>Well it looks like several addresses are there.  Sender, etc.  Why cannot 
>they trace back to the original Sender and prosecute for knowingly sending 
>a virus that has no other purpose but to impede communication, destroying 
>information, computers etc.?

The problem is, it isn't a simple task to trace something like a virus 
back to its origin. All you can do at best is trace an individual virus 
email back to its sender. But that person is most likely a victim of the 
virus itself. So then you have to trace the one they got back to its 
sender, and continue up the line until you find the source.

Its possible, but its difficult, and very time consuming, and branches 
thru many states and potentially countries. So you have to co-ordinate 
the effort with law enforcement in each area (or use a group that can do 
this themselves such as the FBI, but then you still have problems with 
crossing countries).

Because of how much time it takes, and the limited resources to do the 
searching, law enforcement groups have to pick, do they go after a virus 
author, or do they go after the murderers, kidnappers, rapists, or any 
other crime they may have to investigate.

And of course, when they decide to go after the virus author, you need 
search warrants to check out the mail for each person, unless they 
willingly turn over email records. I can speak as an admin, willingly 
letting the FBI root thru my email... well, you won't find too many 
admins that will do that. They may be willing to pull up the specific 
information the FBI wants, but then you have to deal with making sure 
that is the RIGHT information (not all admins know what they are doing, 
and know how to find the right info... of course the FBI tends to be 
WORSE which is why I wouldn't let them touch my systems with a 10 foot 
pole until a court order gives me no choice).

And this is saying the info even exists by the time someone comes looking 
for it. Most admins are more concerned with restoring their services and 
squashing the virus, then worrying about saving enough info to find the 
bastard that started it. Again, as an admin, yeah, I'd love nothing more 
than to find the bugger that did it and beat him with a bat... but before 
I can worry about that, I have to get my own company back online and 
clean. Work needs to continue, with revenge taking a back seat.

Also, many ISPs don't hold the records needed to trace it. You can thank 
the FBI and their a-hole attitude for this. Too many ISPs were getting 
saddled with BS requests for logs, and spending a fortune trying to 
satisfy the FBIs requests... so they simply stopped keeping the records 
entirely, so when asked, they can honestly say "sorry, we don't have 
that" and not waste the money on it. (Earthlink at one point found it was 
costing them $500,000 a year to keep up with filling the FBIs requests 
for info... they ceased saving the logs that could fulfil the requests, 
and their costs dropped to about $1,000 a year to write letters in 
response saying "Sorry, we don't have that".).

So much of the time, the info needed TO trace back to the source, is 
wiped out before anyone can look at it.


So you see, it isn't a simple task to find who started the whole thing. 
BUT... the FBI and other groups still look, and when they do manage to 
find the author, they DO prosecute them. It was just in the news that 
they found the author of the Blaster worm (I believe that was the one), 
and they did arrest him, and they are charging him with a felony. I 
forget exactly what they are charging him with, but I know it involves 
the estimate of some billions of dollars worth of damage (which is 
probably a major over estimation of the true costs of damage). That 
means, if convited, the guy will probably go to jail for life (or a 
really really really long time).

That does of course bring up another topic which we don't really need to 
discuss here... that is, should a person get life in prison for releasing 
a computer virus, but someone who commits murder gets only 20 years with 
parole in 10.

>Now regarding your conclusion we need to teach the kids technological or 
>academic stuff in priority over training them not to develop and spread 
>viruses I am in disagreement.

Although I'm certainly no expert on the education system, and it sounds 
like you have WAY more experience dealing with convicted criminals then I 
do... I can say that we can teach kids all we want about not writing 
computer viri... and it probably won't make a huge dent in the levels of 
them.

Most of the authors need fairly decent programing skills to begin with. 
The level of skill it takes to write the initial virus means that the 
author is probably well aware of the kind of damage the virus can 
inflict. But that doesn't stop them.

Its much like Dave's graffiti analogy. Do you honestly think that all the 
kids who spray paint their name on a building don't realize that what 
they are doing is wrong? They are probably well aware of it, they just 
don't care. Maybe that is an education thing, maybe it isn't. (It 
probably couldn't hurt to better educate them on morals and ethics).

If you REALLY want to put a stop to it, maybe what we need to concentrate 
on is educating the admins out there that MS Outlook are very poor 
choices of email client. And maybe someone needs to file a lawsuit 
against Microsoft. They have repeatedly upgraded Outlook and Outlook 
Express, and Windows, and Internet Explorer, and yet have still refused 
to remove the simple ability to run a program without the express 
permission of the user.

Stop using MS Outlook, and 99% of the virus problems we have will go 
away. But no one seems to want to do that. Instead they want to waste 
"billions" of dollars (by the estimation of whatever group plucked that 
number out of the air), doing an end run trying to stop the virus after 
it has started, and then go after the person that wrote it, and then 
educate people not to write them. Rather than doing the, in my opinion, 
logical thing of simply changing to a different email client, and letting 
the whole thing stop by itself.

-chris
<http://www.mythtech.net>

___________________________________________________________________________
To unsubscribe send a mail message with a SUBJECT line of "unsubscribe" to
<[EMAIL PROTECTED]>  or  <[EMAIL PROTECTED]>

Reply via email to