Send this Article Print this Article

Contributed by Adam Barr
osOpinion.com
February 22, 2001

People send around lots of real photos of Anna Kournikova. Spam is a pain, but it's not illegal. In This Story: Sniff Test What Went Wrong? What's the Difference? Comparing Bugs

On Monday, February 12th, e-mail systems worldwide were overloaded by the "Anna Kournikova" worm. The e-mail contained an attachment that purported to be a picture of the Russian tennis player, but turned out to be a Visual Basic script that forwarded itself to everyone in the user's address book.

The mainstream media was abuzz over this latest threat. Makers of virus detection software quickly updated their pattern files. Corporate e-mail users everywhere were warned not to open any attachments. Two days later, Dutch police announced that they had arrested a user known as "OnTheFly," who confessed to releasing the virus. He was charged with damaging private property.

Sniff Test

Now, I may be a big geek, but somehow this doesn't pass the "sniff test" for me as to what should be illegal.

What this program did was e-mail itself to everyone in a user's address book. The e-mail itself was only 5K in size. OK, so what do people normally spend all day doing with their e-mail programs? Sending e-mail to people who are probably in their address book.

Let's say I had 200 people in my address book. I actually have about that many, but only because Outlook Express so cleverly puts in everyone who sends me mail. So the Anna worm would have caused about 1 megabyte of outgoing mail from me.

Well, great. I used to toss around all kinds of 1 megabyte e-mail attachments without thinking too much about it.

What Went Wrong?

Anna, lovely gal that she was, even tried to limit her bandwidth-hogging by using a registry key to track which machines had already spread the e-mail love, and preventing them from sending it again.

So what exactly is so wrong here? You are doing something that people do anyway. People send around lots of real photos of Anna Kournikova. Spam is a pain, but it's not illegal. This worm just turned up the volume a few notches. Right?

The key thing is that you have something which in small amounts is completely legal. So at what point does more of it become illegal?

Think of how much bandwidth Napster transfers suck up on the Internet. Yet nobody is trying to arrest Shawn Fanning for damaging private property.

What's the Difference?

I'm certainly not trying to defend malicious viruses that damage the computer on which they are executed. Even denial of service attacks targeted at a specific company seem "wrong," although again if you are just taking something that is legal in small doses, such as ping, and cranking up the frequency. What is the cutoff for it being illegal?

If I ping a machine once a second, is that illegal? What about once a millisecond?

I felt the same way back in November 1988, when the first Internet worm was unleashed by Robert Morris, a Cornell graduate student. This one also rebroadcast itself using e-mail (although back in those days, it took advantage of Unix mail, as opposed to a Windows e-mail program).

In fact, Morris tried to design the program to limit the speed at which it would spread and the damage it would do to each machine, but due to bugs in his program the limits didn't work. Once he realized his mistake, he tried to notify everyone how to stop his program. Unfortunately he was only partly successful at that effort because the Internet was already pretty toasted by his worm.

Comparing Bugs

Morris was eventually convicted of violating the Computer Fraud and Abuse Act, passed two years earlier, and sentenced to three years of probation, 400 hours of community service, a fine of $10,050, and the costs of his supervision.

People complained that the sentence was too light, but to me it seemed a little harsh for a bug! Especially since at the time, I was a recent college graduate who had spent a lot of time playing around with Unix computers. If I had known about the sendmail and fingerd bugs that Morris' worm took advantage of, I might have written it myself.

And having written it, of course I would have had to unleash it to verify that it worked.

Even today, after having been a professional programmer for over a decade, and having occasionally lost a day of work due to e-mail worms, I can still feel how cool it would be to write a successful (but non-destructive!) worm and have it actually work.

Except for possibly testing the right half of the speedometer on my car, I can't think of any other activities that I contemplate that are actually illegal. So although I can't necessarily think of a defense that would hold up in court, it still doesn't seem like the Anna worm should be illegal.

Why should seasoned journalists have all the fun? Have YOUR Tech/OS Opinion featured on OSO!