Three weeks ago we were interviewing someone for another search firm (search firms often use us to find them candidates since we’re fast and easy). The position was an EVP of Global Marketing for a Fortune 500 company. We don’t name clients but if you use credit cards their name is probably in your wallet or purse.

Everything was going along fine until the candidate casually commented that he was “worried that the authorities will throw the book at the youngster” that had helped propagate the Blaster virus. The bug had struck a number of our search and project clients and caused them numerous problems. Some clients had also been stung by both the Lovebug and Melissa. Since we had informally helped a few through the attacks we knew the various costs, e.g. grief and frustration, escalating IT costs, lost business, etc. first hand.

For a moment we just stared at him. But then we realized we had observed the same attitude in others and in the popular press. Basically, it is the notion that there is something vaguely charming about virus writers (especially if they’re kids, which they often are) and that they don’t do any “real damage” so it seems somehow excessive to “throw the book” at them. We’ve heard this around Board rooms, water coolers and of course Starbucks, too.

Well, excuse me. We must have missed something . To us creating and initiating the spread of a virus is a form of extreme economic violence (Note: computer viruses spread in a manner similar to pathogens in germ warfare—in fact you can model the spread of a computer virus with the same programs used to model, for instance, a war-based smallpox attack).

In my world (earth) if a criminal intentionally causes $7 billion dollars in damage he or she goes to prison. This is how much Lovebug cost all in. The notion that the cost is widely distributed is immaterial. It’s the $7 billion that’s important. And the apprehended virus writer’s typical excuse that they "didn't think it would cause any problems" is too lame for comment.  

We asked the candidate to elaborate on his position. He said that it was all Bill Gates' fault, that "Windows made it possible for this sort of damage to occur." That if Windows had better protection the problem would be largely eliminated. You occasionally see this perspective in the popular press as well: blame the uncaring Rich Guy and his greedy monolithic enterprise.

Something needs to be pointed out here. Windows HAS PROTECTION built into it. The fact that it’s not perfect is unfortunate, but that’s also the real world where no security is perfect, like the lock on your front door. As a reader of this newsletter you probably have a pretty good lock on the front door of a pretty nice residence. But, like it or not, the security of your home is ultimately imperfect. If somebody wants to break in and steal something they will. In the final analysis no lock is good enough. For the clever thief there’s always a way. And you will always have thieves if the ultimate cost of being one is low.

The point is you can have a great lock and a bad person can still steal your property. It’s not your fault or the imperfect lock's. It’s the thief’s. And the thief should be punished .  

We think that any notion of leniency toward virus writers is dangerously shortsighted. There’s nothing charming or especially clever about writing viruses like Sobig and Melissa. The fact that the perpetrators tend to be young is functionally meaningless. The fiscal damage doesn’t care. It’s a form of intentional destruction and major theft and should be dealt with accordingly.

And, by the way, some people seem to think it’s enough to “take away the virus writer’s computer.” We think that’s an excellent idea since you don’t give computers to prisoners.