Sasser author a ’scriptkiddy’
p2pnet.net News:- The Sasser e-worm was intended to help rather than harm and police in Lower Saxony in Germany assigned to the case blame the devastation it caused on incompetence and ineptitude.
Their investigations have revealed a “subculture of dilettante youth hackers capable of wreaking mass havoc because of their lack of experience in programming,” says a report in Deutsche Welle here.
“They’re often working with code that’s too sophisticated for them, and the consequences can be devastating,” it states.
Sven Jaschan, 18, was arrested in northern Germany and now faces criminal and civil proceedings that could result in millions in damages, says Deutsche Welle. He admitted he wrote not only Sasser but also Netsky-A and five other people are currently also being questioned, says British anti-virus company Sophos.
“According to press reports, German police executed additional searches on Tuesday and questioned five people,” says Sophos. “Two admitted to investigators that Jaschan had given them the source code for Netsky and one admitted to helping circulate the Netsky worm. No further arrests have been made.”
“In his confession to investigators with the state criminal office in Hanover, the young man said he had originally sought to create an anti-virus program,” Deutsche Welle says, going on:
“With his virus, he said, he intended to remove other viruses from computers, including ‘Mydoom’ and ‘Bagle.’ But in the end, what he wound up with was ‘Sasser,’ a worm that disrupted the computers of Delta Airlines in the United States, the British Coast Guard and the European Commission in Brussels. State criminal office director Rüdiger Butte said Sven J. admitted he hadn’t thought about the possible damage the worm could cause.”
Interviewed by Agence France Presse, investigators described ‘Sven J,’ as he’s identified, as a scriptkiddy, “jargon for bottom feeders in the hacker hierarchy, which is comprised of hackers, crackers and scriptkiddies”.
Jaschan’s arrest came as the result of a Microsoft bounty placed on the head of Sasser’s creator and as Sophos points out, “Microsoft has issued considerable bounties for information leading to the successful conviction of virus writes in the past. In February this year they offered $250,000 for the capture of the MyDoom worm author, and last year a total of half a million dollars in regard to the Sobig-F and Blaster worms. However, to date these rewards have not been paid as no-one has been convicted.”
Jaschan, who turned 18 in April, will probably be tried as a juvenile, thus escaping prison sentence if he’s convicted.
May 14th, 2004 at 3:52 pm
If the German authorities are actually willing to believe that this kids was trying to write antivirus software and had no idea what he was releasing to the world, then they are *far* more stupid than I would have ever thought possible.
Mike, Network Analyst, Tampa, FL
May 14th, 2004 at 3:54 pm
I am glad Jaschan is being tried as a juvenile. He is lucky that he is not living in Amerika where juveniles are frequently tried as adults. Jaschan’s worm took advantage of computers whose owners had been lax in security and updating their software. The blame can be shared.
May 14th, 2004 at 3:56 pm
As so many are so good at creating these destructive worms. Why can’t Microsoft create something that kills them at source. If Mac can do it why can’t Microsoft? I have so much defensive software on my computers it really slows the whole system down.
RRR
May 14th, 2004 at 3:57 pm
True, what you say is true.
But that would be exactly equivalent as saying:
“We should send this serial killer to jail. He is just notifying the public that people aren’t wearing body armour!”
See what I mean?
May 14th, 2004 at 3:58 pm
Whoops.. I mean “Shouldn’t”
May 14th, 2004 at 4:25 pm
If Microsoft creates a defensive code . I Believe no one will buy next version of the software as quick they are doing now
From last 3 years I switched from 98 to 2000 now to xp paying a lot of money.
Mark
May 14th, 2004 at 4:29 pm
He probably told all of his buddies that he create the exploit from scratch…
May 14th, 2004 at 4:30 pm
“If Mac can do it why can’t Microsoft?”
What do you mean? Mac cant stop viruses “at source” any more then Microsoft can. It might seem like it because fewer viruses affect Macs, but thats only because there are fewer Macs then there are Windows machines. Fewer people care about writing viruses for Macs (same with Unix/Linux boxes).
May 14th, 2004 at 4:30 pm
I think that’s a harsh analogy. A better one may be ‘I broke into your home to prove your locks weren’t impenetrable’.
The monetary harm he caused in total would be a huge sum but this is mainly from businesses that should have been better prepared. I don’t think this kid’s life should be ruined over what, for many was an hour’s inconveniance on their computer.
A punishment that would serve to teach him not to do it again should always suffice; which would be a much smaller punishment than say, if he had killed somebody.
May 14th, 2004 at 4:31 pm
a very destructive mac virus would be easy enough to do, apple isn’t “killing them at their source”, there just isn’t as much hatred among the script kiddies toward apple compare to MS. Less people use macs so the “damage” would be far less substantial. all these kids are interested in is creating something that gains nationwide or worldwide media coverage. this is how they determine their own self-worth. they can create a disturbance so they must be powerful and important. its very narcissitic.
May 14th, 2004 at 4:39 pm
you turkeys really ought to learn what the term scriptkiddy means. if the kid authored the virus, then by definition he isn’t a scriptkiddy.
May 14th, 2004 at 4:41 pm
Why should the blame be shared. This boy is soley to blame for what he did.
May 14th, 2004 at 4:41 pm
there should be much more strict laws outlining legal responsibility when dealing with cyber terrorists, which is exactly what this kid was. If he wants to be a big time grown-up hacker, then charge him like one.
May 14th, 2004 at 4:46 pm
He is a scriptkiddy because he did a bad job of making the virus. And if you know hackers they will tell you that something like this isn’t particularly smiled upon.
May 14th, 2004 at 4:47 pm
I must agree with the “serial killer” analogy, because really what right does anyone have to put any file on my machine or ‘teach me a lesson’ about getting security patches, heck if it wasn’t for these sick individuals MS wouldn’t have to provide security patches. My point is however these virus writers are sick, it’s not normal to want to wreck havic on the world, it’s not a jail term this boy needs it’s good psyciatric help .. it just isn’t normal nor acceptable in society
May 14th, 2004 at 4:53 pm
if you’re conserned about security then you should be using ‘98 it’s much more secure that’s why all the major companies in the world insist that their people have ‘98 on their machines look at Exxon/Mobil you can’t connect your work laptop to the network if you don’t have ‘98 installed on it
May 14th, 2004 at 4:56 pm
But he didn’t author the virus and write it from the ground up. He took the available source code to Netsky and modified it. That’s the very definitions of a script kiddy — someone who can only use and modify other people’s work.
May 14th, 2004 at 4:59 pm
“Why can’t Microsoft create something that kills them at source.”
I agree! I think Microsoft should kill them at the source. Microsoft code should be so sophisticated that it kills any human who tries to write malicious code.
May 14th, 2004 at 5:00 pm
And fewer people know how to do it. Macs are set up for the computer illiterate and most of the people that buy macs do it because they know it’s easier to use, not because they want to make money writing programs on the Mac, so if you are going to become a programmer chances are you’ll own a PC so you can actually make money, and be employable.
