Slashdot Mirror
Symantec Tries to Censor Criticism
Let's first get the facts straight. Peacefire has not posted copyrighted material. It has posted code to decrypt I-Gear's encrypted blacklist. This is exactly like the DeCSS case, except the goal is criticizing a product instead of space-shifting movies.
The criticism here is that 76% of the .edu-domain blocks are wrong. This is a huge number. This suggests that, for every time the product blocks you from offensive material at an .edu Web site, there are three other times it blocked you from perfectly ordinary material.
While there are some people (like Bruce Taylor of the National Law Center for Children and Families) who would like to deny it, nobody's making this stuff up. Censorware really does suck. In fact, Peacefire did the same thing to X-Stop, another blocking package, two weeks earlier, and found a 68% .edu error rate. (But its maker hasn't threatened to sue. Yet.)
So what did Peacefire learn about I-Gear? A description of a milking machine system written in Spanish - blocked. Tricks for a flight sim game - blocked. A page entirely in Latin - blocked. Volumes 4 and 6 of "Decline and Fall of the Roman Empire" - blocked (but you can still read Volumes 1, 2, 3, and 5, go figure).
Furthermore, Peacefire revealed that Symantec is apparently violating its privacy policy by sending information to its servers without telling the user. Your Windows-registered "real name" and "company name" secretly get sent back to Symantec.
You may recall Haselton's Slashdot story "Keep it Legal to Embarrass Big Companies," from two weeks ago. He wondered if these kinds of pressure tactics would be the response to his efforts. It's already started.
The legal issue appears to be whether Symantec's End-User License Agreement (EULA) can contain a clause prohibiting reverse-engineering - and whether that clause can be enforced. UCITA will be the thousand-pound gorilla here, providing real legal muscle behind onerous EULAs. Fortunately, the current legal situation is more iffy, and cnet's story talks about that a little.
Symantec wants to distribute I-Gear only on the condition that nobody looks under the hood or says anything bad about it. And UCITA would back that up - by sending people like Haselton to jail for revealing products' flaws.
And then there's the question of why Symantec is using lousy crypto in the first place. As KnobDicker concludes: "Rather than being thankful that Haselton has conducted testing and work that they should have done themselves in the first place (for *free*), Symantec is crying in their beer and threatening to break out the lawyers to quash the bad press. Chalk up another one for the Open Source model's system of thorough peer review instead of development in a proprietary vacuum."
-Kahuna Burger
...will work for Chick tracts...
Symantec can lick my bum. I fart in their general direction, their CEO is a hamster and their CTO smells of elderberries
I knew Symantec couldn't be trusted! Ever since they started buying companies they became less tolerant. I think it's time for a boycot!
Just another example of how a large company would rather sue than fix a product and risk havning their name tarnished. ...no longer must I sweep for you for I am not your broom. - TMBG
Pair up in threes. - Yogi Berra
I urge everyone who supports anti-censorship causes like this one go to the PeaceFire site and buy a t-shirt and give a donation. The last time PeaceFire was featured in an article a number of people bought shirts, but nobody made a donation. Bennett is not making money off the t-shirt sales. Giving a little, even just $US5-10 would be helpful, and would bring the price of the t-shirt up to what you'd normally see.
----------
"And I thought 'Reverend Billy
Remember when Sony filed suit against Connectix for essentially the same thing? End result was Sonly lost because the court of appeals stated that Connectix was in compliance with the DMCA and that this use of reverse engineering is protected under fair use.
More race stuff in one place,
than any one place on the net.
Eric
>And then there's the question of why Symantec is
>using lousy crypto in the first place
Because it's not possible to keep secrets on an untrusted computer that needs to access them. If the program needs to decrypt the URL list itself, than so can anyone with a copy of the program, if they spend the effort. You can sue the best crypto alogrithm in the world, but then they key is stored somewhere in the program, where the owenr of the computer can get at it.
This is a fancy version of copy protection and client-side security. It can't be made unbreakable.
This is also why there aren't more filters for Linux. Linux is being used for many network gateways, and there is a market for various kinds of filters. It would be trivial to implement, it's just that most companies are trying to sell as if it's a one-time software package rather than selling databases for the filters.
E tu,Sextus?
I hope to graduate manga cum laude.
Seems more like a fatuus mons stercoris, if I remember my Latin correctly (and I probably don't).
