You really think that someone who intrudes into one computer deserves to go away with the worst of society for 10+ years, only to come out a ruined individual (if they come out at all)?

Consider this. These "millions of dollars" which were caused in damages were not caused by virus-writers alone. They were caused by ill-written software flaws and non-existant (or severely lacking) security models in place on the networks which were affected. Yes, the virii were catalysts, but what is the end result? Software was proven to be flawed, yet nobody blamed the software companies when their networks were thrashed. It was all some child's fault overseas. Would you lock that child up for the rest of his life just because of that incident?

What is the price of a human life, Mr. Smith? How valuable is it? Sure, companies lost millions of dollars due to a virus, but what else causes companies to lose "millions of dollars". Employees who slack off, employees who lied their way into technology positions, and CEOs who embezzle millions upon millions of dollars, yet none of these three get locked up with murderers. They either get fired, honorably discharged, or sent to a minimum security prison because they were "non-violent" while Kevin Mitnick (the "hacker" who unfortunately allowed himself to be caught) was locked up in maximum security. His life is forever tainted, yet his actions caused no lasting emotional damage to anyone else.

If you want to stand up and say "punish the sinners" then by all means I support it. However, punish them adequately. Don't instate a death penalty for jaywalking just to solve the problem, because it won't help, and it stinks of tyranny.

I'd really like to know if you think someone who authors one virus (which caused no death, whatsoever, and was allowed to propogate unchecked because of users too stupid to heed warnings about mystery attachments as well as software vendors too negligent to properly secure their products, etc.) deserves to have their life permanently destroyed or tainted by federal prison for causing "millions of dollars" in damage to a bunch of computers, all of which have been repaired and recovered?

What was the actual loss of say, the "Melissa" virus? Sure, "experts" estimated hundreds of millions of dollars of downtime. But nobody reads about other things the "experts" say create losses for companies. You are so quick to want to deal out swift and harsh judgement for a crime you obviously don't understand. Don't forget to include *everyone* who is responsible, including the software vendors who created the capability for that virus (and many others), and the companies who were asleep at the wheel when the time came to discuss network security and antivirus deployment. They caused more than half of their own losses and should be held accountable.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/2028/17640#17640