That's not a bad suggestion
Posted by David on Monday, October 6, 2003 at 3:38 PM.
Linux creator Linus Torvalds on how to end virus and worm attacks:
"When you have people who hook up these machines that weren't designed for the Internet, and they don't even want to know about all the intricacies of network security, what can you expect? We get what we have now: a system that can be brought down by a teenager with too much time on his hands. Should we blame the teenager? Sure, we can point the finger at him and say, 'Bad boy!' and slap him for it. Will that actually fix anything? No. The next geeky kid frustrated about not getting a date on Saturday night will come along and do the same thing without really understanding the consequences. So either we should make it a law that all geeks have dates -- I'd have supported such a law when I was a teenager -- or the blame is really on the companies who sell and install the systems that are quite that fragile."
From the New York Times, via RISKS.
(I do feel compelled to suggest that that line of reasoning -- not Torvald's alone, to be sure -- is akin to blaming the US Postal Service for kids playing mailbox baseball... Sure, the mailboxes could be built stronger, but fundamentally the kids are committing a crime...)
rfkj, on Tuesday, October 7, 2003 at 9:29 AM:
I certainly would have liked to have had a date in high school!
Obviously, Linus is taking a jab at Microsoft--but let's see what happens if Linus himself is sued for a kernel deficiency that allows an exploitable buffer overflow, or if the OpenSSL developers are sued for the recent spate of security holes there. I bet they'd change their tune pretty fast.
Sure, companies (and individuals) shouldn't develop exploitable software, but that's easier said than done, and they should patch as quickly as possible rather than hoping that nobody will notice, but it's also up to system administrators to patch their systems--Window, Unix, Linux, Mac, whatever--when patches are available.
AND OF COURSE WE SHOULD BLAME THE TEENAGER. Jeez--"It's not his fault, he was bored" is the worst excuse for anything ever. Black-hat activity requires malicious intent. It's not like open systems magically advertise themselves to you without any effort on your part.