Fridrik said:
You already know my point of view - I think it is completely
unacceptable from an ethical perspective - and I think many of the
other smaller companies may share that view - after all, our ongoing
existence is based on our reputation.
I would agree that an ethical conflict would exist, hiring a someone
currently active in the VX scene either as a programmer or a
groupie/spreader. But, what about someone who may have been there and is
now gone? And I'm talking about at what point might you consider someone
who has redeemed themselves? Do you withhold employment opportunities
forever to anyone and everyone who was active in VX, or do you make
judgment calls? I'm only asking 'cause I'm curious (the Socratic method
of learning). I don't have an agenda to push.
The larger AV companies may share my views, but they have another
reason - a fear that their competitors may use the fact against them:
Everyone who has competitors has to deal with fear, uncertainty and
doubt, regardless of what it is we sell. That's life
Company X sales person: "As you know, company Y employs people who
have written viruses. They may even have sold you software to fight
viruses written by their employees - do you really think you can trust
them to protect you - No, buy our software instead."
The advantages of hiring a former virus writer are relatively small,
compared to the potential damage to reputation and business. Why take
the risk?
I don't know. But, if you can answer my questions above, I might understand.
It is not even as if most virus writers are good
programmers anyhow. Some are, yes...but the vast majority of viruses
are written by people with very limited skills beyond that of
modifying code written by some one else.
Now that I understand. If the skill levels of those coding viruses is
that basic, you don't need them working for you.
Thanks for taking the time to share your perspective.
