 | ||||
|
| | ||
|
News Focus New worm blasts Microsoft  MSBlast carries a threat |
| ||
|
|
||||
|
|
||||
Mike Small, VP of security, EMEA at Computer Associates, believes we should not lose sight of the severity of a virus attack or the anti-social thinking behind the virus writer's actions.
"A motivated person with limited resources can do a massive amount of damage if they have no scruples. We have built a critical infrastructure which the whole of society depends upon. This person has gone out of his way to damage and bring down that infrastructure--and his actions were a direct attack on the whole of society.
"The cost of what he has done is being borne by the whole of society and that is a very serious crime and serious crimes are dealt with by handing out custodial sentences."
Graham Cluley, senior technology consultant at Sophos, added: "If somebody has caused real criminal damage then they should be punished. It doesn't matter if they do it through arson, burglary or a virus, if the damage is serious enough then they should be punished in the same ways."
However, CA's Small said punishments should also take specific account of the individual's actions. He supports calls for banning orders on any convicted cyber criminal which would prevent them owning or using technologies such as PCs in the future.
"If somebody has proven themselves to be a risk with a particular technology then of course it makes sense to stop them using those technologies in the future. You cannot risk them committing these crimes again."
Cluley agreed that banning orders will form an important part of punishing the virus writers and may even prove to be the more effective deterrent.
Clulely told silicon.com: "I think it would definitely make sense to say for a period of perhaps five years they should be prevented from owning and using a computer. In many ways I believe the threat of this would hit home for some of them far harder than the threat of a prison sentence. If you are somebody who is really into computers then to learn that you won't be able to send email or surf the web will possibly prove more of a deterrent than other measures--which I believe should still also be handed out--such as a fine or a prison sentence. A combination of the three is probably the best solution."
However, Small and Cluley sounded a cautionary note on the punishments being handed out to virus writers, warning that we shouldn't rely upon them acting as an effective deterrent.
Small said: "The mistake with this argument is to think that if we make the punishments strong enough then the problem will go away, because it won't. What we are seeing is that these punishments do not act as a deterrent," he said.
Clulely added: "I suspect there are a lot of virus writers out there who genuinely believe they will never get caught--and sadly the evidence would appear to suggest they are right."
Instead, CA's Small argued that the onus must fall in the first instance upon companies to ensure they are protected--beating virus writers through prevention rather than deterrent.
"Companies need to be making a concerted effort to ensure their infrastructure is as bomb-proof as possible," said Small. "We have created something we depend upon which is still too fragile. As long as critical infrastructure is vulnerable to attack companies need to re-double their efforts to remove those vulnerabilities."
