Virus writers: Lock them up and throw away the key'?

While some argue that imprisoning people for non-violent crimes is a retrograde step for society, there are those who demand to "see justice done" against individuals whose actions can cost businesses and individuals millions of pounds.

Mike Small, VP of security, EMEA at Computer Associates, believes we should not lose sight of the severity of a virus attack or the anti-social thinking behind the virus writer's actions.

"A motivated person with limited resources can do a massive amount of damage if they have no scruples. We have built a critical infrastructure which the whole of society depends upon. This person has gone out of his way to damage and bring down that infrastructure--and his actions were a direct attack on the whole of society.

"The cost of what he has done is being borne by the whole of society and that is a very serious crime and serious crimes are dealt with by handing out custodial sentences."

Graham Cluley, senior technology consultant at Sophos, added: "If somebody has caused real criminal damage then they should be punished. It doesn't matter if they do it through arson, burglary or a virus, if the damage is serious enough then they should be punished in the same ways."

However, CA's Small said punishments should also take specific account of the individual's actions. He supports calls for banning orders on any convicted cyber criminal which would prevent them owning or using technologies such as PCs in the future.

"If somebody has proven themselves to be a risk with a particular technology then of course it makes sense to stop them using those technologies in the future. You cannot risk them committing these crimes again."

Cluley agreed that banning orders will form an important part of punishing the virus writers and may even prove to be the more effective deterrent.

Clulely told silicon.com: "I think it would definitely make sense to say for a period of perhaps five years they should be prevented from owning and using a computer. In many ways I believe the threat of this would hit home for some of them far harder than the threat of a prison sentence. If you are somebody who is really into computers then to learn that you won't be able to send email or surf the web will possibly prove more of a deterrent than other measures--which I believe should still also be handed out--such as a fine or a prison sentence. A combination of the three is probably the best solution."

However, Small and Cluley sounded a cautionary note on the punishments being handed out to virus writers, warning that we shouldn't rely upon them acting as an effective deterrent.

Small said: "The mistake with this argument is to think that if we make the punishments strong enough then the problem will go away, because it won't. What we are seeing is that these punishments do not act as a deterrent," he said.

Clulely added: "I suspect there are a lot of virus writers out there who genuinely believe they will never get caught--and sadly the evidence would appear to suggest they are right."

Instead, CA's Small argued that the onus must fall in the first instance upon companies to ensure they are protected--beating virus writers through prevention rather than deterrent.

"Companies need to be making a concerted effort to ensure their infrastructure is as bomb-proof as possible," said Small. "We have created something we depend upon which is still too fragile. As long as critical infrastructure is vulnerable to attack companies need to re-double their efforts to remove those vulnerabilities."

Have your say. What punishments do you think should be handed to virus writers? E-mail your opinions to itmanager@zdnet.com.au or participate in our talkback forum below.

• Related stories

• Alerts

Add your opinion

Get a grip people, It takes me ...Tarrith Do'Urden -- 03/09/03

Get a grip people,
It takes me max 15 mins to patch my servers.
And 15 mins to fully back-up each server @ the end of the day.
It takes proper seting up to protect my client machines.
If your too slack to patch / update your Avnti-Virus software it untill the virus actually attack you, more fool you. But its not bad enough, even if it wipes my whole hard disk (that's what BACK-UPS are for!), it's not worth locking someone up for three years!

If you cant protect / backup your data...get off the net!

Tarrith

• Reply to comment
• Reply to story
• Report offensive content

Get a grip yourself Tarrith. S ...Gregg -- 04/09/03

Get a grip yourself Tarrith.
Stop the geek speak and don't be a dork, and go back and read the article. The issue is not that we can fix or repair, but rather that there is antisocial behaviour against our society.
To use your argument:
1) some lout scratches your car you worked hard to pay for, it only costs one or two hours of your labour as a net admin to have it fixed, so you should shut up and put up????
and
2) dont punish burglars, people, get a grip, after all, they sell locks and security alarms at the hardware store, and more fool those that don't buy them and have them installed, they deserve to have their home broken into???????

What planet are you from??

In a perfect world, if people had RESPECT for others and their property, we would not have to lock up our homes, install security, or for that matter, install patches and make backups when it comes to our computers and networks.

Wake up Tarrith, and all others that think like that, it is lack of RESPECT to our society and its occupants and its rules, that laws and penalties are all about. Yes you can do a backup, and should, but why should you be forced to fix malicious damage. And what about the replacement of the work between the time of the last backup, and when the machine is compromised?? Oh, thats right, your the net admin, you don't have to fix that part, do you?

As a society, we cannot afford to try and measure levels of guilt based on the physical or personal damage achieved. We have been trying to do things that way for centuries, and look where we are now. Modern intelligent (?) hi-tech society rife with poverty and a crime rate that is soaring. Too often we as a whole look the other way, because "well it doesn't affect me personally" and then complain bitterly when something goes wrong for us, stating that "no one understands my situation or problems and no one sympathises with me."

We as a society are in fact the cause of our own problems, and only we as a society can fix them too.

I hope if you ever have your car stolen Tarrith, that no one ever says to your face "well more fool you for being too slack to fit a disabling device " or words to that effect in any similar situation, because I for one do not want you or anyone else out there to suffer either loss or added work load or inconvenience due to someone elses lack of respect for either themselves, you or the society we live in.

As a society, we have all lost sight of the fact that we have rules and laws, and anyone that breaks them, is a CRIMINAL. It does not matter the level or magnitude. We all need to stop trying to justify or quantify. If someone steals one dollar from you, are they any less a thief than if they stole ten thousand dollars from you?? Just because the one dollar is not significant, does not lessen the crime.

• Reply to comment
• Reply to story
• Report offensive content

Absolutely they should be lock ...Anonymous -- 16/09/03

Absolutely they should be locked up, but the key should not be thrown away - it should be duplicated and a copy given to any company which has suffered a loss as a result of the virus. I would love to get my hands on the people who get so much pleaseure out of making other people miserable.

• Reply to comment
• Reply to story
• Report offensive content

Lack of respect Tarrith DoUrden -- 07/04/06

Your telling me that whats wrong with the world today is lack of respect?
An your telling ME to wake up?

Respect if you hadnt noticed died quite some time ago...I'd show your the grave stone but I think the little door dent my car gets in the car park attests to that.

TD

• Reply to comment
• Reply to story
• Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials