinking the first of these. The other one could be funny.
OK, so now this guy will be identified as the scapegoat for the whole thing... next will be the Slashdot Interview while he's awaiting trial (go ahead and post your questions now) and the Legal Defense Fund from the EFF.
I see that freesvenjaschan.com is available (and org and net) so go ahead and get a site up now to avoid the rush.
Start working on your Bush and Ashcroft one-liners, since they have absolutely nothing to do with this and that's never stopped you before.
RP
In the real world, even if there's a car with all the doors open and the key in the ignition, it's still GTA if you take it.
In the real world, even if you leave your front door open, if someone walks in without your permission, it's B&E.
Are either of these wise things to do if it's your car or your house? Not necessarily, but you could still expect the person who took your car or entered your house to be prosecuted.
I agree. You have two choices. You can either chase every script kiddy into infinity or you can spend your resources stopping the security vulnerabilty that is exploited. In the first example, I would argue you will never run out of idiots trying to learn ways to break systems or you can spend your resources making the systems harder to break.
How many viruses that infected us last year will be protected by XPs SP2? I believe that every virus that could have been prevented and wasn't is the fault of the system designer not the individual that found a way to expoit the vulnerability.
Granted, I believe that the individual that attaches a destructive payload to an expoit should be procecuted but not given a death penalty or even a life sentence. They should not be blamed for the international issue because the expoit was available on every computer. That responsibility lies with the system designer.
This doesn't mean that system designers need to release perfect software. In fact almost everybody signs off that we do not hold the system designer responsible under the EULA. I find it very discouraging that we All they have to do is have every person sign off on a EULA that states that the system designer is not held responsible.
After finding out that the software didn't work as promised we don't need to lynch the virus writer, we need to relook at the rights that we have so easily given away.
Ok, I'm going to go off on a rant here...
Why the fuck does everything always have to have a real world counterpart? The Internet and computers in general have changed all the economics behind crimes committed with them. Period.
What is a "barrier" on the Internet? A firewall with a port forwarded? Just having an IP address? The fact that everyone is a "peer" on the system changes all interaction. If you want to keep everyone else out, then the onus should be on the software, on the security of the local system, because that's the only kind that exists. The medium is too ethereal for any other kind of enforcement in any but small, high profile cases.
And yes, there ARE idiot users and idiot managers. There are also idiot administrators who push things without knowing the full ramifications, which is why they are shut down many times. The lacking element is communication and understanding, in BOTH directions.
Oh yes, in the software industry, we call them idiots because they refuse to adapt to a new way of thinking. I have met very few children who cannot fathom how a computer works, programs and all. I have met many adults who cannot fathom how they work because they are too scared, proud or too... something. The end result is that they still don't want to adapt, and cause problems because they "use" a computer in the loosest sense of the word.
My blog. Good stuff (when I remember to update it). Read it.
The article ( I know, none of you read it ) also talks about Kim Vanvaeck. She was arrested as well.
The funny part is, she might have been good at code - but she was not good at crime.
A quick Google groups search comes up with funny stuff. Like her back in 1998 asking for someone to please send her a virus so she could learn about them.
Or her in a discussion about sleep habits which starts out asking for the best "hacker babe"...
There are more. But the best part is that in almost all of them she always ties her real name, "Kim Vanvaeck", to her "hacker name", "Gigabyte". It must have taken the authorities a whole 7 minutes to track her down...
As an aside, anyone able to find a photo of her? This is Slashdot... It would be cool if she was as attractive as Angelina Jolie in the [silly] movie "Hackers". (Why else do you think I would be searching on her name?)
The exchange rate is now about .70 USD. So I figure that this comes down to between US$262.5 and USD$350, for the Microsoft tax for the next 4 years. For the respective 15M - 20M Austrailian Dollar.
If they would have gone the route of switching to open source there would have been a penalty up front of switching the 40,000 people to a different platform and converting the files and fixing problems. Which is not a nice calculatable, negotiatable number, and scares the bejesus out of any bean counter.
But.... in 4 years what next number are they going to talking about cutting? If it were OSS then there would be nothing to cut. The costs are in making the move, after the move is done the cost reduce to what ever it takes to keep it running.
of people sniping down bugs in their backyards or catching them?
be funny of someone sent a box filled with dead beetles to mozilla.
If someone actually does the effort to pick the lock or hack down the door, it's proof enough that they did [not] get their hint to stay out and deliberately circumvented it. So we throw them in jail.
The metaphor breaks down here because houses cannot be tricked into breaking into other houses, taking them over and repeating the process until 70% of the houses on the planet have been broken into by zombie houses.
It's more like a public nuisance: at some point, the city council gets together and decides a problem is the responsibility of all concerned citizens in the area, and people just have to upgrade their doors and locks, or be held responsible for the damage that happens when their house gets of control and starts attacking other houses.
I can't let my dog run loose...i'm responsible for its actions, even if someone else teases it into attacking. I can't leave my keys in the ignition...some kid might take my car for a joyride and kill some pedestrians. I can't put a pool in my front yard...anyone could show up drunk at 3am and drown himself. I didn't design those products, but if I own them and they are a public nuisance in some way, I have to take active control and make sure my property is not misused.
