A clean Bill of hi-tech health

Linda Tsang reports

The Computer Misuse Act is leading the battle against bugs, says Linda Tsang

"Smoke me a kipper. I'll be back for breakfast...unfortunately, some of your data won't." This was how virus writer Christopher Pile used to sign off on screen.

Pile has made history as the first virus writer to be sent to prison under the Computer Misuse Act 1990. Pile, who operated under the pseudonym of Black Baron, was recently convicted of five counts of gaining unauthorised access to computers, five of making unauthorised modifications and one of inciting others to spread a virus. He was sentenced to 18 months in prison at Exeter Crown Court.

Whether this conviction and sentence will deter others is a moot point. A spokesman for New Scotland Yard said: "The problem is that only about 5 per cent of virus attacks are reported to the police.

"There is also no national police unit to combat what is an international criminal activity."

The case has highlighted one of the inherent weaknesses of the 1990 Act, which was passed at a time when the main threat to computer users was a hacker and not a virus writer.

Jim Bates, the forensic computer scientist who helped track Pile down, said: "This conviction is good news for all computer users. It is the first conviction in the world for writing a virus."

He added: "I would like to think it will deter virus writers from doing more damage, but realistically I think that it will not happen. It's the same as taking drugs. Despite the fact that people die every week from taking them it doesn't stop people from doing it."

Although the scale of the virus problem may be larger than suggested by the level of complaints, Bates thinks that the anti-virus industry has a vested interest in highlighting the dangers posed by viruses.

It is estimated that although the active number of virus writers may be small, there may be between 5,000 and 6,000 viruses on the loose and the number is increasing daily.

But according to New Scotland Yard's Computer Crime Unit, only about 60 to 100 of these viruses cause any damage. A spokesman said: "A major problem is that very few people complain when they are attacked. It is usually only if a lot of damage is done that people complain."

Many users do not report virus attacks because it reflects badly on their organisation.

David Tighe, a partner at Manches & Co in Oxford, said the number of prosecutions under the 1990 Act is growing and it is not just lone virus writers who can cause problems.

Logic bombs are often written into a system by legitimate suppliers. These bombs can then be triggered by certain events, such as failure to pay. In a recent case when this happened and the suppliers had not warned the customer of the bombs, the suppliers' directors were successfully prosecuted under the Act.

There was also the recent case, brought under the Act, where a disgruntled employee went to one of the computer rooms every night and twisted one of the fibre-optic cables so that part of the system went down. He was caught by closed circuit cameras.

Most users do not need such extreme measures, but there is no excuse for any professional practice not to have an anti-virus software package.

If the proper precautions are taken, a user can avoid getting a virus - care should obviously be taken when downloading material from a bulletin board or the Internet.

And all offices should have any disks which come in to the system checked for viruses by the systems manager with packages such as Sweep or Dr Solomon's. Anti-virus packages should also be updated to catch any new and potentially devastating virus.

Compared with other countries, the Computer Misuse Act 1990 is an increasingly effective legal weapon to deal with virus writers. Tighe says the Black Baron's prison sentence may be the first under the Act, "but it won't be the last."