Comments on: Is hard time for worm author too harsh?

Teenager sentenced to 18 months for writing a MSBlast worm got his just deserts, according to a Web poll. What's your take?

Perhaps we should be thanking him?

While there are several justifications for the sentence, the fact remains that the actual impact of this worm was minimal in contrast to the worst case scenario.

In some ways, we should be thankful for the worm authors who have to date done more to promote security than any technology vendor's ad campaign.

In the wake of each of these non-destructive worms, thousands more machines are protected, and thousands more users are educated about security (my mom can accurately describe the basic functions of a firewall now).

Personally, I'm somewhat happy for these worms, despite the several hours of my own time they cost me supporting impacted users. I can only imagine the economic impact of a similarly widespread worm that, for example, could delete one's entire hard drive. The worms are terribly annoying, probably to the point of justifying this sentence, but they also serve as excellent fire drills.

Are you kidding????

While we are at it, lets be sure to thank Ford for the Pinto's that would, on impact, explode and burn their occupants to death. After all with your mentality and rationalization's, Ford's firebomb did become a driving force to make cars safer and they only killed just a few ppl. Yes this is extreme example but... Is it alright to do wrong even if it is only a little bit? Where would YOU draw the line?? Get a clue man, WRONG IS WRONG and there must be some type of punishment/deterant for those that do wrong and/or are planning on doing wrong, no matter how slight. Only a slap on the wrist is NOT a deterant for others or even the previously convicted, it is only a second chance to reap havoc while trying harder not to get caught. Punishment for a crime is not just to punish the guilty but also to deter those whose might do the same.

[201293546946733175101343322673]

Yeah right

So go thank thieves for breaking into your home, thank robbers to take all of your belongings, thank gangs to kill your family members. Go ahead.

Straw man.

The article says that people associated Parsons with the original attack. It's saying the original attack was worse. So it was but Parsons shouldn't be treated leniently just because he's inept. If I attempt to rob a bank because I've seen somebody else do it I wouldn't expect to get a lighter sentence just because I didn't do it as well as those that have gone before me.

No way.

Keep in mind, other factors would cut into this as well. Such as, is there any other records on this kids background, and if so, anything else along this range? If not, then there's really no need to do this to the kid. After 18 months he could be eligable for a job doing something on the otherside of the spectrum where his skills may not be too far back. In three years.... you've just put that kid to working in McDonalds.

The judge was right to do this man.

[System Tyrant]

There are two kinds

You have two kinds of people. Those who do it because they can and don't figure they will get caught. And those who do it for profit and/or prestege.

You can use people like Parsons to set an example (Yeah it sucks, but hey he did the crime). It will scare off a lot of the "punks", but it's very unlikely it will deter those in the second group. So what you did is put a few "kids" to bed, but the adults will still play.

OR... They will probably scare of those that were curious and not those hard core writers.

Very True...

You won't scare the hardcore criminal types, but even if all you do is stop some of the kiddies who don't really understand the damage they are doing, you've still accomplished something positive for society.

Everyone needs to accept that writing a virus and attacking other peoples systems is wrong, and it's a crime, and if you get caught you will be punished for it.

All these people making justifications for it are part of the problem, in truth in their own way they are as much of the problem as Microsoft for creating flawed security.

new Cassandra

When a civilization adopts a communications network, for
it's Government, finance, industry, research, military and
citizens that is so weak and fragile that it can be
interrupted or damaged by a boy we call this arrogance
hubris. Wise grandfathers used to say, "Don't put all your
eggs in one basket, son." Today we ignore the new
Cassandras and their actions by throwing them in jail. If we
could hear or care to listen to what we don't want to hear
we could begin to understand the level of misplaced trust
in such a delicate
system that places individuals in jeopardy and makes
countries vulnerable

[Mad Dog - Chi]

Microsoft deserves some of the blame

Microsoft deserves some of the blame for allowing computers to be so susceptible.

If a bank leaves the vault unlocked and gets robbed, sure the robber is the culprit, but the bank could have prevented the problem.