At some point, we have to be responsible for the things we own, even if they are susceptible, difficult to control, or dangerous. If you can't keep control over your rottweiler or windows 95, take it back to the store and get a dachsund and a mac.
Friends don't help friends install M$ junk.
The computer worm he created continues to spread despite the fact that their creator has been taken out of the equation.
deist viruses? sounds familiar.
Regardless of how lazy people are when it comes to keeping their machines patched (there were patches for this particular vulnerability long before these worms came out), it doesn't excuse the actions of the person who actually caused the damage. Just as a burglar isn't excused if the doors of the house they rob are unlocked.
"Ask not what your country can do for you." --John F. Kennedy
Friends don't help friends install M$ junk.
On the subject of viruses does anyone know if MyDoom is behind the spate of ...
503 Service Unavailable
The service is not available. Please try again later.
Errors and slow performance im regularly getting from slashdot ?
Electronic Music Made Using Linux http://soundcloud.com/polyp
70% of virus infections in my neighbourhood
... buffer.
are caused by just one woman.
I heard the reason is that one can open her ports
in promiscuous mode...
Yeah, if you want some fast physical I/O and you
have insufficient cache, just
Why is it that reporters only make boneheaded statements like this when talking about computers? Last week Francis Crick died, and nobody bothered to point out that DNA structure remains double-helical.
Anyone? Thought so.
There are two very pressing problems to be addressed: One is that the guy who talked about woodpeckers destroying civiliazation was right. The other is the massive waste of creativity that happens because kids (and many great hackers from that matter) have a hard time finding constructive outlets for their creativity, and find appreciation for what they do.
I'm not a christian, I haven't ever written malware, and I'm as annoyed by this kids' stuff as the next /.er, but there will be no advances if one isn't capable to get above all that, and see the fundamental problems.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
we want sensational head lines and vague generalizations. They're much more fun :).
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
This is the (aptly named) broken window fallacy. In essence, if your employer did not have to employ you just to fight off viruses, he would have had the money to employ you to do something that's actually constructive. Or maybe he would have spent it on something, thus creating manufacturing or service jobs.
Give me Classic Slashdot or give me death!
Not as easy as you might think. IANAL but I do have a law degree.
The teenager's action is "conditio sine qua non" - without him, the bridge would still be standing. At the same time the bridge would still be standing if it had been built properly.
This is a question of guilt: Could the teenager foresee the results of his action? Was his action fit for bringing down a bridge? In both cases I would tend to answer no. The author of this computer virus/worm is certainly guilty to some extend - he did damage on purpose. But at the same time the dimension of the damage is not his fault alone. In real life nobody would let the bridge-builder off the hook. Why is nobody asking if microsoft built the OS as could be expected?
And 23% of all virus activity comes to you courtesy of Margaret Tillman of Chebansee, Illinois who dutifully clicks on every email attachment and forwards every chain email that comes her way.
Here's to you Ms. Tillman; we salute you.
Wanted: witty unique signature. Must be willing to relocate.
Close, but no banana. Depending on the state, it goes like this:
Prep may be part of primary school, but is still prior to year 1.
Some states have different options to finish secondary school. In Victoria there used to be a Technical Leaver's Certificate, which you could do at year 11 and was amied at people going to trade school. Then there was the academic stream, which is currently called the VCE (Victoria Certificate of Eductaion) which is assessed over two years (11 & 12) in modules.
TAFEs are generally trade schools, where people learn to be a chef or an electrician or a plumber or a hairdresser, whatever. They also tend to teach ESL (english as a second language) and run basic business courses.
Universities tend to run the more traditional professional and academic degree courses. The standard bachelor (undergraduate) degree is 3 years. Some bachelors now have pre-requisite degrees - but then tend to be shorter. e.g. Vetrinary Sciene or Medicine require a Bachelor of Science with minimum grade requirements in specific courses, but are in themselves a two year degree. This may vary from univerity to university, most 'prefessional degrees require a total of 5 years study. After a bachelor's degree, you may be eligible to do an Honours year, a Master's Degree or a Doctorate.
Sara
Designer, Gamer, Macgrrl in an XP World
- First they ignore you, then they laugh at you, then ???, then profit.
"It's like Pandora's box - once released viruses can carry on spreading even if the author has been caught or realises he has done something wrong,"
Uh, I think it's kinda like.... a virus.
Or if he meant you open it and get unexpected results, maybe a trojan horse.
Hey, no offense to them, as I'm sure they had a crack team of four or five programmers write the software six years ago, but I don't trust Sophos to block any virus, so I'm sure as hell not going to trust them to have the dirt on which viruses were the worst.
I think anyone that's used Sophos on an Enterprise level can definitely agree: it fucking sucks.
I don't know why you got modded as Troll, because you stated the truth in honest and to-the-point terms...
Oh, wait...
