Microsoft to place bounty on virus writers

LONDON (Reuters) - Microsoft and security organisations are set to offer cash bounties for information on the authors of the crippling MSBlast and Sobig computer bugs, industry sources say.

Technology news service CNET News.com reported late on Tuesday that the software giant would offer $500,000 (300,000 pounds) for information leading to the arrest of the writers of two of the costliest computer bug outbreaks to hit the Internet.

Computer experts contacted by Reuters across Europe on Wednesday confirmed a cash reward was on the cards.

http://www.mirror.co.uk/news/24by7panews/page.cfm?objectid=13593456&method=full&siteid=50143

That's the end for me and Microsoft products. The secrect police and snitches are everywhere!

I hope they bury those a-holes.

to provide rewards for Virus writers, than it is to FIX the peice of SHIT software that acts as the hosts to viruses.

The only reason there are computer viruses, is because the the boss (OS, or Operating System) allows them to exist (intentional or not).

So is this a good Idea? No fucking way. It is another example of closing the barn door after the horse is long gone.

Perhaps MicroSuck should concentrate on building products that do not expose enormous security flaws, instead of spending money chasing the people who find and exploit these flaws. Better yet, Hire the hackers to make your software better.

Remember there is no such thing as a UNIX virus.

Cheers
Drifter

Klez. OSF.8759. Slapper. Lion.worm. Scalper. Linux.Svat. BoxPoison. Ramen. These are the UNIX/Linux viruses I can name off the top of my head. The Morris Worm way back in '88 exploited a vulnerability in Sendmail.

Maybe instead of offering to hire virus writers we should hunt them down and break their kneecaps as they so richly deserve. If Microsoft helps to make that happen, well then hey, at least they're doing one thing right.

....i wish they'd put bounties out on spammers too!

Microsoft products are unbelievably full of security holes. Figures that they'd decide it's cheaper to to go after hackers than to fix the holes.

How about a "bounty" on bad software makers. Few Windows codemakers would beat that rap.

Tired of viruses. Buy a Mac!

Most of the world uses Windows, so the rest of us like the platform compatibility. We shouldn't have to change the way we live because of criminals.

good thing we got open-source even a monopoly like MS can't keep up.

just ask JAPAN, KOREA and CHINA who are switching ;->

peace

You folks need to insist that MS clean up its act. They aren't motivated to do so because they are making their money w their shoddy product. Vote with your pocketbook, call your congressmen, tell your IT guys you'd like to see some diversity in the server room.

P.S. As for changing the way you live, you need to do what you need to do. Whatever works for you is cool.

But some times change can make your life better.

As I understand it McDonalds has Platform Dominance in the food world. Have you had your big mac w french fries today, or did you change your diet to eat something better?

On edit. grammar stuff again

I like McDonld's as well. Both have made my life better, Microsoft in a huge way.

I am allowed to keep my doors unlocked. That doesn't give you or anyone else the right to come inside and wreck the place. We need to come up with the clearest and strongest penalties for such people. Further, we need to pursue them wherever they hide.

MacDonalds is great if you don't eat it for every meal of the day! I am glad that MS has made your life better! Whatever makes you happy!

There should be strong penalties for virus writers, but MS has a responsibility too. It has been proven over and over again that there software is insecure. It says a lot to me that these viruses are being written by people w minimal programming skills like that boy in Minnesota. You have a right to be treated better by MS.

Whether it's perfect or not, who knows. I have a firewall, I have anti-virus products. I buy them just like I buy locks for my doors and windows.

I also expect that when people, of any age, break those locks, they get arrested and the state deals with them. When a neighborhood gets especially bad (like the Internet) then a crime task force is set up and the thugs shut down.

We don't disagree that virus writers should be punished.

tell your IT guys you'd like to see some diversity in the server room.

Unless you happen to be the boss of said IT guys, it is extrememly unlikely they will pay any attention to server recommendations from end users.

I should trash my PC and and all the software that I have for it and go out and buy a toy computer that has very little software created for it.

Yeah, brilliant idea. I am so sick of Microsoft bashers and their arrogant attitudes. You don't like Microsoft, fine by all means use something else. But for those of that do perfer to use a PC with a Microsoft OS, leave us alone ok?

Use what you want to use; but don't you as a consumer have a right to be treated better by Microsoft? Don't you have a right to safer computing?

If you are happy, great! If not complain to MS and your congressman.

You won't even have to buy a "toy computer", you can install Linux on the "manly" hardware you have now. Then get WINE or VMWare and use those all-important MS Windows applications that hooked your trailor to Microsoft for so long. No need to "trash" anything.

Tired of viruses. Buy a Mac!