May 14th, 2004 at 5:00 pm
Hmmm,
Let’s see here now.
Scriptkiddy: Bottom feeding wanna be crackers.
Many tools are online to download to do the simple task of scanning and exploiting others systems. Also all Scriptkiddies use these tools, but to author and write your own even if simple and stupid takes more than just a Scriptkiddy to do.
If you learn how to exploit a system and write code to do this, then you have passed that of a Scriptkiddy.
Plus the fact that this has been done more than once by this “kid” I would say that the police are being a little simple minded to think he had good intentions.
You would never release soemthing like this to the public until you have fully tested a worthly anti virus program.
Scriptkiddies have no talent, or thought to what they want to do, but this person did.
May 14th, 2004 at 5:04 pm
I hope the German court system makes an example out of him.
There is no excuse for writing or modifying a virus and releasing it.
Lets hope this little douche bag gets a hefty fine!
May 14th, 2004 at 5:05 pm
The blame can be shared? Why dont you kiss my ass, do you have any idea how much time i waste deleting these worms from my inbox and everyone elses for that matter. The time and resources these damn worms eat up is incredible. How bout next time a worm comes around you come over here and clean up its mess.
I dont see why people who patch and keep their computers up to date should share any blame, but we are the ones who pay the price because we are the smart ones and everyone we know needs us to fix their problems.
May 14th, 2004 at 5:07 pm
rot you fuck
May 14th, 2004 at 5:07 pm
Hackers dont release shitty worms, if they release anything its in small numbers to targeted pc’s. General rule is a hacker doesnt wanna be caught, so why draw attention to themselves with gay shit like this.
Aside from that true hackers are generally destructive to the systems they breach, they want to get back in not set it aflame.
May 14th, 2004 at 5:09 pm
a cyber “terrorist”?! that’s absurd. a misguided foolish child, looking for attention maybe, but a criminal set out to “terrorize” and destroy? come on.
this kind of stupid, shallow kneejerk statement is what emboldens politicians and industry, allowing them to perpetrate travesties like patriot act, dmca, and whatever else is next.
May 14th, 2004 at 5:12 pm
plz, all of u…
neither spout nor squawk about ‘IS a scriptkiddy’ versus ‘ISN’T a scriptkiddy…’
it’s all just semantics, bubs. some of us who enjoy the guts and intricacies of speaking the language of the machine, whether we learned on a trs-80 w/ a 300 bps acoustic coupler, or our first box was a micro$oft-run pc, it’s all just a matter of delineation. opinions like a**holes…ain’t that the expression? so if you think him ‘just a scripter’ because he might have put a few arrays together or combined source from someone else, or you think he’s the mighty all-seeing Yoda of binary, and that he writes straight machine language when he wakes up in the morning, compilers-be-damned…
it still got spread and did some/all/none of what he ‘wanted,’ depending on your point-of-view. and, above author, quote,
“And if you know hackers they will tell you that something like this isn’t particularly smiled upon.”
a strangely uninformed opinion, if i can say so. there’s ‘good guys’ and ‘bad guys’ (y chicas, tambien) who ‘hack, crack, decompile, examine, inspect, modify’ etc etc ad infinitem, code and the language of the computer. some of us do it to better understand, some to help the rest of society, some to hurt. there’s no ‘hacker coalition’ out there that throws a thumbs-up Seal of Approval or a big fat ‘nay!’ to what they consider good and bad. for what it’s worth, if the ’scriptkiddy’ author currently being discussed was trying to subvert/break/take down the machine, because he thought that us human-monkeys would be better off without fluorescent lights and blinking boxes and chains holding us to the silicon chip, i’d say he got his foot in the door. if he was seeking press and attention, i’d say he easily garnered that. if he just wanted to do something to get us all talking n typin, he also accomplished that. i better get back to my work and see what the ‘hackers’ out there are smiling upon or frowning about.
~fried man designs.
May 14th, 2004 at 5:17 pm
good on him for what he did, shame he got caught. Microsoft offering bounties for hackers?!! thats just as bad as the police/fbi/govt offering bounties on hardended crims (bin laden included) because they are so inept at finding them themselves.
IF Microsoft, the shash peddling sheisters they are wrote better code instead of stealing it from others, maybe then they would knopw what flaws existed. Instead of releasing underdone and half assed shit that is vulnerable to attack.
Good on him for doing it. and good on the rest for keeping it going. If companies and org’s are stupid enough to use MS’s shit then they deserve to loose millions…
FUCK YOU ALL
May 14th, 2004 at 5:21 pm
Totally agree with this sentiment. I spent my entire weekend (last) cleaning up and tracking down all kinds of addware, spyware etc..
The reality of all of this is that there are stupid, wrongheaded people everywhere. Why should I be blamed for their actions?!
Prosecute the little bastard!
May 14th, 2004 at 5:22 pm
The above guy is the same person who spent time with Michael Jackson and liked it. You are a fool and the tech world would not be where it is if not for the starting ideas of Microsoft.
May 14th, 2004 at 5:23 pm
I disagree, I say give him a pat on the back and say better luck next time…..
May 14th, 2004 at 5:23 pm
you can tell what comments are coming from the red neck yanks…
good on you fuckers… go bomb another country, you deserve 9/11, and youll get more..
HAHAHAHAHAHHAHA
May 14th, 2004 at 5:25 pm
LOL!
I think a case could be made that the stress involved keeping MS machines safe and clean have caused a few heart attacks. So, MS might be guilty of some ‘collateral’ damage, missing intended targets altogether.
May 14th, 2004 at 5:27 pm
You can ask: who’s stupider, the exploiter or the makers of the software that it exploits? If the virus wreaked so much havoc, obviously it is not trivial. If it is trivial, then the blame of idiocy falls on the makers of the software that allowed such a simple thing to cause so much damage.
May 14th, 2004 at 5:31 pm
Quoth the parent post:
But that would be exactly equivalent as saying:
“We should send this serial killer to jail. He is just notifying the public that people aren’t wearing body armour!”
This is nonsense. The problem exists because of a single giant corporation whose Chief Software Architect doesn’t know his ass from a hole in the ground when it comes to security, and all of his coders are barely out of Programming Kindergarten.
They’re selling a product (hell, not just selling it, but trying to force the entire world to buy it through anti-competititve practices) that is just as dangerous as tobacco, or the Corvair, while spending billion$ to tell people that thier products are “safe” and that everything would be fine if only it weren’t for those eeeeeeevil hackers.
They might have gotten away with it in another time, but today there are far too many OSX, BSD and Linux users out there who know better and can prove it.
But of course, our friends at the Giant Corporation will never be charged with anything. And a teenager in Germany will have his whole life ruined for daring to prove that the Emporer has no clothes.
The “serial killer” analogy is illogical and stupid.
May 14th, 2004 at 5:31 pm
What a well thought out and constructive argument . . . you’re an idiot!
The fact that you post anonymously does not mean that your post cannot be traced.
“you can tell what comments are coming from the red neck yanks…
good on you fuckers… go bomb another country, you deserve 9/11, and youll get more..
HAHAHAHAHAHHAHA”
May 14th, 2004 at 5:34 pm
fuck you
May 14th, 2004 at 5:34 pm
MICROSOFT MAKES ME SQUIRT SCREAMING SMALL CLUSTERS OF AMOEBA-LIKE MAGENTA-COLORED BITING DOODADS OUT OF MY MAIN EXIT ORIFICE!
SOMETIMES WHEN I THINK OF BILL GATES MY LOINS BEGIN TO QUIVER AS IF I WAS A SMALL CHILD AGAIN EATING MY FIRST CHRISTMAS CANDY!
I AM SIMPLY AWASH IN EMOTION AND LOVE FOR MY FELLOW HUMAN MONKEYS WHILST READING ALL OF THESE STUNNINGLY INTERESTING QUIPS AND OBSERVATIONS ON THE HUMAN CONDITION! CERTAINLY WE HAVE COME FAR AS A RACE…THANKS, TECHNOLOGY! YOU’VE REALLY HELPED US GO ‘TO THE NEXT LEVEL!’
“WHERE DO YOU WANT TO GO TODAY?” I SAY WE ALL GET MINIATURIZED AND GET LITTLE SUBMARINES LIKE IN THAT MOVIE WHERE THEY GO INSIDE THAT GUYS BODY…AND THEN WE CAN HAVE RACES THROUGH THE PERSON’S VEINS! I GOT DIBS ON THE LEFT VENTRICLE!
THE NAIL-BITING, SHEER SWEAT-INDUCING DRAMA OF THIS WONDERFULLY AMAZING DIATRIBE ON ‘SCRIPTKIDDY/NOT SCRIPTKIDDY’ REALLY LETS ME KNOW THAT YEAH, WE’VE DONE IT! OUR RACE HAS ARRIVED! NO WONDER ALIENS WON’T CONTACT US…WE’RE FAR TOO ADVANCED FOR ANYONE ELSE’S ADVICE!
HEY, I BET SOMEWHERE IN THE WORLD, WHILE WE’RE ALL DISCUSSING THIS INANE BROWN DRIVEL THAT FLOWS FROM YOURS AND MINE CEREBRUM ONTO THESE BINARY FLASHING SCREENS, I BET THAT SOME GOVERNMENT (MAYBE EVEN THE UNITED STATES!) IS BOMBING PEOPLE SOMEWHERE, KILLING CHILDREN, IN THE NAME OF ‘FIGHTING TERRORISM!’ HEY…I BET THAT WE CALL THE PEOPLE WHO RESIST ‘INSURGENTS.’ WOULDN’T WE CALL OURSELVES ‘FREEDOM FIGHTERS’ IF SOMEONE CAME TO THE USA AND STARTED BOMBING OUR CHILDREN? HUH.
I’M HAVING SCREAMING JOYGASMS OF BLUE MOUTH-GOO SNAKING FROM UNDERNEATH MY LEFT BIG TOE! I ONCE HAD A DREAM THAT I MACKED WITH BILLY GATES, AND HE’S A REALLY SWELL KISSER!
WARNING! OBJECTS IN YOUR LIFE MIGHT ALREADY OWN YOU, AND YOU MIGHT BE CLOSER THAN YOU APPEAR!
May 14th, 2004 at 5:36 pm
“the tech world would not be where it is if not for the starting ideas of Microsoft. ”
The idea of purchasing a license or copyright to some work then reselling it in an environment created for your monopoly is uh.. wait maybe that is a starting idea? Probably has been done before, maybe not so successfully.
May 14th, 2004 at 5:38 pm
“The Sasser e-worm was intended to help rather than harm and police in Lower Saxony in Germany assigned to the case blame the devastation it caused on incompetence and ineptitude.”
Now, would that be the Scriptkiddie or Microsoft for building this “feature” into their OS?
May 14th, 2004 at 5:38 pm
Quoth the parent:
Totally agree with this sentiment. I spent my entire weekend (last) cleaning up and tracking down all kinds of addware, spyware etc..
The reality of all of this is that there are stupid, wrongheaded people everywhere. Why should I be blamed for their actions?!
So why are you enabling all of these “stupid, wrongheaded people” by cleaning up systems that you know good & well are going to be re-infected next week?
Listen, the reality is that as long as people use Micro$oft products this is going to continue to be a problem.
Quit enabling the addicts. Tell ‘em the truth, and offer to help them switch to an OS that doesn’t have all of these problems.
May 14th, 2004 at 5:39 pm
fuck you we have been givin’ away free Tomahawks and patriot missiles and we get no thanks?
hehehehehehehehehehehehehehehehehehehhehehehehehehheehhehehehehehehehhehehehehehehhehee
bitch
May 14th, 2004 at 5:42 pm
Put this kid awayfor life!
May 14th, 2004 at 5:46 pm
I’VE GOT BIG HUGE GENITAL JIM-JAMS!
MY MOTHER ONCE BAKED SO MUCH CHEESE IN THE OVEN THAT I THOUGHT I WAS SEEING THE GODDESS IN MY LEFT CORNEA!
I CAN’T DECIDE WHO SMELLS NICER…STEVE JOBS OR BILL GATES…BUT I’LL GO WITH BARBIE FOR $200 PLEASE, ALEX!
SUPERMAN.
PHONE BOOTH.
JOHN WILKES BOOTH.
ASSASSINATION.
WHAT DOES IT ALL MEAN?
IF ANOTHER CRUSTACEAN FORCES ITSELF OUT OF MY NOSTRIL, I SWEAR THAT I’M GOING TO GET NEO-FUTURE-ICONOCLASTIC ON ALL OF YOUR BUTTOCKS!
I JUST HAD A BOWEL MOVEMENT, AND IT LOOKED LIKE WHAT WOULD HAPPEN IF LUKE SKYWALKER LIGHTSABER-SCULPTED A BIG KEG-O-MCDONALD’S-GREASE!
SPEAKING OF WHICH…IN A BATTLE BETWEEN THE MILLENIUM FALCON AND THE ENTERPRISE (ANY ENTERPRISE…YOU PICK THE MODEL)…WHO WOULD WIN? I SAY THAT BIG MARSHMELLOW GUY FROM GHOSTBUSTERS!
fried man designs
May 14th, 2004 at 5:47 pm
Cyberterrorist is probably too strong a word — I don’t think anyone got killed by this worm — but this guy sure caused a whole heck of a lot of monetary loss to companies. Not to mention wasted time that could have been spent on productivity.
This is serious, especially when you consider that things like this suck up an enormous amount of time and resources for developing defenses against it, from corporate antivirus scanners to on-site tech support to help desk calls to you name it.
“So it caused some companies some grief. So what?,” you say. But consider that some of those are organizations like Delta Airlines, security institutions, and the like, not to mention governmental organizations like the FBI.
I’m just waiting for one of these worms to disrupt a computer system or server farm that is a critical enough system so that its failure causes a death somewhere. A plane crash, an emergency call that got delayed, even just an email that didn’t get received in time to prevent a journalist from being somewhere at a certain critical time.