--Jeff
A quick little story about my experiences... Back when I was a high school Sophomore, blocking software was just in it's infancy (assuming it still isn't). Bowing to pressure from parents, the country slapped software onto its network which hadn't even cleared the beta stage. Meanwhile, those of us in the business department of the school were using the net to track stocks, using a state run program which cost the department a good $200. (I know, we could have done this with a newspaper and a calculator, but the department wanted to use the net to prove to parents that they were "high tech." The day the software was installed, all the websites our $200 software used were instantly blocked, for reasons unknown. As a result, we spent the next 2 weeks watching crappy 80's documentary videos. Oddly enough....whitehouse.com remained unblocked...
"Isn't that the sweetest little well-balanced undergraduate-level philosophy of life."
As for the blocked Latin page, Courville speculated that the software's language-translation capabilities may have found something in the Latin text that qualified it under the pornographic categorization.
Haselton guessed that something may have been the high frequency of the Latin word "cum."
That's classic.
-josh
At least, I'm not suprised. Symantec has lots of money and lawyers, and they are the average petulant company, pissed that someone isn't playing exactly by their rules.
Some of you may recall that Solid Oak Software has threatened Peacefire in the past. Hell, Solid Oak has even mail-bombed detractors and has recompiled their CYBERSitter software to generate a fake error message if it finds peacefire.org in your browser cache on install. Don't be suprised if Symantec does equally vile things to their consumers. After all, censorship is vile business. Certainly, there is no reason for this attack on Peacefire other than to "get even" for questioning their "moral" authority.
The only thing we can hope for is that this will result in a win for Peacefire. Otherwise, get ready for Big Brother in full effect...
-- Count Spatula: The Culinary Vampire "...because my cooking sucks."
I can understand why Symantec wouldn't want such a thing decrypted - a competitor could simply decrypt their list and use it. However, seeing as I-gear probably won't be installed on any /.'ers computer, I don't think its an issue. Who cares what some software company has in it's license terms? Don't we realize that if we in the open source movement wrote software that EVERYONE wanted to run, that these "Big Bad Software Companies" would be at our mercy. They couldn't release software with ludicrous license agreements if everyone wanted to run GPL'ed software.
The society for a thought-free internet welcomes you.
I kind of agree with symantec here... I mean, what Peacefire did is extremely misleading... No site blocking software is going to be perfect, but for them to disect the list, but only the first 50, and at that, only the first 50 educational sites, and then post findings such as a 76% error rate... I mean, that's very biased, and absurd.
.edu sites contained in the list. 5%? 10%?
If they can decode the list in it's entirety, why don't they do a little more analyisis of it... What is percentage of
How about an analysis of the first 1000 entries? EDU or not.
In direct marketing, people realize that a sampling of 10,000 people from a given list is generally the bare minimum to use in terms of being able to accurately predict response rates... For instance if mail something to 1,000 people from the same list and get a great response, you shouldn't go ahead and buy 100,000 more names fom that list, because you didn't get an accurate sampling...
The same goes with peacefires thing... They're using nearly enough information to give a real idea of what's happening... When you're able to skew data like that, you can show nearly any result that you want.
Symantec is pushing some crappy software in iGear.
OK, now let's sit back and see if I get sued. I'm waiting.
Still waiting...
Eric
The problem is, the idea I have does involve what some could consider a privacy violation. However, in the end this one might well be worth it. You decide...
Every time a piece of censorware blocks a site, it sends the URL (with no information which could identify the user) back to the company which makes it. The companies must keep these lists of blocked URL's public and up-to-date.
Why do I think this should be done? Because it makes you see the censorware companies for what they are; people who compile blacklists of banned information. Not unlike book-burning (I hate to use this comparison so often, but there's nothing more appropriate), only on a scale not seen in the West since Hitler's time. The idea here is to get people to see filters for what they really are. No law is going to directly change the current situation of censorship. It takes a cultural shift to do something like that, to make the people see that censoring knowledge -any knowledge- is far worse than the information itself could possibly be. But for that to happen, people have to see censorship for what it is. Censorware companies have been using sneaky marketing tricks to confuse people for several years now, and the sad fact is that it's worked pretty damn well. So before we can set out to change attitudes toward censorship, we have to undo that confusion. It's the only way it'll ever work.
Assuming any company is retarded enough to sue them anyway. Imagine the bad press and negative mindshare it'd get them...