That responsibility lies with the system designer. To an extent, you're right about that. If there's a crippling vulnerability within a piece of software that can easily be exploited, and worse, the developer knows about it, then you could argue that not only were they not so intelligent in how they operated, but also that they were provoking most crackers to take advantage of that exploit. At the same time, I'm reminded of a quote by a fellow from Netscape (probably someone important, and I'm sure we'll all heard similar quotes before). It goes something like this: "If something is made by humans, it can be unmade by humans." How heavily the developer should be blamed isn't so easy to say. After all, you can build the most secure piece of software the world has ever seen, but if the user runs malicious code, it won't matter.
I largely agree with you - and it's a shame this incredibly simple fact eludes so many, especially in those in technical communities.
IMHO, computer crime is an attractive hobby for many that convince themselves of the impossibility of being traced and the difficulties associated with enforcement.
For the most part this is the root of the problem: enforcement is lacking, especially overseas (as the Anonymous Coward points out). Herein one can refer to the book of Real Life under "cases were poor enforcement results in no change in behavior" (take prohibition for example).
From either point of view, the least amount of blame falls on the frequently uneducated consumer who paid for a product that was prone to being hacked. A little more blame on system administrators over their heads. Perhaps even more blame on the vendors producing the software (bucky128 makes a good point. Have you ever heard of the Chevrolet Corvair? What about all those wireless-routers shipping with WEP-disabled?)... but the most blame should always, always, always be placed on the criminals.
Unfortunately, this presents a difficult situation for everyone (blame almost becomes a commodity). Due to poor cooperation by "the authorities" and lax penalties, more and more "responsibility" is being placed on the vendors by the consumers (which are being told that computer crime is waning, when in reality it is increasing due to increased press coverage).
I love how so many people get caught up in the security arms race - jumping about from one standard to another. Perhaps the vendors producing software designed with security in mind will sell more products (Microsoft is clearly feeling the bite - *points to a delayed Longhorn*), but the real overhaul isn't needed in the code. It's need in the law - and mostly law overseas (though things like bounties - recently offered by vendors like Microsoft - can curb this without legal changes {most of this crime is for "masturbatory gratification" and that mentality follows "the more people watching, the better"}). Implementing changes in that will require decades, and until then the 'net will remain a Wild-Wild-West of sorts.
// James
Some percentage was caused by google... remember link to the fractal image?
I think we owe this man a round of applause. I mean when you really think about it, the capability of viruses can easily include a payload that could cripple your computer and destroy your documents permanently.
This is not the case of a lot of viruses released by this person or group. Granted problems arise from an increase of network traffic, and there is an inconvience associated with cleaning up the virus.
But what is the end result.
-You have your documents
-You have some education about how to clean up viruses and the notion that you need to protect against them and worms (av/firewall/patches)
-You fixed a potential security hole in your computer where much more malicious things could have happened.
As a younger script kiddie I could use a simple unicode exploit on windows boxes to pentrate almost any organization running that OS. Banks, Universites, Online Retailers. Bind a shell to a port, open up a remote terminal display and do as i pleased. Once code red came around, all of those avenues got closed quickly. All of these places were much better off having to deal with this worm rather than wait around for someone to do something really malicious.
I just think that viruses today, although an inconvienece, are not all that bad, and teach a valuable lesson to software vendors and also users.
In this case, I believe the worms' author was very well aware of the damage they were capable of causing, and they did exactly what they were intended to do. For that he bears the majority share of responsibility.
I would only blame Microsoft a little. Afterall, there were patches for the vulnerabilities these worms exploited long before they were released into the wild. If anyone shares blame with the worms' author, it's the lazy/incompetant sysadmins who didn't properly secure their systems.
And say what you will about Windows, but personally I haven't had any problems with worms or viruses because I keep my system patched and am smart about suspicious e-mails.
"Ask not what your country can do for you." --John F. Kennedy
I hope you are aware, that microsoft is mass-marketing their OS to consumers, not only to companies with IT-departments. In a country, where you can sue a company for not advising you not to dry your dog in the microwave, there should me quite some responsibility.
If you tell people that your OS is fit for consumers, there should be no need for a sysadmin or even knowing about virii. If you buy a car, nobody expects you to apply patches to the brakes every other week to keep them working.
But of course there's a certain level of maintenance that is required to keep a car running.
And let's be clear on another thing. Windows doesn't easily break on its own due to "wear and tear" like a car does (not since ME anyway). When Windows breaks, it's generally because of the actions of someone like this worm creator.
To put that in the context of your car analogy, it is the same as somebody pouring sugar into the gas tank. That's called vandalism, which (now that I think about it) pretty accurately describes what worm/virus writers do to other people's computers.
"Ask not what your country can do for you." --John F. Kennedy
No it's not. Worm creators just find holes microsoft has not yet fixed although they have been there since the software was released.
To put that in the context of your car analogy, it is the same as somebody pouring sugar into the gas tank. That's called vandalism, which (now that I think about it) pretty accurately describes what worm/virus writers do to other people's computers.
Well, imagine a car with 3500 holes where everybody passing by could easily throw things into your gas tank. And every time you complain about it, they close the one hole which was used this time instead of closing them all or - as might be expected - produce a car where the gas tank is properly secured.