[news.sysadmin] Punish the worm author?

jlh@loral.UUCP (Physically Pffft) (11/08/88)

In article <367@execu.UUCP> dewey@execu.UUCP (Dewey Henize) writes:
>
>On the next area of consideration, who's gonna get hold of the bastard
>that caused this and beat the shit out of him?  Having a daddy that's a 
>supposedly high security muckety-much should, if anything, imply that the
>[censored] should know a lot better...  And its not like the law is gonna
>do much, the isn't even a clear picture of what laws are broken by ruining
>the days of hundreds or thousands of people..
>
>What the hell, someone had to say that part.  If you disagree, don't let
>that stop you from thanking the GOOD folks.
>
I hate to sound like I encourage this sort of thing but I think the guy did
a lot of people a hell of a favor.  He was non-malicious in intent, but got
zapped by a bug.  What if he had been malicious and had released a better
tested worm (oops, now maybe its a virus again)?  Want your day ruined?
Have the virus sit around until, say, the midnight before term papers are
due.  Then do a 'rm -rf * /' with root priviledges.  He basically did what
any intellegent and/or determined hacker could have done.  Knowing people as I 
do I'd say it's more a matter of when and how, not if and how.

Someone suggested that this virus be loosed upon the land on a monthly
basis.  I think there is a lot of merit to this type of thinking, at least
system administrators would a) be aware that people will try to hack
their systems, and b) educate them as to how their systems are vulnerable.
Don't flame me as an anarcist, the idea in it's present form is unworkable.
But it's something to think about.


							Jim

-- 
Jim Harkins 				jlh@loral.cts.com may work.
Loral Instrumentation, San Diego
{ucbvax, ittvax!dcdwest, akgua, decvax, ihnp4}!ucsd!sdcc6!loral!jlh

sam@neoucom.UUCP (Scott A. Mason) (11/10/88)

Firstly, this is not necessarily a reply to this particular message, but a
reply to all the netlanders who feel that this sort of activity is
favorable in ANY way.

>I hate to sound like I encourage this sort of thing but I think the guy did
>a lot of people a hell of a favor.  He was non-malicious in intent, but got
                                            ^^^^^^^^^^^^^^^^^^^^^^^
It seems as though a lot of people have been saying this.  This isn't
holding water with me.  This program WAS mailicious and had to be designed
with this in mind.  How else would it have been so well coded to do what it
did!?

>zapped by a bug.  What if he had been malicious and had released a better
>tested worm (oops, now maybe its a virus again)?  Want your day ruined?
>Have the virus sit around until, say, the midnight before term papers are

Perhaps you didn't consider the fact that some computers are used for other
things than education.  In the business world, time is money, and CPU time
costs money.  In any case, it is a resource which was maliciously wasted by
the Internet worm.  Try telling the CEO of Big Corp (ficticious corporation
used here for analogy) that your annual report is late because the computer
was brought to its knees by a non-malicious worm.  He would not be impressed.
A worm is a worm is a worm!

>Someone suggested that this virus be loosed upon the land on a monthly
>basis.  I think there is a lot of merit to this type of thinking, at least

Yes, I also heard someone say that "chaos is good."  :)

>system administrators would a) be aware that people will try to hack
>their systems, and b) educate them as to how their systems are vulnerable.

It is the programmers' responsibility to consider all possible avenues that
his program might take.  Good programs don't do bad things.  The system 
administrator should also be concerned with the security of his system,
regardless.  He need not be burdened with extra effort involved with this 
chaotic type of thinking.

--------------------------------------------------------------------------------
"If it ain't broke, don't fix it," and certainly don't blame me.  Oh, by
the way, my opinions are my own, so don't blame them either.
UUCP:  {pitt, scooter, hal, cwjcc}!neoucom!sam    INTERNET:  sam@neoucom.UUCP
Scott A. Mason
Coordinator of Systems Operations, NEOUCOM