That should be Tired of your hard drive filling up. Buy a Mac! :evilgrin:

Panther glitch erases some hard drives

Then ya only gotta worry about things like the Anti, Code 1, and Code 252 Viruses. And the Autostart worm. Oh yeah, and the Melissa virus, but really, it's no big deal. :-)

...a free Alpha 16-way processor and a lifetime supply of Jolt Cola
to anyone who can supply informationon how to create an effective
Linux/Unix/MacOS/X virus.

:-)

Atlant

I had a virus that totally wiped out the boot sector, FAT, backup FAT, and Cmos on one of my computers. It circumvented my AV.

At this point, I'd contribute to a fund to root out these cowardly scumbags.

How about serious jail time for anyone who does this sort of acivity?

I'd sure as hell support that.

:evilgrin:

peace

in the manner they want. Wellstone?

I'd like to claim the bounty for that vicious virus writer Muddleoftheroad.
I *know* he is a nasty traitor who writes those things - he tries to cover up
his tracks but I'm sure a spell in jail will soon get him to change his ways.

Oh yeah, one of his compatriots is "Another Bill C." - the evidence will be
on his hard drive: it's got the footprint of the virus all over it ...

What do you mean, "he was just infected"? What kind of an anti-patriotic
excuse is that? Just lock the guy up OK? And give me my money!

(Or do you think that the public, police and "independent investigators" are
all sufficiently trustworthy that no false accusations will be made?)

Nothing personal against you two but I don't think it's that good an
idea after all ...

Nihil

maybe if you spent the better part of your day patching affected machines, your attitude would change. This is criminal activity, plain and simple.

If a Minnesota high school boy w poor social skills and minimal programming skills can do such damage to our corporations, then we are in deep trouble.

These virus attacks are horrible, I know many people in business who were affected by them to the tune of many many many dollars.

So why won't IT recommend some solutions that make sense (platform and server diversity) rather than just more and more and more and more Microsoft? This Monoculture computing is getting them nowhere.

What would it hurt to have a Linux server or two in the server room? What would it hurt to have some of your client machines using Linux and Open Office? Or dare I say a few Mac OS X clients running MS Office if that is the critical app. So that at least part of your company can still function while others are struggling with the latest worm, virus, etc

Don't tell me it would be a "Support Nightmare." How much more nightmarish could it get.

Regards and best of luck

Companies like simplicity. One system. One set of software. One vendor. It makes things easier, cheaper and faster.

If every business in America is going to be attacked by criminals as a result, then we need to deal with the criminal element and make it clear that it isn't worth it. The culture of hackers and crackers needs to learn they can't play with other people's computers without going to jail for a long time.

Companies need to think about total cost of ownership (factoring in these virus attacks)

You are right that ****there need to be penalties for hackers*****. It is awful.

But, MS has to take responsibility too, because they have made it too easy for bored teens w little programming skills to take you out. (It scares me that the Dept of Homeland security decided to go all Microsoft. . .)

And IT depts need to think about protecting themselves and their companies, even if it means learning something new and training users (who get trained anyway now, hopefully)

it couldn't get much worse than Mac Os X.

I do, every day (10.2.8). No viruses, no crashes.

There are already laws against this sort of thing, do we really need corporate bounties. I wonder how effective this will be anyway ? Maybe as effective as that bounty on Osama's Head or Saddam's, one thing that some people tend to forget is that while some people will do anything for enough money, (typically those who think these bounty's will work) there are other who value other things much more highly than money.

If you are running your computer connected to the internet, then you need to use some sort of security, just as you would lock your doors if you park your car in town. I assume you don't just leave it unlocked and then go out to the bar for a drink do you ? A virus scanner does not lock the PC's doors, that is the domain of a firewall. A virus scanner is more like a mechanic, when your PC is not running well, you check to see if you have a virus, but they are not really the tool designed to keep you 100% protected (You should be using a firewall for this). They are the tool designed to detect when their is something wrong and help you fix it.

If you are running a PC with very important data that you can not afford lose then BACKUP regularly. The fisrt rule of computing is to backup regularly, it is amazing how many people do not backup their systems regularly, and then they cry when they lose some valuable data, With cheap CD burners / Re-writable CD's / DVD Bruners and even large Tape backup systems, their really is no excuse for someone who has mission critical information stored on their PC not backing up regularly.

Anyone who was caught with the Blaster virus was very lucky that they did not embed a "format c: /y" command in there, instead of the innocent reset command that they had.

As far as Mac users who are saying that to avoid virus's you should use a Mac, why is it do you think that Mac's don't get many virus's written specifically for them ?