We are lucky this worm did not have a more destructive payload. Maybe we should thank this guy for waking people up to the fact that they need to be proactive regarding computer security.

cutting off body parts is more appropriate

I write (application) software for a living - and my code is NEVER going to be bug free. When an operating system has a bug, that is frequently exploitable.

Compared to the good old days of A:\boot we have come a long way. But the consumer demand for more flexibility & communication etc has determined the direction of O/S development. Now perhaps security will get more of a focus.

This sort of deliberate vandalism is no different from a kid keying my Corvette (and 50,000 others). I have a baseball bat waiting for anyone messing with my 'vette - I feel the same way about my PC & my software.

[pixelate]

Maybe we need to blame your little sister

Ah right. Blame Microsoft... so the logic goes, you have a cute little sister and so maybe she gets raped, but just a little, but you know, she kinda had it coming since she showed her face in public... and now maybe little sis needs to thank the rapist because she learned a valuable lesson, and now she will be more careful and wear a burka. The virus writer, guilty as charged, should have been hung from a tree -- I would have gladly supplied the rope.

Blame someone else

Yeah,the answer is to always blame someone else rather than accepting responsibility for your own actions - YEAH RIGHT!!!! The only ppl that are at fault and SHOULD be punished are the ones set are to disrupt and/or do harm. Maybe we should blame the schools for educating them. If they can't read or write... no wait we could even blame the Doctor that delivered the IDIOTS or even the parents that conceived them. That would work, wouldn't it???? COME ON PPL, WE ALL ARE RESPONSIBLE FOR OUR OWN ACTIONS. If you can't do the time - Don't do the crime!!!

[Udri]

Punishment to great for the crime

50,000 computers used by people who don't have the slightest idea of how to secure their own computer. That was the toll of the worm variant released by that kid.

There was a security patch released by Microsoft for the first infection, and all anybody, with the least bit of common sense, had to do was keep the automatic updates running.

The worm was not even a quarter as dangerous as the first version. Parsons is just a poorly educated child, paying a high price for the stupidity of 50,000 users.

He should have been punished, but 18 months in jail is too much for what he did. If anybody wants to hang a virus maker, they should look for the guy who made the original worm.

Cruel and Unusual Punishment

"Neither the original worm nor Parson's variant damaged computers, experts believe."

I agree with others in that all that Parson did was highlight major shortcomings of Microsoft software to these types of attacks, which could have been significantly more damaging. If anyone should be held responsible, it should be Microsoft, for releasing faulty software.

Those who advocate "setting an example," are exactly advocating injustice, because how else do you set an example than by excessive punishment? It means that one person (the one being made an "example") bears a disproportionate burden of the punishment for a crime. "Setting an example" is a ridiculous and barbaric sentiment that has no place in any justice system.

EB

Vette example is bogus

When you bought your 'Vette, did you ever have the impression that its paint was unscratchable?

Well, millions of people mistakenly had the impression that their Microsoft software was reasonably secure. Then they unleashed themselves on the Internet and opened up the email attachments containing the worm.

It's more like they scratched their own cars through ignorance. Or, in this particular case, since there was no damage, it was more like they just unwittingly dirtied up their cars a little.

EB

Re - Vette example is bogus

Sorry Bob - you're right.
I did mis-state my 'vette example. I was really trying to say that I would react the same way to someone trying to break software, that I'd spent a year or more creating, as I would to someone keying my car.

I guess a better example would be that the criminal let the air out of my tires - once I reinflated the tires, there's no harm caused. BUT, how many millions of people had to check their car tires before driving ? It's something they should all do anyway, but normally don't. So, this virus may have caused no lasting damage, but potentially took time from tens of millions of users (checking for .dat updates).

NOW - ignorant users. In court, a defense lawyer might argue that the victim did something abnormal/unreasonable - that the general population wouldn't do - e.g. walking through a bad neighbourhood at 2am with a wad of cash in plain sight - or an English soccer fan going to an away game alone & mouthing off to the home supporters. In both cases, they did something that would not be deemed reasonable behavior by the general population making up the jury. In this case the computer-using public doesn't have the same level of sophistication as the criminals - that's why 419's, phishing, etc. work. I've been writing software for 25 years & I didn't know about the executable trojans hidden in JPEG's until recently - how can the general public be expected to know?

