I heard from the radio that they caught the writer of the Sasser worm. The culprit turned out to be a high school in Germany. Nothing surprising there, not even the fact that the writer is a high school student. Actually, most worm and virus writers are probably very young, under 15 years old. Of course, labeling them "worm writers" in many cases is probably charitable as they most probably simply copy some worm or virus toolkits out on the Internet, and simply change some of the particulars and then float them on the Internet.
Still, it is sobering to know that all these so-called hi-tech systems can be compromised by a few kids. Who bears the responsibilities of securing these systems? Is it Microsoft's responsibilities that the Windows operating system be secure to a certain extent, more than a kid can compromise with minimal knowledge of the operating system but abandon amount of enthusiasm? Or, as many people believe, it is the owner's responsibilities of securing the systems to prevent compromises?
I tend to believe both are responsible. I think securing a house is a useful analogy. When we buy a house, we expect the house to be reasonably secure, with reasonably secure doors, reasonably good locks, etc., all relative to the neighbourhood the house is in. The idea is that a high-school kid on a lunch break should not be able to walk in your house with little or no effort to break in. Of course, an ordinary house will not prevent a professional thief from breaking in. That is just the way life usually is: we cannot remove all risks. So, when we buy an operating system, one that is expected to be connected to the Internet, it is perhaps the operating system vendor's responsibilities to make it secure enough that a high-school kid cannot hack into it with little or no effort. Professional hackers are a different story.
