Fog Creek Software
Discussion Board




Teekid vs Stupid-Lazy Computer People

Suppose you had a big suitcase full of money.  And you left it on your front porch.  And someone stole it.

Obviously, the person who stole it is wrong.  They have no business coming up on your porch and stealing your stuff.  And they should be severely punished for doing so.

But don't you have an obligation to keep your money secure and in a place where  it's not easily stolen?  Isn't it really stupid and irresponsible to keep your money on your front porch?

While everyone is jumping on the bandwagon, demanding that Teekid be sentenced to 20 years in front of a firing squad, they are missing the bigger picture.

I have no sympathy for Teekid.  He's a criminal punk who should suffer for his destructive behavior.  But there are people who deserve even worse punishment.  I'm talking about the lazy, stupid and grossly incompetent computer users and system adminstrators -- the people who are *REALLY* responsible for all the havoc caused by Sobig, MSBlaster and other recent viruses.

I work for a Fortune 500 company with over 6000 employees and we've been almost completely untouched all the recent waves of virus attacks.  Why?

1.  Noboby uses Microsoft Outlook/Outlook Express for e-mail
2.  Every computer is running anti-virus software and the IT dept is very anal about keeping it updated.
3.  Our mail servers block ALL executable attachments, COMING IN AND GOING OUT.
    No exceptions!
4.  On the rare occacion that a virus does show up (usually because of someone taking a laptop home) that person in in deep sh-- and has some serious begging and grovelling to do.
   
I don't claim that we're perfect.  No system is.  But anything less that the 4 steps listed above is simply unaccetapble.  Before you bash Teekid, you better
take a good long look in the mirror, becasue ultimately THAT's the person who's going to screw up your company's computer system.

Common Sense Guy
Tuesday, September 02, 2003


Y'know, way, WAY, back in time, people used to leave their houses unlocked. It wasn't that they were stupid. They just lived in a different world and time. Well, that and they didn't have anything worth stealing.

Times change, people learn.

Personally, I don't care if you leave your money on your front lawn, the person who steals it is an asshole criminal. End of story.

anon
Tuesday, September 02, 2003

That's as dumb as the "she was dressing like she wanted it" argument...

Guy Incognito
Tuesday, September 02, 2003

It's a hard problem with lots of blame all around.  Blame for the:
- script kiddies
- consumers who put no value on quality or security
- companies who ignore hackers which point out vulnerabilities, then jail them for blowing the whistle
- Americans who know what their jails are like, but still want to punish fellow citizens with stuff Uday wouldn't have dreamt up
- smart people for just being obnoxious

Maybe this subject just gets me in a misanthropic mood.  Some days everyone pisses me off.

anonymous
Tuesday, September 02, 2003

Guy Incognito: well well said


Can I add, that it isn't as easy as saying 'if someone left a big bag of money on their front porch'. The majority of people are downright unsure about computers. People who are not sure what they should be pressing. How many articles have we all read about UI etc. Expecting them to keep there computers completely up-to-date with anti-virus updates, Windows updates, and all many of other patches is too confusing.
I work as a bit of a sys admin, and it is the management policy in this firm not to install any sort of patch or upgrade until it has been out for a long time. This has been the advice of our IT consultancy firm.
I am too novice to be able to argue forcefully one way or the other yet. However I can say with complete confidence that it is just not possible to have every firm with up-to-date everything.

Consider if our firm. First I am a fresh comp. sci graduate who did some bookeeping and had a bookeeping job at an accounting firm while working through uni. Now I get to take over all the firm's IT responsibilities because they think comp. sci = IT. Crash course in IT for me, so I am learning as I go. I am only just learning about the responsibilities that have to be taken to ensure protection from viruses. We don't even have a firewall!! No one in the firm cares to much as they figure either myself or one of the partners will handle it. An IT consultancy firm handles all the 'big problems' we encounter, this includes giving advice on all this sort of stuff. They have never run around getting us to install the latest of everything, so I think 'I wonder why not'. Now I have to quiz them, quiz other techies before coming to my own conclusion, and feeling confident that 'should a patch muck up the system, that I can handle it'. Now all this done, I can go to the partner and try to convince him to let me do all this. He has always listened to our IT consultancy firm, they are still in that same role, and he gets on well with the Boss down there. This IT firm is the biggest in a town of 80k people, they didn't get their by being complete idiots. However they did install our ADSL modem, and it was many months before another techie happened to mention 'big mistake leaving the admin account without a password'.
Yes, I said I am learning fast.

The point of all this is that I know without a doubt that there a thousands of other firms out there like us. Firms that don't hire a full time experienced IT guy, tey just slap the role as an 'add-on' to someone else in the firm. And it is definetly not as simple as saying 'Yo fool, patch the system'. There is far too much to consider, far too much red tape, far too much confusion for that.


