From: "Geo" 

"Richard B."  wrote in message
news:9fv9d11j79mh0nlvga40m1cv6u9ljs81km{at}4ax.com...

> >Ok I understand your point, but lets say you are a home user who's
infected,
> >why bother to spend the time to clean your machine? I mean if it weren't
for
> >ISP's kicking them off the net to force them to clean, what motivation
would
> >they have?
>
> But so many more are just happy getting exploit after exploit until
> they get tired of their "slow" PC and go buy another one.

whoa, slow down here.. I'm not talking about cumulative effects, I'm just
saying that stuff like sasser is non-destructive so why would someone want
to clean it? Perhaps a better example is a virus that infects exe files and
can't be cleaned, would a user be willing to completely reformat their
machine because of a virus that does nothing but spread? Without a
destructive payload they have the choice to just keep on using the computer
until something else happens forcing them to reformat or upgrade.


> I was at an IT class last night and the damn place (who also teach
> security) had Sasser, unbelievable.

See, exactly, nobody even knew, they were all still using the computers so
where is the motivation to do the cleanup. If a chemical truck overturns on
your road, there is a huge cleanup effort because it's a destructive
payload, but if it's a sand truck, does anyone bother?

> Maybe the judge should have just hugged the guy to make him stop his
> bad boy behavior.  We all need a hug, right?  Even OBL.  Uh huh.

Ok let me ask it this way. A guy like this kid who writes a virus that
spreads via a known patched bug and is non destructive, and the guy who
writes a destructive virus that spread via a zero day unknown unpatched
bug, they both get caught, both virus infected millions of machines, should
the penalty be the same? Is the law blind to intent? How about the guy who
writes the next codegreen? And one last thought, if the bug being exploited
was a know bug but the software manufacturer released the software anyway,
should we consider that the same as writing the virus or at least
accessory?

I don't think we should just blindly look at a virus and call everyone
involved with it's creation terrorist and lock them up for the rest of
time.

Geo.

--- BBBS/NT v4.01 Flag-5