|
| Jeffrey Lee Parson pictured shortly after his
arrest in 2003. |
A web poll of more than 250 business PC users, conducted by
Sophos, has revealed that 53% believe that last week's sentencing of Jeffrey
Lee Parson, the teenager found guilty of writing and distributing
the Blaster-B internet worm, was not harsh enough.
A further 33% of respondents agreed with the US State District
Court's decision to sentence Parson to 18 months in prison. Just
14% felt this jail sentence was too severe.
57% of those surveyed believed a prison term was the most
appropriate sentence for anyone who writes and distributes a virus.
12% stated that community service was the most suitable
punishment.
"Businesses seem to have little sympathy for Jeffrey Parson -
indeed, over half of the survey respondents indicated that his 18
month sentence wasn't tough enough," said Graham Cluley, senior
technology consultant at Sophos. "This hardline indicates that
companies hold an extremely low opinion of those who engage in
cybercrime."
Sophos has questioned whether Parson's Blaster-B worm was as
significant a threat as other widespread viruses, including the
Blaster-A worm it was based upon.
"Of course I am sympathetic to those companies who got hit by
the Blaster-B worm, but I also feel sorry for Jeffrey Parson
himself. You can't help but see that he was a young kid with some
significant issues, who got involved in a game with enormous
consequences," said Cluley. "The identity of the author of the
original Blaster worm, who infected many many more PCs than Parson,
is still a mystery despite a $250,000 bounty on their head. What's
clear is that the average system administrator utterly loathes
virus writers and those who engage in the computer
underground."
In the past virus writers such as David L Smith, Simon Vallor and Christopher
Pile have been sentenced to prison for their activities.
Survey results
1. Do you agree with the sentence that was given
to Jeffrey Parson?
|
| No, not severe
enough |
|
|
| Yes |
|
|
| No, too harsh |
|
|
|
|
2. If a virus writer is convicted of cybercrime,
what would be an appropriate punishment?
|
| Prison sentence |
|
|
| Other |
|
|
| Community service |
|
|
| Ban from using
computers |
|
|
| Fine |
|
|
|
|
Many respondents also sent comments to Sophos in reaction to
questions asked in the survey. Here is a small selection:
"No person convicted of a crime involving computers should be
allowed to access a computer for a period of time determined by the
court. No virus writer should be 'rewarded' with employment by an
anti-virus software company, or allowed to boast about it."
"The degree of damage and the amount of infected computers has
to be judged - the above sentence is too harsh concerning THIS
worm..."
"10 minutes jail for every infected PC should set a reasonable
tariff. A slap on the wrist is no deterrent. Throw spammers in jail
for a LONG time, too :)"
"These are business critical applications that people depend on
to make a living and feed their families so the guy deserves
SERIOUS punishment."
"They bring harm to other peoples property. We don't ask for
this. So take them to prison maybe they learn something from it.
Time enough to think about their malicious acts."
"I have the day-to-day responsibility for 500 servers and client
computers. One summer, we got infected with Nachi while the school
was closed. It took weeks to sort it out. Thanks to Sophos
Enterprise Manager, it is now automatically protecting the
school."
"Dip [the virus writers] in a vat of weak acid for days until
their skin melts. Or remove their fingers so they can no longer
type virus code."
"Hundreds of thousands of man-hours wasted, enormous cost and
disruption to business globally just to give some lonely saddo geek
the satisfaction of sitting back and grinning that he has caused
all this mayhem - you bet he should go to jail. There should be
international agreements between UN countries to agree a policy on
the treatment of people writing and knowingly spreading
viruses."
"They should also be made to pay a hefty sum (at least £10,000)
to a central compensation fund in compensation for all the
(financial among other) loss caused by their malware. This fund
could be used to compensate smaller businesses who are badly hit by
a virus infection. They write this malware with one reason in mind:
the deliberate and premeditated disruption of the lives of
law-abiding citizens to gain 'street cred' among their
'underground' so-called friends."
Disclaimer: Please bear in mind that this poll is
not scientific and is provided for information purposes only. The
comments expressed on this page are those of a subsection of poll
participants, and not necessarily those of Sophos. Sophos makes no
guarantees about the accuracy of the results other than that they
reflect the choices of the users who participated. Sophos reserves
the right to edit participants' comments for the purposes of
clarity, brevity and decency. Sophos reserves the right not to
publish the comments of all participants.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.