Truth About Computer Security Hysteria
David L. 'complete idiot' SmithRob Rosenberger, Vmyths co-founder
Saturday, 18 December 1999
POOR DAVID SMITH. First he accidentally exploited a nearly universal design flaw in email infrastructure security. Then he confessed to writing the Melissa virus. Then he accepted the prosecution's claim of complete Internet email destruction. Then he plea-bargained for the maximum penalty.
What a complete idiot! Can you believe the FBI fears people like Smith?
Suppose Smith released Melissa just six days later. Do you really think the FBI would launch a nationwide manhunt over a no-payload virus released on April Fool's Day? I ridiculed the prosecution's case with this one simple philosophical question. Taking it a bit farther, do you think NJ governor Christie Todd Whitman would ride the coattails of an April Fool's Day prank?
In the final analysis, Smith will go to prison because he released his virus six days too soon. "Premature escalation," as I like to say. What a complete idiot.
Melissa's author didn't get the benefit of my advice, but Microsoft will. Two words, Bill: "sue him." No joke. Take Smith to small claims court for phone calls and other miscellaneous expenses.
Why small claims court? Contrary to initial press reports, Redmond's security team walked away from Melissa with scratches. They could sue for millions only by trumping up the charges. Microsoft can force the media to face this fact if they slapp Smith for a few hundred bucks.
Can you imagine if Gates showed up for the post-trial press interview? "I wanted to dock employees whose PCs got infected. I also thought about suing everyone who emailed us a Melissa attachment. Unfortunately, the world still rewards users whose PCs get infected. So I told my lawyers to go after Smith instead." Boy, I hope Judge Judy arbitrates it.
Smith got railroaded by photo-op hounds and he'll get a rimjob at his sentence hearing. I couldn't care less — a complete idiot deserves everything he gets. In fact, I hope the judge bars Smith for life from government contracts.
Bon voyage, dude. Give your cellmate a kiss for me.
A spokeswoman said that when it hired him [in September], the foundation did not recognize Smith as the suspected author of the virus... He went about his work quietly and unrecognized for two months, trouble-shooting computers in offices on Rutgers' New Brunswick campus.
Smith repaired PCs on a university campus for two months with no one the wiser? Absolutely amazing. Another newswire story says Rutgers will search their computers for evil viruses. (Close the barn door after the horses get out? How cliché.)
We might see Smith someday in an American Express commercial. "Hi, do you know me? My computer virus caused over $80 million in damages..."
Still, Smith gets something very important out of all this: notoriety. We can at least rejoice because Michelangelo's author remains anonymous to this day. (How would you like it if the whole world knew you by reputation yet nobody knew your name?) Heck, Michelangelo's author might still work at Rutger's for all we know.
Smith never realized he would earn a footnote in history, but we'll forget this. We'll also forget he accidentally exposed serious flaws in antivirus software and email infrastructure security. A complete idiot who named 105 lines of Word macro code for a strip dancer? Bah. Clueless pundits in the future will recall Smith as "a gifted mage who nearly destroyed the Internet on a whim."