Comments on: Microsoft reward snags suspected Sasser author

The software giant's $5 million fund for rewarding informants for leads on virus attacks snags its first success with the arrest of a man in Germany who has confessed to the release of the Sasser worm.

[arthur-b]

one down, several millions to go

Leave it to PR to call this a success but the fact is that there's still plenty of oppurtunity out there to cause more havoc.

In all a true Microsoft tradition. Fight symptoms rather then causes because it looks better on paper.

In other words, not even a $10M reward will make the problems related to Microsoft's insecure products go away. And let's be honest, even $10M would be nothing more then pocket change for Microsoft and still a whole lot cheaper (at least for them) then rewriting their insecure products into more secure versions.

Maybe one day the idea will sink in that things happen for no other reason then because they can. It's just to easy.

I had Sasser 2 Weeks ago!

It could be that I was one of the "lucky people" in the UK to become the first victim to the Sasser Worm a couple of weeks ago. Whatever, I couldnt find any resources about its origin, damage or repair at that time.

Even so, as a software developer and IT company director I think it is highly amusing that (a) People can be prosecuted for exploiting the proffesional incompetencies of software empires, and (b) the same software empires would offer a reward to prosecute individuals that should exploit their badly built products....

Its like Lexus prosecuting somebody who has an accident in one of there cars because it was faulty....

You draw your own conclusions...

Lexus analogy

No, it is not "like Lexus prosecuting somebody who has an accident in one of there cars because it was faulty." It is like some malevolent jerk finding a small space in the undercarriage of a Lexus and running around planting bombs in all the Lexus' on the planet blowing them up. Then Lexus offers every Lexus owner a free piece of metal to cover the opening, along with prosecuting the malevolent jerk who blew up all the Lexus owners. The victim of the crime is not Lexus, it is individual people who own the cars, and the perpetrator didn't attack Lexus, he attacked each individual who owned a Lexus.

There should be class action lawsuits against the jerk(s) who create computer viruses brought by all system owners who are infected -- and the punishment should be 10 minutes in jail for each infected system. Let's see... if you infect 1 million systems, that would be... just over 19 years. Sounds good to me. And while they are in jail, they should be writing helpful freeware -- with time off for each good program they provide for the world.

[rbannon]

Shoddy product . . .

I think Microsoft should be charged as a co-conspirator. Yes, I
am serious.

I doubt they will collect anything...

My take on this is that the informants knew the
author. If that is the case they will most likely be charged as co-defendents, and I really
don't think that Microsoft will pay the author(s)
of a damaging virus. I also agree, that whenever
someone find a security flaw in anyone's software, that company has the responsibility to
immediately inform the public and issue a fix for the problem.

Attitude adjustment

I agree that the informants probably knew the Sasser's creator and that the possibility of them being charged as co-defendants is a real one.

What I don't agree with is this big-brotherish attitude that it is a person's, or a corporation's duty to hand over intellectual property (a.k.a. security flaws and fixes) for free to the general population.

It takes a tremendous amount of work to find both security flaws and their solutions, and very few people worth their weight are going to offer there time and effort without some sort of compensation.

In addition, If the persons involved in handing over information vital to the arrest of the suspect are charged as co-defendants, it is quite likely that people will think twice about offering information leading to arrests in the future.

[bjbrock]

I find it interesting that an 18yr old...

kid was able to wreak such havoc with a product written by "professionals". Probably very high paid professionals. I think this is just another testament to how unprofessional Microsoft and their products actually are.

Microsofts products are nothing but Mickey Mouse.

Microsoft needs to be sued for every dollars worth of damage that was made possible by their pooor excuse for software. Their OS has not been the only dangerous product. Every product they have sold which "listens" ocer the Internet has been a source of great pain and suffering by trusting consumers. Microsoft should be held accountable for this pain and suffering.

And, what evidence do we have that this person is the penner? The word of someone whose first question was how much do I get paid?

