By silicon.com, 10 May 2004 11:00
Microsoft's offer of a $250,000 reward for information leading to the arrests of virus writers has finally paid off.
The writer of the Sasser worm which caused so much disruption last week was arrested over the weekend in Germany and now several individuals, reportedly from the same region of the country, are left with the enviable task of working out how they will spend Bill Gates' megabucks.
On the surface, everybody would appear to be happy. Businesses affected by the worm last week may take some solace from news the individual responsible will face punishment. Those of us who call for such crimes to be taken seriously should also be glad something has set the ball rolling in that direction.
However, at the time the initiative was announced - especially amid concerns over lenient sentencing for those convicted of writing and distributing viruses - fears were raised about who will be claiming this money - a detail which will most likely be kept secret.
This bounty was meant to tear apart the virus writing communities and destroy mutual trust and the 'honour among thieves' culture which leads to collaboration and an impenetrable safe-house society that rallies around to protect its members' identities and whereabouts.
But some suggested members of virus writing teams may even opt to take turns at 'doing the time' and reaping the rewards. Others simply questioned the moral implications of rewarding people who may be breaking the very same laws.
After all, the only people normally armed with the information to hand over the identity of a virus writer are other virus writers - though we cannot assume any such link regarding the specific case of the Sasser virus writer or the informants.
Similarly it is unlikely to be neighbours or even family friends who proffer such incriminating details.
The arrest of a teenage virus writer (as most would appear to be) is invariably followed by quotes in the media from neighbours saying "we're shocked, he was just a quiet lad who lived with his parents and kept himself to himself - we never imagined he'd be capable of this" (because virus writers are normally outgoing, gregarious souls?).
If somebody is having an affair with the woman at number 27 you can bet the whole street knows about it - but if a teenager is writing viruses in the back bedroom of number 19 it's unlikely anyone is any the wiser.
So the question is: does the means justify the ends? Should Microsoft be handing over this money on a 'don't tell us why you know what you know - we don't want to know' basis?
Should we assume that as long as individuals are arrested then it's working and it's worthwhile?
The final word is, of course, with Microsoft. Who are we to question how Bill Gates' spends his money? And who are we to remind anybody that Microsoft has not always been seen to 'do the right thing' where long-term security is concerned?
Comments
There are 2 comments. Join the discussion
1. Knut Boehnert
If in the end there is less malware flying around in the internet - and thus less cost to clean up - then it is money well spent.
And if bounty money leads to a new profession of a free-lance virus writer hunter - then I consider this a check system that might just work better than non-enforced laws. Non-enforced and non-threatening because the individual/group eligible for punishment is never caught.
After all, fear about reprimands is one of the biggest check constraint in humans.
2. KL Poh
The only way to prevent virus writers to benefit from the Microsoft offers of rewards is to increase the punishments drastically. Nobody would then think of "doing time & collecting the large reward".
In fact , the only way to finally reduce or even stop this virus non-sense is to make the punishments so severe that the would-be virus writers would think a 100 times before sending out viruses!!!