A computer virus is a program which intentionally makes copies of itself. It may contain some sort of "payload", which can be destructive or non-destructive program code, that is activated and run when certain conditions are fulfilled.
LEGALITY OF VIRUSES
The laws about writing and releasing viruses vary from country to country and state to state. In the US there are both Federal and State laws preventing damage to data and property, and these ensure that virus writers whose viruses infect large numbers of computers pay the penalty. David Smith, writer of the infamous Melissa MACRO virus, has been successfully prosecuted and awaits sentencing, with a possible fine of anything up to $150,000 and up to 10 years in prison.In the UK the Computer Misuse Act makes it illegal to modify a computer without authorization, and this was successfully used to prosecute the author of the SMEG virus Christopher Pile, AKA the Black Baron, who received a total of 18 months in prison. During sentencing the judge commented that "those who seek to wreak mindless havoc on one of the vital tools of our age cannot expect lenient treatment". Not every country is so active in finding and prosecuting virus writers, however. A Taiwanese university only reprimanded and demoted the author of the highly destructive and costly CIH virus. Even just collecting viruses, passing source code and writing viruses for non-destructive purposes is illegal in some places, and any wannabe virus writer needs to understand the implications of the law, wherever they are based.
From a more hackish viewpoint I can understand the attraction of looking at the theory of virus writing, the appeal of studying virus source code to see how viruses work, the thrill of capturing and disassembling live viruses, and even, to some extent, the pride felt when writing a new virus as "proof of concept". All of this is fine, as it combines a very healthy curiosity coupled with sound technical skills, something that draws respect from hackers the world over. But, and it's a very big "but", the juvenile egotistic idiots who release these viruses "in the wild", often with their handle and the name of their group in it, have crossed the ethical border that distinguishes hacking from crime.
On a more personal note, I resent the amount of time wasted cleaning up networks of PCs after an infection, evaluating anti-virus software, installing anti-virus software and updating signature files - time that could have been put to more productive use, like hacking. Anyone who chooses to write a virus had better be sure that it never escapes, because if it causes major damage and the police break in their door, the authorities are not going to be convinced by any lame argument about "proof of concept".
No comments:
Post a Comment