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
One large arguement I see from many of you is that censor proxies have too many valid sites blocked. Well, how about taking the Open Source/distributed.net approach? I know there are some for squid. How about a system where each morning/once a week/whatever a group of moderators are sent URLs to check up on. They do so, trying to determine if it's some directory, or the whole domain that gets listed. If there is porn (a set of standards would have to be established), they report back and it's added to the blacklist. I know I would be willing to take a few minutes every once in a while to do so. You could have a whole system of checks on the web site, if someone doesn't agree with a blacklisting, it's sent to two or three moderators and if they don't agree it's removed. If someone finds a new porn page, they can submit it and it's added to the queue. If there were hundreds of moderators, like Debian does with it's packs, each individual has only a small workload.
Then every week or so the HQ web site puts out a new blacklist. We can have all kinds of easy update utils to help those not squid-knowledgable, and some folks could make a Windows application to do it for those folks as well. Heck, if the existing censorware's methods are decrypted like this one, we could write utils to encrypt it again and drop it in to their directory.
I'm not going into whether you like blacklists or not, so let's keep these to ways of doing it correctly, since these other prorgams don't seem to do it very well. Using an open source list, and appropriate means of rectifying errors, we can do it properly.
Manga cum laude? You're getting a degree in anime? Cool! Where can I sign up for that program??
-- WhiskeyJack
I am fixing to send off my donation to peacefire. I hope everyone else does to. If.. 1000 people donated 10 dollars its not a lot but it matters. I hope everyone really considers what 10 dollars can buy in an effort. This is something we all need to do strength in numbers support people with backbone so they dont get their balls busted! Now gogogo
Jeremy Allen
Disclaimer:This post was made from M14 (Mozilla Seamonkey!)
Besides making donations to PeaceFire, people should mirror the decrypting software in case PeaceFires's ISP folds under the pressure from Symantec.
Obviously, what Symantec should have done is admitted the problem and fixed the software. In fact, they should just make the blocked list of URL's "open-source" in the sense that everyone could see the blocked list, contribute links that should be blocked, and correct things that are incorrectly blocked. Enough eyeballs makes all bugs shallow...
If I was a parent, and I felt I needed blocking software for my children, an open-source system is the only thing I would consider.
Torrey Hoffman (Azog)
Torrey Hoffman (Azog)
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
Even if you had 95% accuracy (which is far, far better than anything on the market actually achieves), there would still be an unacceptable number of unblocked sites and mistakenly blocked sites. Let's assume there are 10,000,000 web sites; under a given rating system, 1,000,000 are blockable, and 9,000,000 are permissable. With 95% accuracy you would have 50,000 sites that should be blocked that are not, and 450,000 sites blocked that shouldn't be.
What really makes me scratch my head is why adult-oriented sites provide links to the various censorware sites. Webmasters, particuarly adult webmasters, should be the LAST people on the planet to lend legitimacy to these snake-oil salesmen and wanna-be thought police.
The internet is an amazing resource. Like the real world, cyberspace has much to offer; some of it appropriate for children, some of it not. Parents need to be educated that they need to supervise their children in cyberspace just as much as they do in meatspace. If people spent half as much money and effort promoting parent education as they did promoting ineffectual censorware, they might actually achive their stated goal of protecting the children. Unfortunatly, for most of these people "protecting the children" is a merely convienient cover for their real agenda of forcing their religious beliefs down everyone else's throats.
"The axiom 'An honest man has nothing to fear from the police'
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
From:
.edu domain blocked as "pornography", 38 of those were errors, for a 76% error rate. We also discovered that when you install I-Gear, it scans in your real name used to register your copy of Windows, and uploads this information to Symantec
.edu sites have porn?
http://www.peacefire.org/
March 2, 2000
Download IGDecode, a program that can decrypt the list of sites blocked by I-Gear. We decrypted I-Gear's list and determined that of the first 50 URL's in the
...
So, uhh...12 of the first 50
Does anyone have any way of contacting someone relevant at Symantec? I want to send email and bitch them out. And y'all should too. We're customers, and some of us make purchasing decisions for large companies. They've pissed us off, and they need to know it. Problem is, all the email addresses on their site are for tech support and customer service and the like. I want an email to a VP, or at least to someone in public relations, whose job it is to care about things like this. Anyone who has this info, please post it, and y'all moderators, up it so people will see it!