This guy is a child, a scriptkiddie — but especially in the current world climate, this is far from child’s play.
May 14th, 2004 at 5:48 pm
it would be REALLY REALLY smart if these kids were sentenced to working for microsoft as virus experts – it would be kewl to see justice of this sort – they obviously should not be shoved into some jail cell with their brilliance
May 14th, 2004 at 5:48 pm
Quoth the parent:
It might seem like it because fewer viruses affect Macs, but thats only because there are fewer Macs then there are Windows machines.
Not true. This is just a bunch of FUD that comes straight out of Micro$oft’s propaganda machine.
FACT: There are fewer virii that affect OSX/BSD/Linux because they are FAR more secure, in their underlying architecture, than ‘doze ever was or ever will be.
FACT: There are far more Webservers on the Internet running Apache on Linux than there are running anything on Windows.
LOGIC: If what you said above were true, then there would be more exploits for Apache than for IIS. But there aren’t. There are WAY more webserver exploits for the latter.
There are more virii for Windows because it is SO ridiculously easy to break in to. It has nothing to do with market share. Period. End of discussion.
May 14th, 2004 at 5:50 pm
I’VE HEARD THAT DROPPING THE SOAP IN JAIL IS A BAD THING…WHAT IF YOU’RE A ‘HACKER’? OOOH GASP SHUDDER SHUDDER CHEESE TANGO-ON-MY-SPLEEN.
fried man says,
‘GO UNPLUG YOURSELVES.’
May 14th, 2004 at 5:54 pm
i like how the authorities are spinning this. i think they should characterize all virus writers as incompetent scriptkiddies. i’m sure that some virus writers/hackers have been offerred high-paying jobs for their computer security knowledge after they paid for their crime. i wonder how many viruses have been writen in hopes of creating such a scenario. calling them all incompetent scriptkiddies detracts from this motivation somewhat.
May 14th, 2004 at 5:58 pm
I’VE HEARD A RUMOR THAT THE NEXT ‘BIG VIRUS’ COMING DOWN THE AISLE WILL MAKE ALL OF OUR REALITY-TELEVISION-SHOWS LOOK LIKE THE ACTION IN ASHCROFT’S BEDROOM ON A REALLY HOT SUMMER WEEKEND! WOOOOOH!
now i’m going to go make some fried man. nummy.
May 14th, 2004 at 5:59 pm
Problem is once they got there at Microsoft the general culture of ineptitude would inevitably take control of their creative freedom and thinking skills whereby they would produce the same garbage as their exploited predecessors.
May 14th, 2004 at 5:59 pm
these worms and viruses are so affective because microsoft produces software with way too many security issues. Linux and Mac users have MUCH LESS trouble than windows users because their products are not produced with only profit in mind. It is a shame that so few people realize this and continue to support microsoft as a monoply and get pissed when something happens like this…
May 14th, 2004 at 6:00 pm
I think having a better operating system, more secure, will solve most of the problems, if Micro$oft were not so dedicated to spend their precious time creating more crap and put their efforts in making its OSs more secure this situation probably wouldn’t happen, in short M$ is as responsible as this kid if not more.
May 14th, 2004 at 6:00 pm
I simply love it when the term script kiddie is applied to people who they themselves are just that. Heh, this kid actually wrote a program that worked quite well. You would label this as script kiddy? I label him destructive, but not a script kiddie.
May 14th, 2004 at 6:06 pm
You are right about the “spin” against the hacker. But if it’s not true, why should the media intentionally characterize it that way?
You would have to agree that spinning in the other direction — to characterize microsoft as inept power mongers who are a threat to their consumers for making such software that can be exploited so easily — is probably even more effective. That is, if the goal is really to minimize such hazards as posed by Sasser.
May 14th, 2004 at 6:10 pm
dumbass.
what os is on 90% of the worlds computers? would you write a virus that would only infect 10% of the worlds computers? even if you did, how much would you hear about it? linux and mac have vulnerabilities too.
also, using the analogy in another’s post here, would put the victim of an attempted murder on trial for not wearing body armor?
May 14th, 2004 at 6:12 pm
EXACTLY!
May 14th, 2004 at 6:13 pm
“Jaschan’s worm took advantage of computers whose owners had been lax in security and updating their software. The blame can be shared”
using that same logic:
Hey why are you pissed at me? Your car didn’t have an alarm so I stole it. The blame can be shared here because you were lax in you security efforts.
Sorry that just doesn’t fly
May 14th, 2004 at 6:13 pm
first point, the media isn’t spinning, they are reporting the characterization handed to them by the authorities.
second point, i’ll just copy/paste from another post…
<paste>
dumbass.
what os is on 90% of the worlds computers? would you write a virus that would only infect 10% of the worlds computers? even if you did, how much would you hear about it? linux and mac have vulnerabilities too.
also, using the analogy in another’s post here, would put the victim of an attempted murder on trial for not wearing body armor?
</paste>
May 14th, 2004 at 6:20 pm
It is certainly true that Jaschan is criminally and civilly liable for his bad acts.
However, there certainly is legal precedent that Microsoft should also be held liable for producing software which is so prone to compromise. There is a legal concept of “attractive nuisance”. It says that if you leave something laying around that is likely to attract the attention of people who are likely to misuse it and hurt themselves or others in the process, you are just as liable as the person who actually caused the harm.
For example, imagine that you leave a handgun laying on the sidewalk and walk away. Somebody comes along, plays around with it, and accidentally shoots a bystander in the process. Who is liable? Both of you!
It is not difficult to regard the security-challenged Windows line as a similar sort of “attractive nuisance.”
May 14th, 2004 at 6:24 pm
The role of journalism is to ask questions, not simply regurgitate verbatim what is said by authorities. Several people have pointed out that the characterization of the hacker doesn’t make sense, yet the author just ran with it.
Secondly, the body armor analogy doesn’t work. The internet is an inherently dangerous place, therefore Microsoft has a responsibility to its customer base for upholding its responsibility in making secure software. Afterall, Microsoft not only agrees with the idea of having responsbility in making their software secure, they actually taut this as a strong feature of their products. That is obviously a joke to any informed critic.
May 14th, 2004 at 6:33 pm
Ah, but the more secure operating systems are already out there. The problem is that you have to become actively involved with any of them to keep them secure. The general public has already proven time and time again that they donât want to do that. They would much rather sit back and whine when something goes wrong.
I despise M$ just as much as the next person. If it were not for the fact that there is still a great deal of software and web content out there that just is not friendly with the other OS choices, I would have dumped it long ago for something more streamlined and stable (ie. Linux).
While I would never want anybody to think that I am supporting the Monopoly that is Mickysoft, I have to think that the blame for the devastation that many of these worms and viruses should be shared by (if not completely given to) the people at each of these organizations that are responsible for data security and/or system administration.
The protection against this worm (and many of the past cyber monsters) was readily available before the worm was even released.
On a personal level, I have yet to fall victim to any of these simply because I make it a point to keep up with the virus definitions and patches available for my particular systems.
How many others can honestly say that?