It is not because you can not write a virus for a mac easily, it is just that with less users, they are less of a target, if all of a suddenly everybody switched over to using Macs, I assure you, you would see a just as many Mac virus's.

Look I am not in favour of virus's, they are destructive and similar to property vandalism, but that is all they are, they should not have 10-20 year prison penalties (More than you would get for rape or murder in many places)

Anyone company that lost "alot" of money as a result of these had both an incompetant tech division that did not secure their system properly, and then did not have a backup as well. If you are a home user, well you were probably inconvenienced, but that's about all really, now do you really think someone should get a sentence equivelant to what they would get for rape or murder for causing you a bit of inconvenience. This is straying from the original Bounty message in this thread, but really I think some people need to get a bit of perspective on what is really "important". I feel sorry for that kid who was caught the other day, sure he made a stupid mistake, but should he now lose his freedom for the best part of his life a result of it.

How about spending that $500,000.00 on patching those freaking security holes! Arresting the virus writers is not going to fix the product.

filing suit against M$ for knowingly (and aggressively) marketing a product known to be vulnerable to attacks that cost their customers additional dollars above and beyond the cost of the software license itself?

False advertising? Fitness for merchantibility (sp?)?

Hell- recovering the costs of the hidden flaws in the OS a hacker might exploit?

Am I making sense?

The RPC exploit, at least had long been patched by the time the MSBlast virus came out. It had been known by MS, admitted as a flaw, and patched. It's just that very few people had applied the patch.

The humorous thing is that the night before it hit, I was reading a security website that warned of an imminent virus taking advantage of the exploit, and I of course in my infinite wisdom, didn't take the oppurtunity to install the patch.

The next morning I woke up and my computer was rebooting on its own (due to MSBlast using the RPC exploit.) Luckily, my firewall stopped the exploit from being used to download the virus code, so I didn't get infected.

I applied the patch pretty quickly after that :) That's about the closest I've come to a virus in 10 years, but I keep the system all patched now.

"Patches" means someone has to find the bugs and fix the program. What a waste!

Think: For that $500000 Microsoft could potentially hire and equip 5 additional QA engineers to work their products prior to release. Of course, these guys aren't necessarily any more qualified than the dozens of other people doing bug testing for Microsoft, but they'd be extra manpower. Naturally, if they find bugs, especially serious ones ("showstoppers") like security exploits, these guys will turn around to the software developers and say, "we gotta fix this."

At that point, the software dev guys are pulled off some other task, and go into the "design spin" cycle along with QA. Then, you end up delaying the release, and that brings down stock prices. No one is happy. Everyone's schedule takes a beating. And the software will STILL have undiscovered holes.

So PATCH the holes you say? Well, that's all jim-dandy and ethical-like, but it's a whole lot easier just to EOL the software and point people to the new version. By patching software, thereby backfilling and strengthening an older product, you are increasingly in competition with your "new and improved" product. Where's the profit in that?

Software megaliths like Microsoft long-ago realized that the money isn't in producing and maintaining high-quality products, it's in producing a lot of product versions and upgrades for consumptive excitement. You don't just release "Windows 2000", and then support the hell out of it; that's "old think". Instead, pre-release "Windows Millenium", then release "Windows 2000", then "Windows 2000 upgrade package", and then "Windows XP". Bam, bam, bam! Lots of product lines, lots of R&D, lots of cutting edge features, lots of happy dipshits who'll buy anything in a colorful package the size of a cereal box.

The first folks to get the axe under this paradigm are QA engineers, of course, especially anyone involved with regression testing and backwards compatibility. Those things are relics of a time when companies took pride in their workmanship, and worse than useless in the new "attention defecit" software life cycle.

You got a bug? Call the hotline! They'll point you to the new version upgrade, which you can download from the colorful ad-packed website. Or maybe it's not something they've seen before... oh, that's a shame. Fill out the form, please. We'll get back to you as soon as we fix the problem *yea right* ... or, you can just try the new version and see if its fixed! Voila! Everyone's happy.

In the new paradigm, where a high-schooler with a grudge can crank out a nasty web worm in a matter of hours, putting up big bounties is much more efficient. If you jumpstart that worm, you'd better not brag to your friends, cos they'll crawl over each other to be the first to rake in that cool cash by ratting on your ass. This does open up the interesting possibility of framing someone for the worm, and collecting the reward yourself, but you'll have to be sharp to give consistent perjury in the trial without blowing it.

Efficiency. Economic profits. Scalabile solutions. Stock options. The new way to avoid entropy in pursuit of these grand ideals is by appealling to the most base nature of greedy humans.

A very insightful analysis.

:toast: