Microsoft is not getting into the bad-guy catching business, a Microsoft lawyer said after the software maker announced Wednesday that it will provide a $5 million pool of reward money to help catch cybercriminals.
At a press conference to publicize the reward program, Microsoft said it will work with the Secret Service, the FBI and Interpol, an international law enforcement agency, to fight cybercrime.
But Hemanshu Nigam, an attorney in Microsoft's digital integrity group, said that tracking down those who launch malicious code is the job of law enforcement officials. Microsoft will simply pay out the reward money if an individual is brought to justice, he said. Any leads in a case will go to the law enforcement community, not Microsoft.
The computer software industry is young enough that until now it has focused more on innovation and less on locking down systems, said Jonathan Zuck, president of the Association for Competitive Technology, a Washington, D.C.-based industry association.
"We've focused on treats, and security is like vegetables," Zuck said.
Zuck said the biggest thing still missing is the education of end users. Most studies reveal that many security issues happen because of poor education on the part of computer users.
"Users give out information they shouldn't; they install things they shouldn't," he said. "The least controllable variable is the user."
Microsoft's rewards program will be administered within the company's office of legal and corporate affairs.
Currently, there are two rewards offered at $250,000 -- one for the Sobig worm and one for the Blaster worm. Nigam said there will be lots of factors to help determine the amount of reward money for future viruses and worms. "We will consider what our antivirus partners assign as a threat, the impact that consumers have as a threat, and we will also decide after consulting with our law enforcement partners," he said.
Some customers are skeptical that the reward system will succeed, particularly where foreign governments are concerned. "How are you going to prosecute someone if they're in China?" said Doug Spindler, president of the San Francisco Networking Technologies Users Group and a systems administrator.
"What incentive does Russia have to capture someone?" he said.
FOR MORE INFORMATION:
Best Web Links: Security