Thanks
"Research is what I am doing when I don't know what I am doing." -- Wernher von Braun
Did you?
>The hyperlinks referred to above violate Symantec's copyrights and trade
secret rights,
What?
They are links. Not ideas or anything intellectual. How can you copywrite this?
How are they trade secrets? Links to porn sites are a secret? These are sites dying to get hits.
I just don't get it. Its like calling my "spots in Lake Ontario to catch the best fish" a copywrited material.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
(I know, it's miles off-topic, but still a good story.)
Much Love,
"S"HM
*****
(I refuse to spellcheck out of contempt for your belief system)
And, if Peacefire had numbers like "76% of .edu blocks are incorrect", why doesn't Symantec respond by questioning their methodology, or providing statistics of their own about precision and recall in their filtering software?
Either they have the data, and would rather resort to lawsuits instead of defending their product, or they don't even bother to do the most basic quality control on their product. Either way, that's a really friggin' lazy corporation.
normal(adj)- people who don't sit on slashdot all day wondering why everyone else isn't building robots [DECS]
Have you looked at their analysis? It wasn't some quick and dirty glance; you have to read the whole page to be sure the whole page is "clean". If a site is mistakenly listed, you have to look at the entire page to see that.
Doing this to EVERY site would simply take too long. In fact, this is how these idiot filter companies get bogus entries to start with -- they just look at the name, don't even bother to read the page itself.
Secondly, this is the TOP 50 sites, presumably the worst offenders. It's as if you were verifying the FBI top most wanted criminals, and found 76% who were in fact not criminals, just ordinary professors or students. Why bother checking the rest? If the so-called worst offenders are 3/4 wrong, why even bother with the rest? If they can't even get the worst offenders right, what does it matter how right the rest are? If Symantec can't be bothered to verify even the worst offenders, what makes you think they are going to verify the small fries?
--
Infuriate left and right
There is no way that this decrypter can be banned by current federal law because it isn't for reverse engineering and the like. It is only to see a list of blocked sites. Symantec really doesn't have a case here and if peacefire plays its cards correctly it could set a major precedent here.
I didn't think so
thank you
If you don't agree with someone methodology of evaluating your product would you sue them? Note: the lawsuit is not for defamation, its for breaking trade secrets.
How about a rebuttel from Symamtic? How about working with Peacefire instead of against them. You can even say "The only censorware approved by anti censors." or something catchy like that.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
A Reference Model of how to block sites with substantially lower error rates than our commercial cousins.
For those [ahem] interested, a better way to find web porn.
And who wouldn't enjoy destroying the revenue of the censorware companies while we're at it?
The obvious caveat: To actually deploy this we'd have to write a Win32 version for the home PC's.
Yes, the error rate is high. But why have they only sampled 50 sites? It seems a too small number to get an accurate estimate.
AC, born on the 6th of Sextivus!
--
Why are people so hung up about sex? Sheesh.
Oh... god... make it stop! PLEASE!!! :^)
Now where are those moderator points when I need them, CmdrTaco?!? ^_^
SCNR...
np: The Irresistible Force - The Lie-In King (It's Tomorrow Already)
As always under permanent deconstruction.
"I'm not anti-anything, I'm anti-everything, it fits better." - Sole
I live in Eugene, Oregon, where Symantec's biggest call center is located. They located here because the local community college started a supposedly "excellent" end-user support program-- so they say. They also hire workers for $8.00 an hour and force them to work as temp slaves for up to 15 months before they get benefits (this in the 3rd most expensive housing market in the U$). Then they can people at the least change in the software market, and if they want to go back to work there, often make them go through the probationary BS again. And what do they make-- for the most part crummy fixes for a certain crummy OS or add-ons which should be free (as in beer) for that certain crappy OS. Personally, with the exception of Norton Antivirus, which I use because we have a site license, I just say no to Symantec.
Bruce Taylor, chief counsel to the National Law Center for Children and Families in Fairfax, Va., disputed Haselton's study.
"I don't trust that Peacefire is telling the truth," Taylor said. "It's all part of the cyberpunk revolution. They don't like the government telling them that they don't have free access to the Internet. It's like 'Lord of the Flies,' and they think they have the conch."
