Microsoft's Virus Bounty Plan Sound Familiar? It Should
from the worked-so-well-the-first-time dept
When I started seeing stories all over the web about Microsoft's offer of a $250,000 bounty for the authors of the Conficker virus, I thought that the plan sounded awfully familiar. Going through the Techdirt archives, I turned up some stories on bounties for phishers and spammers, then found a post from 2003 talking about how the company had set aside $5 million for bounties on people who wrote viruses and worms. While it's not clear if Microsoft has actually paid out any of that cash, it is pretty clear that the bounty plan hasn't done much to make Windows any more secure since it was announced. And neither will this latest bounty. Like the previous plan, it's gotten Microsoft tons of press that makes the company look tough -- but it doesn't solve the underlying security problems of the Windows platform. Catching the people who wrote the Conficker worm won't undo any of the problems they've exposed, and it certainly won't make Windows users any more secure.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bounty, cornficker, virus
Companies: microsoft
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
concerned civ.
[ link to this | view in chronology ]
Re: No...
[ link to this | view in chronology ]
No conviction, no pay. Conviction, but it's a plea to a lessor charge, no pay. Conviction, but the police found a lead independent from your information, no pay.
Ratting out your friend/associate for the mere minuscule chance that MS might pay up a 1/4 of a million dollars, of which you'll have to pay a boat load of taxes on...? Not worth it in the least.
[ link to this | view in chronology ]
Re: Still
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
No, it won't.
There was no patch before Conficker was released into the wild. Microsoft released a patch soon after, but it was several weeks before many companies could deploy it as Microsoft patches do have a habit of screwing up large enterprises in various unexpected ways if not properly tested beforehand. Microsoft have also not released patches that work with some service pack versions of 2000 and XP.
So, regular patching would not have helped in this case. The virus attacked yet another buffer overflow vulnerability, a class of attack that Windows always seems particularly vulnerable to. Microsoft do still deserve some blame in this attack, and the bounty is a half-assed attempt to save face among the mainstream media.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Bounty
[ link to this | view in chronology ]
Re: Bounty
[ link to this | view in chronology ]
Didn't Bruce Schneier coin the term...
But this is actually doing less than nothing, in terms of real security, isn't it? So we should all call this nonsense "Security Theater Advertising".
[ link to this | view in chronology ]
Marketing
[ link to this | view in chronology ]
Dog is srous about security
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]