Just Say No to Viruses and Worms...Politicians hear testimony...

FYI...

http://www.wired.com/news/print/0,1294,60391,00.html
Sep. 11, 2003
"Members of the computing industry and law enforcement testified before the technology subcommittee of the House Committee on Government Reform Wednesday about how to protect the nation's computing systems from viruses and worms. Their remarks came as computer security professionals were poised to tackle a new version of the Sobig worm that may attack computers soon and as Microsoft announced new vulnerabilities in the Windows operating system...
...Perhaps the most controversial suggestion came from John Schwarz, president and COO of antivirus firm Symantec, who called for legislation to criminalize the sharing of information and tools online that can be used by malicious hackers and virus writers. Virus writers and hackers often learn from each other and share automated tools and code on websites. By making it illegal to post malicious code and information, Schwarz implied, the number of attacks would be reduced. He did not say...how legislators would determine the difference between malicious information and that used for legitimate security research, or whether such a law might compromise freedom of speech...The speed of cyberattacks has also accelerated dramatically, with a shrinking window of opportunity for patching systems after a vulnerability is announced..."

 

Implications for the Future
http://www.cert.org/congressional_testimony/Pethia-Testimony-9-10-2003/

"...The Internet is not only vulnerable to attack today, but it will stay vulnerable to attack in the foreseeable future...The Internet now connects over 171,000,000 computers and continues to grow at a rapid pace. At any point in time, there are millions of connected computers that are vulnerable to one form of attack or another...Attack technology has now advanced to the point where it is easy for attackers to take advantage of these vulnerable machines and harness them together to launch high-powered attacks...It is critical for technology vendors to produce products that are impervious to worms and viruses in the first place. In today's Internet environment, a security approach based on "user beware" is unacceptable. The systems are too complex and the attacks happen too fast for this approach to work..."