|
|
ONLINE FEATURES
Book Reviews
BW Video
Columnists
Interactive Gallery
Newsletters
Past Covers
Philanthropy
Podcasts
Special Reports
BLOGS
Auto Beat
Bangalore Tigers
Blogspotting
Brand New Day
Byte of the Apple
Economics Unbound
Eye on Asia
Fine On Media
Green Biz
Hot Property
Investing Insights
Management IQ
NEXT: Innovation
NussbaumOnDesign
Tech Beat
Working Parents
TECHNOLOGY
J.D. Power Ratings
Product Reviews
Tech Stats
Wildstrom: Tech Maven
AUTOS
Home Page
Auto Reviews
Classic Cars
Car Care & Safety
Hybrids
INNOVATION
& DESIGN Home Page Architecture Brand Equity Auto Design Game Room SMALLBIZ Smart Answers Success Stories Today's Tip INVESTING Investing: Europe Annual Reports BW 50 S&P Picks & Pans Stock Screeners Free S&P Stock Report SCOREBOARDS Hot Growth 100 Mutual Funds Info Tech 100 S&P 500 B-SCHOOLS Undergrad Programs MBA Blogs MBA Profiles MBA Rankings Who's Hiring Grads | |
NOVEMBER 6, 2003
By Lorraine Woellert Microsoft's Risky Bounty Gambit Offering rewards for the heads of virus writers might only spur them on -- or cause corporate customers to demand product warranties Microsoft has released another kind of security patch for Windows, only this one is a low-tech doozy. It has set up a pool of $5 million in reward money to pay informants who rat on virus writers who have targeted the Windows operating system, most dramatically with the recent unleashing worldwide of the Blaster worm and SoBig viruses. Flanked by heavyweights from the FBI, Secret Service, and Interpol at a Washington (D.C.) press conference, Microsoft (MSFT ) General Counsel Brad Smith declared on Nov. 5 that catching hackers required everybody's help. He put a $250,000 bounty on the heads of the Blaster's creators and a $250,000 bounty on the SoBig culprits. "This is a big problem," Smith said. No one in the security field would disagree with that. But using a bounty to nab cybercrooks is unprecedented -- and with good reason. The promise of cold cash might work for catching Bonnie-and-Clyde type outlaws, but it's risky when it comes to the renegades who inhabit the haze of hacker subculture. BACK-TO-BACK ATTACKS. Hackers are motivated by many things, including notoriety and sheer challenge. Adding a global bounty to the havoc wreaked by an already destructive worm or virus might only heighten a hacker's sense of reward -- and up the challenge, to boot. One theory behind the Blaster worm -- aka LovSan -- is that it was written by someone smitten by a girl named Sandy. Millions of Windows users found their systems crippled this summer after back-to-back attacks by some particularly malicious code. Blaster, launched Aug. 11, prevented infected computers from downloading a Windows patch by forcing computers to reboot every 60 seconds, crippling networks and knocking machines offline. In January, the SoBig virus unleashed a global spam attack using millions of unwitting PCs. Since then, six variants of SoBig have been found. These attacks have cost companies worldwide millions of dollars in lost productivity alone, security experts believe. POCKETBOOK PRESSURE? In August, federal agents arrested a Minneapolis teenager, Jeffrey Lee Parson, 18, for modifying and distributing a variation of Blaster. But apparently, the hunt for the virus designer has since gone cold, and law enforcement is looking for new leads. Keith Lordeau, acting deputy assistant director of the FBI Cyber Division, conceded at the Washington press conference that hackers might be of a "different mindset" than bank robbers. But says Smith: "Any support we can get, we'll take. No one can solve this problem alone." True enough. But if the Colossus of Redmond needs help making its software more secure, it might also look to the corporate giants who rely on Windows. Customers could bring the pressure of their pocketbooks to bear. Victims of bad software design, unlike victims of bad auto engineering, have little legal recourse when it comes to seeking compensation for damages (see BW Online, 9/22/03, "Want to Sue over Buggy Code?"). However, at Microsoft's most recent conference call, Chief Financial Officer John Connors said earnings are already being hampered by corporate buyers who are holding back on purchases because of security fears. Microsoft users battered by beasts such as Blaster and SoBig might next start demanding cash-backed warranties or other protections as part of the licensing deals they ink with the software giant. If Microsoft doesn't pony up, they can walk, as some have, to other operating systems. It probably beats relying on turncoat hackers.  Woellert covers legal affairs from BusinessWeek's Washington bureau Edited by Douglas Harbrecht
BW MALL
SPONSORED LINKS
Buy a link now!Get BusinessWeek directly on your desktop with our RSS feeds.  Add BusinessWeek news to your Web site with our headline feed. Click to buy an e-print or reprint of a BusinessWeek or BusinessWeek Online story or video. To subscribe online to BusinessWeek magazine, please click here. Learn more, go to the BusinessWeekOnline home page  | | |
 Copyright 2003, by The McGraw-Hill Companies Inc. All rights reserved.Terms of Use | Privacy Policy |
Printer-Friendly Version