Perhaps confusion is the best summary. I am confused about what is best for the firm I work at. I hear you say to 'patch patch patch', but I hear someone else mention that the patch could wreck things. confusion. what do I do. Well I get paid to do this, so I put alot of time into researching, and asking questions. But even so, it will be  while before I am confident, a while before I am no longer confused, and I work in IT, I have a B. Comp Sci.

What about the average Jo, the guys the tech support makes jokes about, what about him. He is too scared to look. If he did look he would only be confused, and lets face it, he is going to go on being confused for a lot longer then I am.

An Aussie Chick
Tuesday, September 02, 2003

"But don't you have an obligation to keep your money secure and in a place where  it's not easily stolen?"  Not at all.  If I want to hang it on my clothesline I will.

"Isn't it really stupid and irresponsible to keep your money on your front porch?"  Knowing that their are theives, yes.

"I work for a Fortune 500 company" 
And you can be your ass your company has an automated patching system in place, whereas many of the smaller companies that got hooked on the Microsoft scale out mantra are f'd because they have to touch each machine.

Mike
Tuesday, September 02, 2003

BTW, I didn't mention the really smart, dedicated and professional criminals.  They piss me off because they let Teekid be scapegoated, while they walk off with all the loot.

Then again, Teekid hurts them too because one of these days we might be serious about security.

anonymous
Tuesday, September 02, 2003

"But don't you have an obligation to keep your money secure and in a place where  it's not easily stolen?  Isn't it really stupid and irresponsible to keep your money on your front porch?"

Not at all.  While it may be foolish, given the current culture to do so, why should I have to pay for protection as an obligation.  I put locks on my door, because people will steal my stuff if I don't.  However, if I don't lock the door am I now responsible for the crime? 

I am reminded of a trip to Sweden.  They have an interesting law that allows you to cross people's property. [Anyone from Sweden?]  I can come within "X" feet of your house, but other than that you cannot really stop me from coming onto your land.  However, if _anything_ happens, like I fall into a well you are digging in the middle of a field, that is _my_ fault.  I accept responsibilty for my actions. 

It seems these days too many people want to blame the victim.  That somehow they are at least "partially" to blame.  "She asked for it"  "He was flashing his money around"  I have to agree with the previous posters.  It may be foolish not to protect myself, but I should hardly be called "responsible" for _not_ stopping you from doing something wrong. 

MSHack
Tuesday, September 02, 2003

Common Sense Guy - you are aware that just about any common burglar could be in your house in under five minutes, right? There's a good chance that *I* could be in your house in under five minutes.

Alarm system? Hell, I'll just grab the first things I see and be gone before the cops show up.

Do you think everyone will point at you and laugh for having your house broken into? Should it be your fault? Does it make you an idiot?

I'll also bet I can walk into your company and walk out with a laptop. ;-)

Philo

Philo
Wednesday, September 03, 2003

Very good point there Philo.

Of course, the reason burglars can get in so easily is we have windows and doors. We need them for all the obvious reasons. But they do make it easier to break in. I guess you can all see where this analogy is going.

Anyway, this is why we all pay for insurance, so we can replace stuff when it's stolen. Perhaps some enterprising financial services outfit should start offering 'virus insurance', with all the usual small-print about having adequate security measures. Then the people in charge might get the idea that this stuff is important.

OC
Wednesday, September 03, 2003

"I'll just grab the first things I see and be gone before the cops show up"

Assuming you can hop well, maybe. My dog will be chewing on your other leg.


Wednesday, September 03, 2003

I guess when you're invulnerable, empathy and logic just don't seem relevant any more.

Fernanda Stickpot
Wednesday, September 03, 2003

"1.  Noboby uses Microsoft Outlook/Outlook Express for e-mail"

It is irrelevant. Modern viruses come with their own add scanner/SMTP engine. They are independant of any mail client.

"2.  Every computer is running anti-virus software and the IT dept is very anal about keeping it updated."

Good. If everybody would do this we would be moving forward. Mind you, as initial infection/propagation rates go up we need a better response infrastructure.

"3.  Our mail servers block ALL executable attachments, COMING IN AND GOING OUT.
    No exceptions!"

You'd still get hosed by a zipped virus, but it is sensible. Hope you were not one of the protestors when enforcement of this was enabled in Outlook.

"4.  On the rare occacion that a virus does show up (usually because of someone taking a laptop home) that person in in deep sh-- and has some serious begging and grovelling to do.""

Also if it is the CEO?

Just me (Sir to you)
Wednesday, September 03, 2003

If a little weak guy with glasses on is walking down the road with a $2000 laptop in one hand a wallet full of notes in his pocket and I decide to take his laptop and his wallet and whack him one if he tries to resist, isn't it his fault.

Sure, I'm acting like a thug but isn't he being just stupid for being such a weakling.

If he can't be bothered to work out at the Gym twice a day and study martial arts so that he can't defend himself, then he just doesn't deserve to keep his stuff.

