Path: utzoo!utgpu!attcan!uunet!ncrlnk!ncr-sd!hp-sdd!hplabs!well!tenney
From: tenney@well.UUCP (Glenn S. Tenney)
Newsgroups: news.sysadmin
Subject: Re: Suing a Virus Creator
Message-ID: <7617@well.UUCP>
Date: 10 Nov 88 08:54:57 GMT
References: <456@l5comp.UUCP> <12081@dscatl.UUCP> <16600@agate.BERKELEY.EDU> <5331@medusa.cs.purdue.edu> <2284@looking.UUCP>
Reply-To: tenney@well.UUCP (Glenn S. Tenney)
Distribution: na
Organization: Whole Earth 'Lectronic Link, Sausalito, CA
Lines: 25

In article <2284@looking.UUCP> brad@looking.UUCP (Brad Templeton) writes:
> ...
>Also, if I were the judge, and Sun sued because they had the expense of
>FedExing (TM, Federal Express) bug fixes out to their customers, I would
>not by any stretch of the imagination rule 100% for the plaintiff.

Sun sue?   No, you've got it backwards.  If anyone gets sued, UCB and
Sun will likely be included.  Regardless of "as is" warranties etc., you
can't un-warrant for negligence.  I think that any attorney would be able
to show that it was negligent to leave such a gapping back door.  No, I'm
not litigious, but this *did* cause mucho consequental damages (many people
couldn't get productive work done if their machines weren't online).

>This sort of behaviour has to be crushed, but this is not the way to do it.
>The way to do it is to make sure people get caught if they do it.

I'm not sure to what behavior you're referring.  If you mean a worm or
virus causing loss of compute power or data, then you're right that something
must be done.  If, however, you mean the hacker ethic to FIND those
holes, then I disagree -- we want to encourage people to think and find
these things.  Just being sure that people get caught won't help the next time
6000 machines are made unusable for many hours.

Glenn Tenney
(not an attorney)