With an ignorant general public, they MUST be protected by the issuing of harsh sentences to offenders. We must make it clear that hacking, viruses, trojans, worms, etc. are NOT harmless fun - even if they cause no lasting damage.

The real cost / The real solution

It has been argued that as "Neither the original worm nor Parson's variant damaged computers, experts believe." thus it is seen seen as something of a no-harm-no-foul case.

But just as attempted murder doesn't actually kill the victim, it IS still a crime. The sentence for attempted murder would be less than that for murder its'self & similarly in this case the criminal got 18 months, when they could have been sent down for 10 years.

Even when there is no damage to a computer, there is a significant cost to users. Some estimates suggest that the online community will exceed 1 BILLION this year & most are likely to be using some sort of M$ O/S. Even though this virus (variant) only affected about 50,000 computers, consider how many tens of millions of people, who may have had to update virus .dat files (if they even had protection).

M$'s O/S has been compared to a bank vault with the door left open. But a better comparison would be to a car that easier to break into than other models - it has locks, they just aren't as good - they were designed to look good, because that's what the consumer asked for .

With the growth in computing, non-computer literate people have assumed that the PC is some sort or self-monitoring, self-remediating, self-guiding device that requires no expertise to use. We have had automobiles for almost 100 years and are only now nearing the point of seeing self-drive machines. So, just as a novice car driver should take lessons & practice before heading onto the freeway, just as the first-time firearm buyer should learn how to use that firearm safely, the new computer user MUST learn how to use their computer, so as to reduce risks.

For as long as the public (and businesses) demand remote access, VPN's etc. they are going to be providing a possible way into their computers, to the criminal.

So,
1. 18 months seems in no way excessive for trying to vandalise something that took many man-years to create. I would prefer a harsher sentence.
2. Windows is NOT wide-open. There is a reason that these flaws are sometimes compared to "back-doors". They are obscure flaws in the system, NOT major breaches.
3. The user must take responsibility for their own system - it is NOT a god. It can NOT protect its'self, without your help. When you park your car in a public place, you turn the engine off, hide valuables, get out & lock the car - you must take the same care with your computer; when you're online, your computer IS in a public place.

[Sboston]

Excellent.

My thoughts exactly!

what?????

What????? An intelligent well thought out reply!! Who would have thunk it? Very well said and be it ever so humble, my opinion is you are ABSOLUTELY correct.

Microsoft....

Microsoft deserves all of the blame. Had they made the OS house that hand Windows that closed this poor lad wouldn't have seen the open Windows and decided to go shopping.

Did the kid get what he had coming? Yes, without a doubt. Did Microsoft get what they had coming for putting out an OS with wholes big enough to drive a Mac truck through? No, at least not yet. Will they? Someday.

Like with IE and Firefox, sooner or later a viable alternative will hit the streets and people will jump from the Microsoft ship like rats jumping from a burning garbage tug.

Don't tell me the alternative is here and it is Linux because it isn't and it isn't. Linux does have possibility, but it also has a long way to go before mom and dad and grandma and grandpa will won't it on their computer. Most importantly we need native applications for it like Photoshop, Dreamweaver and the like. Only then can it really start doing damage to the desktop market.

Robert

Are you that gullible

Do you really believe there is any computer program/OS that is completely safe from hackers. Answer 1) Yes and I ma a blooming idiot 2) Not at this time and we should let those who try to hack what we have run rampant 3) Not at this time so lets try to stop the ppl that intend to do us harm.

The hackers brag that if it is man made is can be man hacked. I guess your solution would be to shut down all computers and users until there is a 100% unhackable OS. See you in about.... forever. If ppl change to another OS, the hackers would only change their attention to the most popular.

way too harsh

In a way, Microsoft should take some of the punishment for
releasing software with so many holes, bugs, and unfixed issues.
Every business that was effected should also be punished for
their lack of installing patches and keeping their networks up to
date with the latest patches. This code writer shouldn't be
thrown in jail, but forced or offered a job in the security field, or
virus company.

