Microsoft's bounty

[toast]

From CNET.com newsletters.

THE WEEK IN REVIEW: Microsoft's bounty

Microsoft is so fed up with the recent spate of viruses that it
has declared open season on the authors who release them onto
the Internet.

------------------------------------------

The software maker has created a $5 million reward fund to
track down writers of worms, viruses and other malicious code.
The initiative's first two bounties--to the tune of $250,000
each--will be for information leading to the arrest and
conviction of the people responsible for releasing the MSBlast
worm and Sobig virus.
http://ct.com.com/click?q=3d-oieNIbz96htKGYRAgrjEZXyGcwpt


An interesting debate over who should make justice on the Web. Companies ? Trials ? National ? International ? ...

 

[JetwingX]

i think this was posted somewhere else

http://www.macosx.com/forums/showthread.php?t=38223

 

[Veljo]

Who should make justice for Microsoft? [Silence]. Anyone?

 

[bobw]

Maybe Microsoft should start by making a product that isn't prone to these attacks.

 

[fryke]

You mean an operating system with only 2% market share? ... No, seriously now: Believe me, one can write worms and viri for a UNIX based system, too. And while Microsoft is certainly at fault, the real problem is its ubiquity. It's just too easy to spread viri in such a top-down monoculture.
I _think_ Microsoft is doing what you propose: They start making products that aren't prone to these attacks. But they have to consider more than just that. (And remember that I'm a Mac guy, too!) ... Not that I have pity for them, but their task of getting Windows secure is, at this state, quite difficult, without breaking too much on the way.

 

[mr. k]

Wouldn't it have been fairly simple to ship windows systems with a relatively closed firewall? Windows machines ship with no firewall at all, although one can easily be enabled. With a few thousand machines on a corporate network blazing down the superhighway on an ultrafast connection this can become a real big problem -- there is almost anywhere that the viruses can come from.

 

[Cat]

Microsoft has a lot of problems:
-poor coding: patch upon patch upon patch with bugs
-poor security handling: it ships with firewall open, outlook ('nuff said) and with messenger-pop-up-exploit on
-the monoculture: both their fault and the fault of the corporations that use it
-and last but not least: indeed PEBKAC

Yes, virusses can be written for UNIX too, but it's hell of a lot more difficult. UNIX does't have an e-mail client that automatically downloads and opens/executes attachments (default on outlook AFAIK). UNIX users mostly know what they are doing, because the OS is not user-friendly. The Mac OS is user-friendly, and protects the user. Windows is user-friendly but protects the user as much as the emperors new clothes ... What I'm getting at, is that they practically invite virus writers in. Yes, everything is ultimately crackable ... so what? Not a reason to give up on securtity IMHO.
I hope they get their act together fast, because when M$ goes down and worms take over the net, everyone suffers. It is however a good time to make people switch to alternative OSes.

 

[Arden]

Microsoft should stop publicizing the security holes they find in Windows. Then virus writers wouldn't know where to go next.

Oh wait, they'd find them on their own!

I don't know why anybody would want to write a virus for OS X when it's so much easier to write one for Windows. It would be like trying to decide between breaking into a high-security bank with a few thousand bars of gold vs. a bank with several million bars of gold and a single narcoleptic security guard.

 

[powermac]

Here is an interesting, but same article on the web about it:
http://www.washingtonpost.com/wp-dyn/articles/A49614-2003Nov1.html.

 

[voice-]

arden, I believe at least a few of these virus makers are in it for the glory. They like reading about themselves. This makes Macs a good target, since there are no viruses yet.
For the same reason, many Mac users probably don't even bother to keep the firewall up, we think we're invounerable.

Thus, the writer of the first Mac OS X virus could infect many computers, and get headlines in just about any IT news-site.

PEBKAC is definatly the biggest security hole in any OS, although MS should be fixing a few more holes before they even shipped the products.

 

[Arden]

If I were a virus writer "in it for the glory," I would avoid writing a Mac virus. Sure, you could get a few reactions, but most people use Windows and you would get much more recognition (if anonymous) by infecting millions of people, guaranteed, than possibly a few million if that.

I mean, sure, you would gain recognition in Mac circles of being "the first." But who cares when you can't even take down many, many large businesses, like banks, ISP's, and even the US DoJ?