The idea behind Open Source is that code and information should be free. Not just free as in "at no cost," but free as in "free flowing." But the Open Source mindset that is required to have a successful project can't also agree with the idea of censorship in the first place. They are contradictory ideals.
The whole reason censorship is wrong is that no two people can agree on what should or should not be censored. The reason OS works for software is that a bug's discovery or feature's implementation will be obvious to someone, given a large enough sample set. An open source censorware program would have people simultaneously working towards contradictory ends -- every site will offend someone, and every site should be read by someone. So the sum total of all people will want to block everything, while the rest are trying to unblock everything!
This is why we must defend everyone's right to say whatever they want to say, no matter how much we detest it -- including things said by those who support censorship. It's why the price of freedom is ever-present vigilance.
Censorship and Open Source are contradictory aims and an Open Source censorware program could never succeed. Censorware itself is a "Cathedral" mindset -- where the "priests" hand down to us "laypersons" what is and is not acceptable, and if we don't like it, the best we're allowed is to hope for a change in the next revision.
The best way to fight back, if you ask me, is to use this fact to our advantage: No two censors agree on what should be censored, and what should not be censored. A house divided against itself cannot stand. This is, ultimately, why we will win the battle against censorship -- even though today things look bleak.
"Cum" which means "with" in Latin isn't the only word that could be construed as naughty. asinus,-i ass (as in moron) virgo,virginis young maiden anus old woman rectus straight vagina (it means 'sword' or 'sword holder'I think)
"Those who would sacrifice freedom for a little temporary safety deserve neither freedom nor safety" -Ben Franklin
Oops, I hit "submit" instead of "preview". (perhaps this will add a % point or two to my /. purity test?)
s f/product+feedback
;)
http:// service1.symantec.com/DISCUSS/SUPPORT/feedback2.n
Now, I'll hit the "preview button"...
-- Count Spatula: The Culinary Vampire "...because my cooking sucks."
What a shame. I used to like some of Symantec's products. But... I cannot support a company that secretly steals information against their own privacy policy. It doesn't matter if the company they bought disclosed it or not, it is Symantec's responsibility to go through their purchased property before plastering their name on it. Sorta like a Captain is responsible for his crews' actions.
I want to go through the banned sites to see if any of my domains are in it. What are the legalities if your site is included? Can one sue because of mistakes made by Symantec? Isn't that lost revenue, the same as if someone cracked into your web server and deleted the site? The results are similar.
As far as threatening Peacefire, they are now in the league of bullying companies that threaten rather than fix. It's surely easier (and cheaper) to threaten lawsuits than it would be to fix the problem. Distributed-checking the URLs, as someone here has already suggested, would allow blocking of real porn sites from kids yet not have stupid blocks against items like Latin language texts. Hell, have URL's checked by at least 5 independent folks to eliminate biased censorship. This would give Symantec an edge over the other censorwares (we check so you don't have to, and we can PROVE it). If their encryption was poor, fix it... but why censor their lists? Is it because they're afraid that bona-fide non-offensive sites will sue? Open the lists. Put in seeded fakes so they can check if other companies are stealing their work.
As an aside, I've always supported Peacefire. I've had a link off of warpedreality.com since I put it online. Isn't it worth a line if text off of your page too?
"First things first, but not necessarily in that order."
- Doctor Who
--
Rob Carlson
How does Haselton's cracking honestly fall under the definition of "interoperability" or "testing computer security systems"? Any definition I can think of where Haselton's actions would be considered "testing security" would be so tortuous as to render the phrase meaningless. "No sir, I wasn't hacking the encryption, I was just testing security systems" isn't going to fly without additional credible indication of intent. Mr Haselton's publication of the encrypted contents along with an analysis of the contents, (not just publishing the fact that the security was weak like 99% of security alerts) suggests quite strongly that his goal was *not* testing security methods but gaining access to secured content. The interoperability argument in this case is even more specious-- what two pieces of software was Mr. Haselton trying to make interoperate?
IANAL, but Haselton looks like he's standing on shaky ground, even assuming a noble purpose. Looks to me like a classic case of thinking that the ends justify the means. I welcome rational counterarguments; perhaps I'm missing something?
--LP
(since I don't have moderator points right now)
Of course, there's always...
http://www.userfriendly.org (3, Funny)
http://slashdot.org (-1, Flamebait)
[TMB]
Symantec does not like having their mistakes made public! This is what is being done.
This is not being done so people can sell a forbidden list, hmmmm....