May 14th, 2004 at 6:41 pm
Rather than stupidity, perhaps Microsoft has intentional backdoors in it’s post ‘98 OS to allow them to sell adware and spyware to companies and probably even the govt. After all there’s a reason Bush wants to be sure we all have broadband. Also, China won’t buy computers with windows I understand. Don’t want us peekin’ in.:)
May 14th, 2004 at 6:41 pm
I couldnât agree with you more if I had said it myself.
The best place to put this blame would be on âthe emperorâ for misleading and putting the general public in danger for his own personal gain.
May 14th, 2004 at 6:47 pm
Would you care for some cheese to go with your whine?
If itâs that big of a problem for you, then quit doing it! Even better yet, why donât you educate these supposed âfriendsâ of yours to your basic level so that they can take care of it themselves? Or does it threaten you to think that they might someday be just as smart as you and POSSIBLY even surpass you in knowledge?
Why do you want to keep them dependant on you for taking care of their stuff?
This rant seems suspiciously like that of a control freek.
But then again, this is just my opinion. I could be wrongâ¦
May 14th, 2004 at 6:50 pm
I’m impressed! You’re a bigger prick than i thought!
May 14th, 2004 at 6:53 pm
Oh and by the way, 90% of the websites in the world are run by unix machines, not Windows.
May 14th, 2004 at 6:57 pm
I’ve been reading all the posts with much interest and I feel that all sides have a valid point. Using my limited law school studies as a springboard, I’ve tried to synthesize all the arguments into a coherent whole. Here goes:
I think a lot of the posters feel the kid should get off because they hate MS and Mr. Gates. Fair enough, but if the kid had knocked out linux boxes they might be singing a different tune.
The first thing that struck me is that people have conflated two issues into one: the legality, severity and intentions of the kid who wote the script on the one hand, and MicroSoft’s security flaws and bad PR on the other. In my mind, the two, although related, need to be separated.
Starting with the kid’s actions: people are quite right when they say a victim’s failure to take precautions do not excuse a perpetrator’s actions. This is true, but there is a difference between guilt and liability. In criminal law, there is no defence, analogies to serial killers, car thieves, burglers, are all valid on this point… you are guilty of a crime and the victims lack of body armour, alarms, locks is irrelevant. That is a matter for the state.
In civil law however, although the theory states that “you take the victim as you find them”, in practise, contributory negligence does make a difference when it comes to damages, not liability per se.
A judge would say, “yes this guy is responsible (therefore liable) but you as a commercial party, savvy tech-user, who knows that the Internet is a bad neighbourhood, should have known better than to be lazy when it came to applying readily available patches. Therefore, you should be responsible for 90% of your losses” (the 90% is just an example).
So, how to punish the kid? Criminal charges, in my opinion, would succeed. Civil charges would be a waste of time, the kid has no money and I doubt his parents are all that well off. Jail time might be appropriate if one wants to highlight the severity of the offence and send a message to the hackers. Personally, I wouldn’t go that far. I think one of the posters hit the nail on the head when he spoke about spending weekends cleaning up worms etc. If you really want to teach him and his buddies a lesson, I’d go for the following: let him finish high school if he writes personal letters of apology to all his known victims. Then, he should be forced to work 40 hours a week for at least a year, for no pay, in an IT department applying patches and cleaning worms. After that, with good behaviour he can go on with school. This way, he sees first hand the consequences of his actions and understands their costs. Also, his hacker friends might be more deterred by having to work for “the man” than juvenile prison with cable TV and 3 meals a day.
Now, Microsoft. Guys, the only way to fix this problem is consumer action. As long as you let MS use you, the customers, as lab rats for bugs, the problem is not going away. First, refuse to buy new versions for at least a year and tell MS that you’re waiting for THEM to fix the bugs on their dime. Second, pressure lawmakers to look into software industry End User License Agreements (EULAs). No other industry gets away with this kind of nonsense. If you buy a car and it has serious design flaws leading to losses, you can sue. Why should MS and others be exempt? Third, push for more rigorous certification and testing standards for all commerical software. No product should be on the market unless it proves it plays nice with others and doesn’t open you up to eavesdropping. While I don’t think that items two and three will actually become reality, the mere suggestion of organized political action will push MS to get its house in order. If not, well, you might have to finally learn how to use linux if for no other reason to teach MS a lesson that if you’re going to be responsible for your own security, you might as well save money on the purchase price.
Hope this was enjoyable to read, I look forward to your comments.
Montreal, Canada.
May 14th, 2004 at 7:00 pm
I agree. He wrote Sasser and the first version of Netsky…and the cops actuall believe he was innocently trying to warn people?
Even if he was just a scriptkiddy, he was trying to act like a big boy black hat…and ‘change the world’ with his teen angst. And the sad reality is that he watched ‘The Matrix’ way too many times and thought he was the next digital messiah.
How would he feel if a Delta airline crashed into a mountain because of his worm? Overly-emotional teenagers never see the big picture.
And, unfortunately, this also highlights how very little law enforcement knows about cybersecurity and what they are up against. A PFY sitting behind a computer screen is not their usual criminal suspect…and the kid hackers are being heavily underestimated by everyone not directly involved with the computer industry.
May 14th, 2004 at 7:06 pm
Interesting point. I think the “attractive nuisance” doctrine would fail in this instance because far from leaving a gun on a sidewalk, people deploy MS in their homes, their offices, on their private networks and far from “walking away” they retain possession at all times.
In order to get to the “attractive nuisance” in this case you have to leave the public sidewalk (which is also a bad analogy because most portions of the e-highway are now privately held) and enter someone’s private domain.
Besides, this civil liability tool is there for people who are liable to begin with but want to blame the owners of the gun too. In this case, the kid who wrote the script would have to sue each of his victims in order to try and claim this. Very, very, very unrealistic and unlikely.
Ultimately this is a matter for criminal law on the one hand and consumer pressure on Microsoft to get its act together on the other.
Cheers,
Montreal, Canada
May 14th, 2004 at 7:06 pm
If that is true, then I guess the only real car out there is the original one that Mr. Ford created with his own two hands (does that make places like Chrysler and BMW ‘autokiddies’?).
Even more interesting is the thought that some company like Goodyear could be considered a âwheelkiddieâ since they obviously didnât invent the wheel, they just took the idea and improved upon it.
The whole world is and has been built on the concept of modifying existing knowledge and (hopefully) improving on it.
Pass or fail, this kid just did what most of the world has been doing for centuries and will continue to do for eternity.
Can you imagine having to reinvent paper every time you needed to wipe your butt??
May 14th, 2004 at 7:13 pm
As an aside, as far as criminal liability, the authorities apparently believe the unlikely story that the kid was actually trying to write an anti-virus program, which just happened to backfire and cause damage instead. That goes into intentions and possible punishments, etc.
I agree that legal framework should esablished for liability. However, writing software isn’t like following the laws of physics — it’s theoretically impossible to write secure software (just as it is impossible to figure out all the proofs in mathematics). That being so, some standard of competency and willful neglect should be in place.