Never mind laptops.  By allowing these weaklings easy access to food, aren't we just polluting our genepool.

Ged Byrne
Wednesday, September 03, 2003

Common Sense Guy,


You assume that because a user doesn't have a clue how to use a computer, s/he should be punished? That's so whacked!

What if your car blew up because you forgot the service checkup? Should the Conglomerate of Evil Mechanics ensure that you, as of that day, aren't allowed to drive a car? Of course -- according to your logic.

This is the single-most arrogant behaviour us comp geeks put on. We assume that the world shares our knowledge in *every* field and are ready and willing to spend countless hours making things work; and if this was the case, you'd most likely be out of a job with an attitude like that!

Just face the fact that while "we" regular users operate cars, stoves, and lawn mowers there will be accidents because someone wasn't "properly trained" in their use.

Mickey Petersen
Wednesday, September 03, 2003


The important thing here to acknowledge is that blaming the victim is a defense mechanism. If the victim did something wrong/stupid that put them in a position to be victimized, then that means we are safe since we would never do anything that wrong/stupid ourselves.

It's an easy thing to do and a common mistake in humans, which is why it gets used in defense strategies so much. We want to believe that the bad things in this world could never happen to us.

anon
Wednesday, September 03, 2003

"Fool me once shame on you, fool me twice shame on me"

So only the first time is the criminals fault =)

Justin K.
Wednesday, September 03, 2003

The point is that it may be *stupid* for people to not take protective measures, but that doesn't mean they are *responsible*.  Just because the item is easily accessible doesn't mean the thief is any less responsible for their actions.  Or are you saying that, seeing something valuable out in the open, thieves just *can't help themselves* from taking it, and thust the person who left it there is responsible?  Please.

They should lock this kid up and throw away the key.  Even forgetting whatever damages actually happened, it is incredibly reckless behavior to release a virus like this.  Who knows what could happen.  People could die for any number of reasons due to a virus.  Besides whatever computer crimes he committed, he should also be charged with his reckless endagerment of the public.

Mike McNertney
Wednesday, September 03, 2003

I remember how Vlad Tepes was able to keep a golden cup safe in the center of a Romanian village.  He had impressive punishments, and so theft was famously low.  The only problem was, everyone had to literally live under the rule of Count Dracula!

I do think that punishing Criminal Masterminds is only one part of achieving security.  When we bring the government into enforcement, groups start wanting funding to watch everyone's communications, and occasionally some innocents will be framed.

Bill Joy argues that technology drives down the cost of destruction, to the point where anyone will be able to damage people on the other side of the world.  Many military strategists would respond by engaging in preemptive confrontration.  A lot of that preemption should start with Microsoft, Gnu and Apple.

sammy
Wednesday, September 03, 2003

Common Sense Guy:

Well for one thing most people don't leave money on the front porch. And if bits representing software, movies and songs are worth as much as money, the media companies are protecting it with the appropriate amount of protection. RIAA is ramping up more and more opposition to pirating as people warm more and more to the (perception of?) damages piracy is online media sharing is doing to the industry. Ofcourse I would much rather the media companies figure out how to do more with less like the rest of world. Example: $1,000,000 of today's money used to buy you a real piece of junk car in 1900s, now you can buy a thousand times better car for far far less. I'd like to think the media industry could do the same.

Li-fan Chen
Wednesday, September 03, 2003

Criminal Masterminds? Oh, I guess teekid was in some evil syndicate or cabal that sent out half-assed virus duplicates in an attempt to brag to his equally stupid peers.

While I agree that jailing the masterminds would usually disband whatever groups that might be formed, this really only applies to organized crime like drug cartels et al.

Geeks -- if you could call him that -- like that needs to be set an example of.

Mickey Petersen
Wednesday, September 03, 2003

I think Teekid was a lone criminal mastermind, though I don't understand your disagreement, Mickey.

sammy
Wednesday, September 03, 2003

"I think Teekid was a lone criminal mastermind"

What?! Teekid is nothing of the sort! A true criminal mastermind would have never been caught!...er, at least, not so quickly.

Lex Luthor
Wednesday, September 03, 2003

Ah, in that sense, sammy. I'm sorry, I misunderstood you then.

My apologies.

Mickey Petersen
Wednesday, September 03, 2003


Criminal mastermind!?! Lol. I was under the impression he basically copied his version from another virus. He's a script kiddie who hit the big time. Calling him a criminal mastermind is like calling someone with a crowbar a cat burglar.

anon
Wednesday, September 03, 2003

he did mess up on this one but i did some research he had alot going on. With how much he was doing i don't fully understand why he was so lazy on this one, he had always been so paranoid before. It seems like he didnt know it would work, or possibly it wasnt him?

ian m.
Sunday, February 15, 2004

*  Recent Topics

*  Fog Creek Home