I find this shocking.
A poll we ran earlier today suggests that three quarters of you think it’s okay to spread a virus if it raises awareness of security issues.
We asked what you felt about the behaviour of the author of the first iPhone worm, which has spread in Australia changing wallpapers to an image of 1980s pop star Rick Astley.
Here’s what you answered:
(By the way, I know it says 76% above. According to my maths it actually works out as 75.8%, so we’ll be generous and say 75%)
Has the world gone completely bonkers? It’s a depressing notion that most people think that doing harm and breaking computer crime laws is a good thing. The 21-year-old Australian student who wrote the iPhone worm has acted utterly irresponsibly – even if he now regretted (which he doesn’t) releasing a worm into the wild, there is nothing he can do to stop it continuing to try and infect jailbroken iPhones.
Can you imagine a world in which everyone takes it upon themselves to release worms and viruses into the wild in the hope that it might “raise awareness”?
Every victim of the iPhone worm has to take steps to repair the damage caused by the worm, and return their phone to normal use. Furthermore, every infected phone will have been eating up the user’s data allowance as it hunted for more victims, potentially generating a large bill at the end of the month.
But what’s worst of all is that the code for the worm is now available for anyone to download. The genie is let out of the bottle – and anyone could write a more dangerous version of the worm which could have a much more dangerous payload.
When I first entered this industry umpteen years ago I learnt an essential truth that is still as true as it was then: There’s no such thing as a good virus. (See this excellent paper by Vesselin Bontchev if you want to read more about that. Or if you don’t have the time or will-power to wade through Vesselin’s paper, here’s a succinct, perfectly formed and much more amusing piece by my colleague Paul Ducklin)
Disclaimer: Please bear in mind that this poll is not scientific and is provided for information purposes only. Sophos makes no guarantees about the accuracy of the results other than that they reflect the choices of the users who participated.