A couple of points here:

1) While the Anti-virus industry could do a better job of preventing generic malicious code such as preventing a VB/VBA script embedded in an email from accessing an address book, such responsibility lies more largely on Microsoft for making it possible in the first place. They are so eager to load their apps with every bell and whistle that they forget about controlling them.

2) Congress has absolutely no understanding of technology (proven many times over) and probably shouldn't even be having a meeting about this.

3) It's ridiculous to suggest a law preventing companies from hiring hackers. No security company wants to hire someone that they believe will be malicious (liability is a big issue). Also, some 15-year old who wrote an email worm in VB once upon a time isn't likely to land a big research or consulting job based on that fact. A lot of security professionals have engaged in improper excursions at some point in time. However, these excursions tend to be in the past and they remain there. A little knowledge wields a lot of power when you're a bored teenager, but you grow up...hopefully.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/32/1806#1806