Hi harry,
On Thu, 2004-05-13 at 14:33, harry wrote:
Tobias Weisserth wrote:
<snip>
I find your "explanation" why this author of a virus should be treated
any different than other authors somehow illogical. The Sasser author
has done nothing to foster security. So there is really no need for the
security scene to support him.
there is one other thing...
he is correct when he says that Microsoft will say it's completely the
worm writer's fault.
It IS completely the author's fault. HE wrote it, HE caused the damages
and HE violated German law. As much as MS products suck, MS has done
nothing illegal.
BUT i think Microsoft should be punished too for
having so many security holes. they had to patch it faster.
A patch to this problem has been available for at least two weeks prior
to the release of the worm. So what's your boundary when you speak of
"earlier"? A month? A year? Should the exploitation of a bug be legal if
the vendor doesn't offer a patch in time?! That's the direction you're
pushing here.
who's fault is it really when you buy a door, you lock it, but a burglar
finds a way to easily open it, comes in and tells you...
Nobody asked the "burglar" to do this. He broke law. He caused damages.
And he certainly didn't improve your security by doing so when the door
vendor already offered a patch for your door two weeks ago.
There's just no way you can justify the action of this idiot by blaming
MS.
I say this idiot has to be punished and punished to the full extend law
allows. Maybe this deters other idiots to do the same.
Tobias W.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html