May 14th, 2004 at 7:28 pm
Quite right, he may get criminal negligence as opposed to the digital equivalent of breaking and entering. This should still be enough to get him at least a year’s worth of community service in an IT department somewhere.
I’m also familiar enough with computers and programming to understand that it would be impractical to get an ironclad guarantee on security, quality of software etc. Still, some movement in this regard would change the cost/benefit calculus of firms that ship buggy software too early simply to increase their bottom line. One does get the feeling that some of these vulnerabilities could have been prevented at reasonable cost. Another possible side benefit to some sort of “vehicle highway testing certification” for software would be the impact it could have on MS’s monopolistic practises. While it wouldn’t eradicate them completely, it could create a more level playing field for competitive application developers. I’m not 100% on all the details but I’m convinced that the initiative is overdue.
Cheers,
Montreal, Canada
May 14th, 2004 at 7:41 pm
This is not as simple an issue as many of those posting make it seem.
Do any of you have the responsibility for 5000 desktops and 500 servers? Try getting those all patched in a timely fassion when there are new patches out practically every day. It may be possible to patch most of the desktops if you invest in some very expensive software, but the servers are another whole problem. You can’t just casually put new patches on operational servers. The patch may cause the server to malfunction and few if any companies allow patches to be put on until they have been tested, which is yet another expense caused by these sort of attacks.
I don’t know about you, but I continue to get Netsky variants sent to me everyday at the rate of 2 to 10 per day. Our email server filters those all out, so I’m fine, but clearly there are many computers out there without virus protection and that have not updated their patches.
And then there is the overall problem that our old model of ‘put a firewall up’ doesn’t work very well with mobile computers bringing in many of the viruses and worms to the inside of corporate network. And of course the spread of these things is greatly helped by the massive number of home users that do nothing even though for them keeping secure is actually blindingly easy – have you set up automatic updates? Even if you want to check before installing the patches, they can be automatically downloaded and wait for you to approve installation.
Oh, but wait, that presumes that all those home computers are on DSL or Cable. What about the massive number of people that are on dial-up? They may not be willing to stay logged on long enough to download the patches.
And as for Linux, it has quite a few of it’s own vulnerabilities and the more popular it gets the more flaws are found and attacks written to take advantage of those flaws. When you have millions of lines of code, it’s not trivial to find all the poorly written lines.
Of course elliminating flawed code is the ultimate solution and I would venture that even MS is making some effort to that end.
The bottom line must remain that anyone who writes a worm, virus or other form of attack on our computers and networks is committing a criminal act that has both economic and potentially life threatening impact. As part of the whole system for dealing with the reality of programming flaws that make it possible to write worms etc. there need to be improvements in the personal and corporate efforts to patch computers, more prosecution of the worm writers, better (new) methods for stopping the spread of worms across networks and eventually, maybe, some sort of responsibility put back on the companies that write the code in the first place.
But then who will be responsible for open source software?
And will anyone ever give software away for free again if they have a liability if it has a flaw?
save that for another discussion.
May 14th, 2004 at 7:48 pm
Having spent time in a security class with a security professiona from Exxon/Moble I can assure you that is nonsense. Furthermore, they were hammered by Blaster AND Slammer worm attacks.
The notion that ‘98 is more secure than XP shows the level of missinformation that flys around the ether.
May 14th, 2004 at 7:52 pm
care to substantiate those claims with at least some claim to knowing about both OSes as well as having security expertise?
My only comment is: Your “facts” are sorely missplaced.
I also never believe the discussion has never ended, especially with such missinformation being written.
May 14th, 2004 at 8:04 pm
See:
http://www.bradfordlearning.com/_nuke/html/modules.php?name=News&file=article&sid=252
for the real number of web servers running each OS,
That is, of course, if you actually want to know the truth.
May 14th, 2004 at 8:10 pm
Good to see there are at least one or two thoughtful and intelligent people on this discussion. Thanks for the input, Montreal.
May 14th, 2004 at 8:17 pm
well said.
i’ll only add a few comments: there must be intent, choice, free will, call it whatever you want, to require the full weight of liability. conspiracy theories aside, i, personally, don’t believe MS intended to include security vulnerabilities. i do, however, believe that this “kid” had intent. he chose to do this and is therefore liable for the consequences of his actions.
May 14th, 2004 at 8:18 pm
Agreed. The concept of legal liability for insecure software would have a fabulous list of unintended consequences. Every piece of freeware and shareware would probably vanish as soon as one of the authors was sued.
Of course the lawyers would become even more wealthy, but that goes without saying.
I bet MS could easily reach a reasonable level of ‘competency and lack of willful neglect’ as applied to all other products on the market. If there are 40,000 lines of code with security flaws in XP that means their total product is 99.9% ‘good’. Are your cars that good? I doubt there are many products with a 0.1% level of failure in the hands of consumers.
May 14th, 2004 at 8:30 pm
In case you are unaware Service Pack 2 for Microsoft Windows XP will be released with NO piracy protection so everyone can install it and protect their computers from being exploited through latest flaws in the system.
Unbelievably Microsoft stepped over the profits and onto the consumer respect race.
May 14th, 2004 at 8:46 pm
– Do any of you have the responsibility for 5000 desktops and 500 servers?
If you alone have the responsibility of that many machines, then something is DESPERATELY wrong with your company. They either need to get you help, or you should start looking elsewhere.
– It may be possible to patch most of the desktops if you invest in some very expensive software..
Actually, the last time I checked, SUSE was still being given away by Bill and the boys in Redmond. Of course, it does take some initial setup time and users willing to follow some basic guidelines, but it is well worth the effort in the long run.
– You can’t just casually put new patches on operational servers. The patch may cause the server to malfunction and few if any companies allow patches to be put on until they have been tested, which is yet another expense caused by these sort of attacks.
I agree that you shouldnât just patch a server for no good reason, but if you are running Microslop servers you already have a good reason. You canât possibly tell me that you wouldnât be testing the new patches out regardless of a new worm or virus, can you? The âexpenseâ of this testing would be there regardless. By nature of the beast, your servers should be the first place to get the latest and greatest virus patches (I would venture to say that having a central server responsible for virus definition updates checking the parent company once an hour would be about right in a corp. environment). The chances of your users being the first on the planet to get these viruses or worms are extremely low and most of the time a well configured corporate level AV suite will be enough to protect your âmission criticalâ M$ systems {the thought of M$ being used on anything Mission Critical in the first place sends shivers down my spine}.
– I don’t know about you, but I continue to get Netsky variants sent to me everyday at the rate of 2 to 10 per day.. ..but clearly there are many computers out there without virus protection and that have not updated their patches.
And technically those arenât your responsibility or concern. You have done what you should do to protect your environment. On that I congratulate you.
As for the others that havenât, see my first post on this (the one that you responded to).
– And then there is the overall problem that our old model of ‘put a firewall up’ doesn’t work very well with mobile computers bringing in many of the viruses and worms to the inside of corporate network.
This goes right back to what I said above about protecting your core at all reasonable costs. You may not get them all stopped before they enter, but you will be fighting much less if you are properly prepared.
– have you set up automatic updates? Even if you want to check before installing the patches, they can be automatically downloaded and wait for you to approve installation.
This assumes that the home user knows that they exist and even cares. So many people only want to be able to check their e-mail and cruise the web and couldnât care less about the rest of it. That is why people like you and I have our jobs, right?
– Oh, but wait, that presumes that all those home computers are on DSL or Cable.
No it doesnât. Check the settings on auto update again. If you disconnect from the web while it is in the middle of an update, it will resume again when you reconnect (if you set it up right). Of course, if you ask me it should all be set that way by default since the average user doesnât understand the implications of all of this. {Just my opinion}
– And as for Linux, it has quite a few of it’s own vulnerabilities and the more popular it gets the more flaws are found and attacks written to take advantage of those flaws. When you have millions of lines of code, it’s not trivial to find all the poorly written lines.
If you thought I was trying to say that any type of *NIX is without flaws, you misunderstood me. Linux (and all of the other *NIX variants) are nothing but human created code and it is proven many times a day that humans are perfect. The main strength I see with the open source variations of any *NIX is that you have literally hundreds of thousands (if not millions) of eyes searching through the code at any given time and ANYBODY can change the code if they see a flaw. Compare that with the relatively small number of coders in Redmond and you see why *NIX has a much better security history than M$.
Add to that a sense of personal pride when a person sees his/her code being implemented into a world-wide distribution of *NIX and you have some pretty loyal allies in your search for security.
All Linux users are smart enough to know that if someone can break into your system using a flaw, they are at risk to. The difference is that they can potentially do something about it instead of waiting for the Corporate Giant to figure it out and solve it for them.
I wonât touch the rest of your post simply because you have stated it fairly well, not because I didnât see it or read it.
I wonât say that I agree with it all completely, but I will let it ride and allow someone else to critique it if they wish.
Let me just say that I donât see a potentially life threatening event carrying that much weight in my books. After all, arenât we potentially threatening lives every time we get behind the wheel of an automobile?
And with that, I release the soapbox to the next willing speaker.
Thanks for reading.
PS. I will be disappointed if nobody comments. Please share your thoughts on my insane ramblingsâ¦
May 14th, 2004 at 8:52 pm
I think you have made the best, unbiased analysis of the situation, I applaud you for that.
I think another point of why some people would like the kid off is the problem with society not taking responsibility for their own actions. A punishment needs to become std to making worms. I don’t know what should be the criteria for what fits the crime (becuase I do believe it is a crime) but it needs to be done so kids realize their are consuquences to their actions.
May 14th, 2004 at 8:55 pm
I donât use XP at all, so that doesnât personally effect me but I will believe it when I see it.
Personally, I hope you are right. It wouldnât correct all of their wrongs from the past, but it would be a step in the right direction.
May 14th, 2004 at 9:01 pm
“scriptkiddy” “lack of experience in programming”
but able to beat micro$ofts os security
or lack of it !
May 14th, 2004 at 9:01 pm
To this point: “Still, some movement in this regard would change the cost/benefit calculus of firms that ship buggy software too early simply to increase their bottom line. One does get the feeling that some of these vulnerabilities could have been prevented at reasonable cost. Another possible side benefit to some sort of “vehicle highway testing certification” for software would be the impact it could have on MS’s monopolistic practises. While it wouldn’t eradicate them completely, it could create a more level playing field for competitive application developers. I’m not 100% on all the details but I’m convinced that the initiative is overdue.”
Software, for the most part, is a market driven business. The pressure to deliver “the next greatest thing” is intense. Perhaps it is the fault of setting the wrong expectations. What coder do you know hasn’t said, “oh, that? i can fix that in 5 minutes!”, fixes something and breaks 10 other things in the process some time in their career? If consumers become release-junkies, coders will deliver, for better or worse (mostly worse!)
The highway analogy does not quite work either. In the auto industry, does the road change regularly? Does the fuel change? How about the nozzle at the gas pump? Does it change shape, flow rate, etc.?
I’m all for quality in software. Perhaps we can look to a medical or legal analogy: coders practice software just as doctors practice medicine or lawyers practice law… What mechanisms are in place for those professions to ensure quality? (I’m asking, since I’m a coder, not a doctor or lawyer…)
houston
May 14th, 2004 at 9:01 pm
To this point: “Still, some movement in this regard would change the cost/benefit calculus of firms that ship buggy software too early simply to increase their bottom line. One does get the feeling that some of these vulnerabilities could have been prevented at reasonable cost. Another possible side benefit to some sort of “vehicle highway testing certification” for software would be the impact it could have on MS’s monopolistic practises. While it wouldn’t eradicate them completely, it could create a more level playing field for competitive application developers. I’m not 100% on all the details but I’m convinced that the initiative is overdue.”
Software, for the most part, is a market driven business. The pressure to deliver “the next greatest thing” is intense. Perhaps it is the fault of setting the wrong expectations. What coder do you know hasn’t said, “oh, that? i can fix that in 5 minutes!”, fixes something and breaks 10 other things in the process some time in their career? If consumers become release-junkies, coders will deliver, for better or worse (mostly worse!)
The highway analogy does not quite work either. In the auto industry, does the road change regularly? Does the fuel change? How about the nozzle at the gas pump? Does it change shape, flow rate, etc.?
I’m all for quality in software. Perhaps we can look to a medical or legal analogy: coders practice software just as doctors practice medicine or lawyers practice law… What mechanisms are in place for those professions to ensure quality? (I’m asking, since I’m a coder, not a doctor or lawyer…)
houston
May 14th, 2004 at 9:09 pm
While I think we mostly agree, I have to say this:
There is no way to determine how many “flawed lines of code” are in a program. In theory, the entire program is vulnerable, inherently, and that situation can never be escaped.
May 14th, 2004 at 9:37 pm
Hmm, yes. interesting analogy, both of you.
(gratuitous handjob exchanges, pleasantries, etc.)
Spot-on for your accurate and thorough depiction of the quagmire this whole escalation of ‘information distribution’ versus ‘malicious code-writing’ has proferred upon us. I believe that the most apropos summation thus far, vis-a-vis the examples previously given, is…
(blah blah blah pointless random 1’s and 0’s digital detritus, keep on flowin’…yeadda pooh filth gnarch).
hmm…perhaps self and self’s cohorts should praise the binary goddess for all this wacky crazed talk about the ability of some ppl to bleed the fiber-machines and inflict temporary delays onto the magical wunderbar super-duper-cool Technology (c, (r), ™, etc.) that enables us to spend more time talking than actually doing. reading about things than experiencing them. and so on.
hehehe…you ninnies and excessively anal-retentive ‘oooh punish the kid’ just wait…you ain’t seen nothin’ yet.
I WANNA FUSE ALL THESE CHIPS INTO A BIG HUGE GLASS SMOKING DEVICE AND FREEBASE SOURCE CODE! NUMMY! MY INTESTINES DANCE THE CAN-CAN EVERYTIME I HEAR OF ANOTHER SERVER HACK! WINDOWS, MAC, UNIX…THEY’RE ALL DELICIOUS WITH ENOUGH SALT!
May 14th, 2004 at 10:36 pm
“‘Sasser,’ a worm that disrupted the computers of Delta Airlines in the United States, the British Coast Guard and the European Commission in Brussels.”
Why would any business or government still put anything other than isolated games on an alleged operating system that is at the mercy of any dysfunctional juvie who can copy and paste some Visual Basic?
I certainly will never fly Delta. I don’t want to risk having the ‘captain’ announce, “Please buckle your seat belts. Due to an unexpected Outhouse macro virus, we will be crashing into the sea in approximately 30 seconds.”
Or maybe this from the British Coast Guard, “Dash it all! We’d love to come to the aid of that supertanker crew breaking up on the rocks, but we can’t move until the anti-virus software finishes cleaning our bloody MS Windows. We should be there tomorrow, after 7 reboots and the new patch comes out.”
I won’t touch the irony of the European Commission knocked out because they are using a system by the very vendor they are attempting to fine for anti-trust violations. That one’s good enough all by itself.
Anyone who uses that toy system for anything beyond toys is, demonstrably, an idiot.
May 15th, 2004 at 12:18 am
Hi, very good points, it got me thinking.
I’d say that software is not that unique in being a “market driven business” the automakers, candy-makers, etc. would all make similar, equally valid claims. The biggest difference is the rate of technological change. This is is probably unique. I say probably because I can’t think of an industry that faces a similar learning curve in terms of Moore’s law… well… hardware capabilites seem to outpace software development with fewer defects. In any event, the point you make is valid.
As far as cars are concerned, while the road and fuel don’t change, engines do, alloys and other materials do, designs do, environmental and safety regulations do. In similar fashion, any change in one part could impact the performance of others. But, regardless of what is used and how it is designed/made, the brakes have to work, it can’t catch fire at the slightest bump. etc.
The overall importance is critical enough to warrant certain standards. The analogy is flawed but the software industry’s products, at least SOME of them, have reached a point where their performance is also critical. How do we solve this?
In medical and legal professions, the quality comes in at several levels. The first level is accreditation of schools and training programs. The second is licensing boards that set minimum standards by determining codes of conduct and by requiring even those that have gone to the schools to pass board/bar exams. The third is liability insurance. Part of this is provided by mandatory bar/board fees, the rest is supplemental. Although no doctor or lawyer can guarantee results, you can sue them for mistakes, negligence, etc. I’m not sure if this is the correct model to follow for software because the issue is not so much the coders as the final product. Doctors and Lawyers don’t create and sell products, they provide services.
I’d prefer not to regulate software creation and coders but to improve the quality of commercial providers of critical systems, particularly operating systems. Notice I specify “commercial” which means that freeware/shareware would remain “at your own risk”. The thing that bugs me is that MS operating systems are pretty much also “at your own risk” yet we pay good money for them.
Anyhow, this merits more thought, a nice problem to chew on for a while
Take care,
Montreal, Canada
May 15th, 2004 at 12:24 am
Freeware/shareware is non commercial to begin with, so they could escape testing if they wanted to. It would be hard to sue a shareware creator since he didn’t take your money, didn’t force you to try his product and offered you no expectation of performance.
As for the % issue… if a car is 99% OK, what good is that if the 1% are the brakes?
Cheers,
Montreal, Canada
May 15th, 2004 at 3:13 am
Here’s an idea – don’t fucking run windows on your god damned critical operations like AIRLINES or GOVERNMENT AGENCIES
fucking idiots. I call it natural selection. If these idiots are actually stupid enough to run Windows, well, all the power to the virus writers. Jesus christ.
May 16th, 2004 at 4:05 am
Still,
A major corporation’s flagship product, felled by an amateur with no or little inside information “by accident”. If General Motors built like Microsoft built, they would be subject to tort. I’m not saying that software has to be airtight, but given the time and experience that Microsoft has had at building operating systems, I would have thought they would have put enough care in their designs to simplify and segregate and defend the operating system kernel.
May 16th, 2004 at 4:18 am
Right on brother.
May 16th, 2004 at 6:20 pm
010010010010000001101100011011110111011001100101001000000111010001101111001000000110001101101111011100000111100100100000011000010110111001100100001000000111000001100001011100110111010001100101001011000010000001100011011011110111000001111001001000000110000101101110011001000010000001110000011000010111001101110100011001010010000100100001001000010010000100100000010010010111010001110011001000000111010001101000011010010111001100100000011001010110000101110011011110010010000001110100011011110010000001100011011011110111000001111001001000000110000101101110011001000010000001110000011000010111001101110100011001010010000100100001
May 16th, 2004 at 6:21 pm
0101001001101001011001110110100001110100001000000110111101101110001000010010000001001001001000000111010001101111011101000110000101101100011011000111100100100000011000010110011101110010011001010110010100100001
May 17th, 2004 at 2:48 pm
if i was using a m$ os, i would be really scared by now. all this havoc from a scriptkiddie. just picture, hat a dedicated attack of a handfull of real hackers could have done…
May 18th, 2004 at 2:53 pm
You are one stupid idiot, someone should beat you to death, fucking moron.
May 19th, 2004 at 5:44 am
i agree with you
i think every government should not trust on any operating system
developer and they should built their own private operating system
anti-trust to all operating system developer!!!
-a.L.i-
May 27th, 2004 at 4:12 pm
This is how we learn. There is a gigantic void in computer technology that is, and will continue to be, filled with people who want to crash test the tech most of us take for granted. If it wasnt this kid, it would have been someone else. It is my humble opinion that it is these types of people that make our tech stronger and actually server to increase security over the long haul. If it wasnt him, it would be someone else. This exploit has been know about for some time now. The admins who failed to properly protect themselves are just as responsible as the virus author. Microsoft is also to blame for this because of ……nm, anyone who doesn’t agree with that does’t have enough knowledge to provide a decent opinion anyhow. Lots of contributing factors here. I do not believe it would serve any greater good by punishing this kid. No monetary recovery, lost time is still lost time, and as far as discouragement….good luck. Virus authors are seldom caught and most of these kids dont even believe they are doing anything wrong until it is entirely too late.
August 1st, 2004 at 11:14 pm
It wouldn’t matter if he was the reincarnation of Seymour Cray; there’s no way the news would portray him as anything other than a complete and utter dill. The way to punish script kiddies is to have the news portray them as idiotic, rather than notorious.
July 6th, 2005 at 4:34 am
Brilliant! Positively Genius! Such facile command of the language, and such prodigious capability to express oneself! What I find especially striking is the rebellious refusal to use capitalization or punctuation. How do you do it? Where does one find that elusive spark?
February 9th, 2006 at 1:39 am
Student loans, and student loan consolidation – Lock in the lowest rate with NextStudent. We also offer a scholarship search engine, private student loans and federal student loan applications.
http://www.nextstudent.com/plus_loans/plus_loans.asp
July 7th, 2007 at 1:32 pm
This is exactly what I expected to find out after reading the title . Thanks for informative article