If this young code writer gets this long of a sentence for
exploiting bad software, and causing billions of lost time/
money. Then why haven't we seen the CEO's that stole billions
from peoples pensions at major companies like 'Enron'.

Perhaps it's okay to cause pain and strife to individuals, but a
crime when it costs businesses....

Businesses are made up of individuals...

You said "Perhaps it's okay to cause pain and strife to individuals, but a crime when it costs businesses...."

The assumption is that if something only affects businesses, then no individuals are hurt? What kind of logic is that?

If you do something that causes a business to lose a lot of money, you affect a lot of individuduals, potentially even cost people their livelihoods. Innocent people get layed off too, or perhapps you weren't aware of that.

I certainly agree that the people who participated in the Enron scams deserve harsh punishments...

That doesn't mean people writing and releasing malicious code don't need to be sent a message as well. These are kids pranks, and shouldn't be treated as such.

Recommend torture

As someone who has to deal with the disruption to a corporate network and the resulting costs incurred to regain control, I don't feel the punishment nearly fits the global impact of the crime. While recommending torture may be a bit excessive, I'm really tired of working overtime to correct the problems that virus and worm writers are creating. We have to send the message that this type of behavior will not be accepted and will be punished.

Prison sentence will not rehabilitate

Prison sentence will only provide this individual with "networking with other criminals"
What is more appropriate, would be community sentence, Looking after disadvantaged children, looking after elders, looking after "physically challenged persons" (paraplegics etc) And lastly that he be assigned to assist individuals and companies to recover data and infrastructures damaged or detroyed. He / she needs to be put in the shoes of those effected. Rehabilitation is the preferred path, Passport / drivers licence needs to be withdrawn for a certin period and travel beyond his city limits needs to enforced.

I am sure that this individual is your everyday kid next door, everyones son, and needs to be put in a position of responsibility, and prison will not provide this.

Irfaan - South Africa / Switzerland

surely you jest

"Prison sentence will only provide this individual with "networking with other criminals""

And I bet he won't like the network traffic there should he be the HUB of infection. Bet he will have a different outlook on criminal activity when released.

"What is more appropriate, would be community sentence, Looking after disadvantaged children,"

Teaching them to write viri probably.

"looking after elders, looking after "physically challenged persons" (paraplegics etc) And lastly that he be assigned to assist individuals and companies to recover data and infrastructures damaged or detroyed."

Yeah let him have open access to that which he acted criminally with - That makes alot of sense.

"He / she needs to be put in the shoes of those effected. Rehabilitation is the preferred path, Passport / drivers licence needs to be withdrawn for a certin period and travel beyond his city limits needs to enforced."

His exploits could have reached world wide straight from his own bedroom.

"I am sure that this individual is your everyday kid next door, everyones son,"

If he were my son, he would probably prefer the jail time.

"and needs to be put in a position of responsibility, and prison will not provide this."

He was already in a responsible position, resposible for his own actions! He blew that opportunity. Now he pays the fiddler. Wonder how many viri he will write and/or modify after he gets out? NONE? Then I guess we can consider him Rehabbed huh?

MORE INFO

1. This person caused a Denial of Service loss of over $1,000,000 against www.windowsupdate.com - it was not a harmless prank.
2. Prior to the removal of sentencing guidelines, this kid would have got a MINIMUM of 3 years jail time.
3. His lawyers are tring to get him 6 month jail, 6 months treament & 6 months rehab.
4. Kevin Mitnick got this sort of paltry sentence. If you don't know who he his - Google him. KM allegedly hacked NORAD - the inspiration for the movie WAR GAMES & he was also the subject of the movie TAKEDOWN. He kept getting lame sentences & kept offending (stole 20,000 credit card #'s on one occassion). The lame sentence didnt stop him - even holding him for 4 years without trial didn't stop him - but at least we had 4 years he wasn't hacking.
5. A mature citizen does NOT take advantage of another persons mistake, they discreetly tell the person about their error. That's why websites have the "report bug" links.