MS has turned the PC into a pile of junk do to junky software.

Just another digital artist caught for making art...

I agree with Bill Brock. He's right about Windows being cr**. We pay Microsoft $300 to give us an OS written by some hi-priced key-typers which some 18 year old kid took advanage of. We shouldn't have to deal with kind of junk, this is why i hold faith for Apple. Their OS and hardware far surpass any Windows hardware or OS. They may lack in a few area's, which is acceptable, but compared to Microsoft they're rock hard OS's.
I understand that these guys are out to mess with our computers and just mess up our day. But, these are the digital artists who can make a program do amazing things through a tiny software hole. Very few people understand the skill it takes to make a virus. Microsoft shouldn't put these people into jail, but make them work off their debt. They could catch people and get them to hack the latest verson of windows, fix it, then relase it. Wouldn't that make more sence than this "f***'em! put them in jail" aditude? Free OS testing and then less problems to deal with? Oh wait, i just gave another billion dallors to Gates. I think we should all get together and sue him, wouldn't that be a hoot? lol. But then he'll get his high-priced laywers on us and we're dead. Hence all the digital attacks on him, can't sue a computer can he now?
Well i'm just some teenager with big idea's for the internet, no one listens to me anyway. HA, i bet this won't even make it through filtering and it will be taken down. But you just wait, Gates will be the demise of his own world. Soon the furits of Apple will be ripe for picking. Ever notice that apple systems are very sercure? Maybe it has to do with it's founder being a hacker himself.

I dont understand this!!!

This is in my 15 minutes of checking out this news forum has been one of the most uneducated and non-professional areas that I have ever been to. I cannot believe that the majority of the people here are complaining that this is a Microsoft Corporations problem. This problem does not start with the company itself it is the people on the Internet who does not respond to the term "CRITICAL UPDATE". The vulnerability patch for worms like sasser has been out since early April and it is NOT Microsofts fault in any way that the entire world got infected. As a matter of fact I am managing a MS Network that has all critical updates done by the Software Update Server which Microsoft made available for download to help out Net Admins with this very problem. I do not understand how all of you here can say that Microsofts method has not been rock solid because of tools like the Software update Sevices. It is proposterous to hear professionals whine about how you or anyone else didnt get the job done. At the end of the day it is no ones fault but your own when problems occur like with the sasser worm. I hope they bury this guy under the jail to make an example to future authors of this nature.

It is time we stopped complaining and acted!

Well we have all be hit by the lastest virus, or not as the case may be.

I have read with interests comments that how can an 18 year old child do this much damage?
When Microsoft have all these highly paid profesionals.

Am i a Microsoft fan? Yes and No. YES. We use Microsoft on all of our machines and it works very well.
Is there a viable different option? No. We demand more and more out of our machines and we demand
that Microsoft deliver it fast. We don't want to wait. NO. I hate the demands by users for bigger and
faster machines to run the new systems. This is just evolution.

If you got burgled would you blame the police. Or would you learn from your experiences? Critical updates
is the same as the crime provention officer. It tells you of new problems and how to address them.

We could always wait for Microsoft to provide a totally secure bug free system. Would we wait. NO! we all
want it now. Not in 5 years.

With correctly configured firewalls, upto date virus checkers and a little commmon sence, all of these problems
go away. Would you blame the police if you left your keys in the front door? Would you blame the police
if you friendly next door neighbour told the burglars you kept a key under the door mat? NO! Of cource you
would not. So why blame Microsoft?

If we act responsabily and manage our systems correctly. The spread of viruses would be reduced. If the writers
of all these viruses realised they are not going to get as big an impact, they would go away. Its only "fun"
whilst it has a major impact.

I have written this to provoke thought! Not to start a major discsion on the topic. I will sign off with
the following statement. We did not get the Saaser worm. We did not have the critical updates. We did not have the
lastest service packs. We did not have the latest virus definitions. We DID HAVE total network security from the
outside. Think! LOCK THE DOORS.