Poor netiquette and jobs for net vandals

Letters Unsurprisingly, the big talking point this week is the news that the Sasser skiddie has gone and got himself a job. In the IT security business. Yes, indeed. You can probably guess what the opinion of the majority was on this one:

Stunning.

This a**ehole causes untold amounts of damage and inconvenience and gets offered a job for it. A pity this weasley securtity firm wouldn't actually come out and admit the truth - "by hiring him, we get ourselves some free publicity!".

It would be nice if the perp also stuck his hands up for a change and coughed to "yeah, i just wanted to see if my virus got bigger headlines than the last loser that tried" instead of the rather lame "I didn't realise I was being bad...". It's pathetic.

Anyway. With luck, this 'security' firms clients will drop them like the hot [b|p]ricks they are. Ooh wait! Maybe people whose PCs are still infected will at least know where to go to throttle the little bastard !

Just a thought, if any volatile folks are in the vicinity and fancy doing us all a favour. Planting seeds and all that...

Andrew

How entirely predictable that this clown has been offered a job by Securepoint. The fact that he is being rewarded for a crime is a debate too big for this email but ties in with the general attitude if glorifying criminals while criminalising victims, is the MD of Securepoint a UK politician by any chance?

I look at this with the backdrop of European vendors trying to push their products at us with the sales point that the products are not US and so 'not full of backdoors for the US government to use to spy on us'. How does this sit with a decision to put a writer of malicious software in a role developing security software? I suspect that the fact that his victims were mainly in the US is a major element of his being employed.

The only option in this war, and it is a war, is for all major resellers and integrators to refuse to do business with the organisations that employ these people.

Grahame

Next up, we have a case of mistaken identity, courtesy of McAfee:

McAfee has identified our application, Macro Express, as a virus on more than one occasion. I finally decided to post my action log dealing with McAfee on our website, see here too. I took care to leave out all "editorial comments" and posted "just the facts." Miraculously, no more false-positives!

When I discussed our experience with other software developers at a software development conference, several said "Oh yeah, McAfee is notorious for that."

Kevin

This is interesting, an anti-virus vendor relaeases an update that knocks out an ISPs connections. They then delay releasing the patch, in the meantime said ISP loses customers in droves. Sounds ideal fodder for a conspiracy theory.

Assuming the affected users know that a fix is (or will shortly be available) how could they download it? Thye've lost their web connection, if they re-install, it'll be identified as a trojan and disabled. Catch 22 here. Sounds like more food for a conspiracy theory. Has the owner of the ISP pissed off said AV vendor in any way?

Makes you wonder - - and alos, all of a sudden, makes you realise the power of the AV vendor.....I mean....let's say Microsoft finally decide to use the AV company they've taken over. By release 3 they may have a product that is possibly worthy of the name but it'll be integrated into Windows, and supplied with new Windows releases, as part of XP SP4, Longhorn, with MS Office etc etc so that it becomes pervasive. The, on an automatic update, all of a sudden AOL (for example) becomes identified as a trojan - wipe one competitor.......you see where I'm going.

Sure, Microsoft may say "ooops, sorry, mea culpa, but the damage will have been done.

Oh the power of the monopoly, oh the power of the conspiracy theory. Thankfully I use Mozilla, (most of the time) Open Office (most of the time) and have a laptop running RedHat as well as my Windoze Pee C

Andy

Alas, false-positives are all too common these days. Recently our company was affected when both McAfee *and* Norton detected viruses in our product installers during the same month. Remarkably, both identified nsisdl.dll, a common component shipped with the NSIS installer package, as a trojan.

By the time our users began reporting the problem with McAfee anti-virus there was already a support article posted on McAfee's site that we could reference. On the other hand, we spent a long time on the phone being passed between departments at Norton, while enjoying their fine selection of country muzak. As incredible as this may sound, the operators at Norton's corporate offices can give you the phone number of anyone in the company, but only so long as you know their name. Heaven forbid that you might ask for someone in the product management team for NAV, or the lead engineer in the anti-virus research team.

Essentially, when big name anti-virus vendors get it wrong, there is nothing you can realistically do about it but sit back and wait for a fix to come. Fortunately, most fixes come along pretty quickly, but on the flip side you lose revenue in the meantime and your reputation is tarnished in the eyes of users who simply do not understand the functional complexities of their anti-virus product.

-Al

You had plenty of additions to the list of email's seven deadly sins, as identified in a recent survey:

Underlying the "seven unforgivable sins of e-mailing" is the eighth sin which is one the gravest:

Not giving a memo a descriptive Subject, in particulare indicating whether a response is expected from the receipient.

Kind regards

Espen Ødegaard Sofiemyr Norway

Hi Lucy,

Just read your article about sloppy emailing and felt obligated to share my frustrations with you. In addition to the 7 sins listed, there is one peeve that runs rampant in my company. It is the dreaded dash. Entire full page emails are put out using only one punctuation character, and I suppose it really isn't punctuation.

No periods, no commas, just dashes. Now, I'm only 30 but the rest of the staff is much older than me. I'm sure their teachers pounded the concept of well thought out sentences and proper form into their skulls much more than my teachers did.

Jack Burton, USA

We're thinking of making the dash house style here at El Reg - it is nice and short - and easy to type - and reduces the number of expensive capitals we have to use - since there are no sentences anymore - OK?

Too bad The Professor didn't do his homework either: (n)etiquette for email exists and even has been documented All Over The Net.

In fact, there's even a RFC dealing with the subject; number 1855 and it's been out a while, too. So long, in fact, that parts like the stuff about /talk/ feel a little dated. The stuff about email and usenet sure isn't, it still works that way. Heck, it even worked that way on _fido_.

It's just that we're all still living in september '93 and the net.oldies are getting a bit tired of whacking some sense into the great unwashed.

I myself am not old, I just spent enough time on various networks including usenet, and using email. No, I don't have a life, but I do know how to email.

Anon

Finally, we think we have an explanation for why it is that people hate their IT vendors. The best bit about this theory, is that it invokes the first World War. Classy.

Having bought PCs from three different vendors, I can confirm the syndrome you mention, and explain it. In each case, I was impressed by the vendor's marketing efforts and ended up buying what seemed to be the best deal available.

Having shelled out my hard-earned cash, I was shocked to discover that I was now confronted by a "service" organization whose customer interface resembled the front-line trenches in World War I - barbed wire, machine guns and all.

All three times, my first exposure to the mercies of the "service" organization was more than enough to make me vow never to have anything to do with them again.

Repeat business? We've heard of it: "Now, what can we do to pump up this quarter's figures? I know! Let's outsource the customer service department!"

Tom

Well, that seems pretty conclusive to us. Thus endeth today's lesson. ®