This is like some database companies not allowing benchmarks to be published w/o their permission (they would probably only give permission to publish what would make them look good).
Fight Spammers!
Well, I guess it's time for an ISP to set up a service where they will notify their customers about information being sent from their machines that might be violating their privacy. Such a measure, not specifically targetted at a particular product and not conducted by the user bound by the agreement might be harder to successfully sue over.
I can't believe Symantec didn't use a simple hash instead of symmetric encryption... I mean... duh! :)
;)
All it would take is to take a ban list, and use a nice harsh crypt or CRC sum on each entry, with different seeds for each entry - when you are testing a URL for p0rn-ness, extract its domain and test it, then add in the path as well, and check it. easy.
Hmmm... I wonder if this Blacklist decryption software could be used to retrieve some URLs for my bookmarks file... Where's the source again?
HelpGeeks - don't bother visiting, it's not worth it! Really!
I cannot read the peacefire.org page
because our corporate cyberpatrol blocks
all access to peacefire.org.
Just make the thing completely server side. Have IE, Netscape, or Mozilla set to block all sites except www.opencensor.org. Then on opencensor.org you just set up a web proxy like www.anonymizer.com.
Stop by my site where I write about ERP systems & more
Although I personally am against am against censorware, and censorship in general, I used to work for an ISP which wanted to implement "Kid-Safe" internet. I researched all of the different filtering products out there and came to the conclusion that I-Gear was the best product out there. In my opinion the algorithym that they used was fairly advanced.
.edu sites (although it seems these would be among the first sites that I-Gear's developers would check for offensiveness, since they have "hundreds" of people combing the net for bad sites)
What pisses me off, however is the fact that in the product advertisements they say that they list is constantly updated by humans. Now I am lead to believe this is bullshit.
I still am not *completely* opposed to filtering... there are sooo many people out there whom are so terrified that their kids will *gasp* find a nude picture on the net, or they might come across something that implys that there may in fact not be a god, or whatever, and these people would not allow their children to use the internet if it weren't for this sort of option.
I think that the guys at peacefire are generally doing a good thing here, but they still kinda need to get a clue. There is more to this software than they are letting on. First of all, the software allows two accts, one filtered and one not filtered. If a kid says that a site is ok, but the software is blocking it (I had this happen with a greeting card site once-- completely clean FYI) the parent can log on, check it out, allow the child to see the site for 5 minutes (i believe) and then email the admin, who can make the page always allowed.
How bad is that?
Please also keep in mind that the site is very unscientific and could possibly be very misleading. They only showed the first 50 of the
Just keep that in mind.
And as for people blaming all of this on Symantec... It has little to do with them. They just recently bought the company that used to make I-Gear... UR-Labs.
Just trying to set things a little straight --
-- Kneel (uber-geek)
indierock / punkrock band photos and more... http://www.digitaldefection.net
We use a Sonicwall unit for DHCP/VPN/filter here at work, and it blocks the peacefire.org site with the following codes:Code:abcdefghijkl - 00.C0.F0.48.51.E0 - www.peacefire.org
Here's the breakdown on what those letter codes mean
Time to let their filter people know about this "oversight"...
Though I agree with your reasoning, I wanted to offer some clarifications.
.us top-level domain indexed by location, (example k12.nyc.ny.us) although a few private schools might be using .edu
.
.edu sites must be relatively good . . .
1) k12.edu sites often have pages made for group projects by kids under 18
There is no such thing as k12.edu sites. k12 sites that are properly named are almost all on the
2) These same kids will probably end up looking at university sites . .
High school students that know how to use grep, likely can circumvent most filtering software.
3) The signal/noise ratio on
You're thinking of URLs off the main webserver(s) for the schools. However, since many dorms have 24/7 internet connections, a lot of students have set up servers on the personal PCs (note all the recent discussions on Napster).
The data is not skewed data. It is peacefires standard benchmark. It is specifically chosen since there is a high chance for error in the .edu domain. It also allows peacefire to miss 99.9% of commercial sex sites, since you need to be an accredited educational institution before you can register an edu domain.
.edu domains for their benchmark. 3. Peacefire doesn't have the manpower to check it all and they shouldn't have to. It is the responsibility of the vendor to QA their own product. Symantec assumed the mantle when they decided to offer a product to block sites for content.
/Duncan
Note: 1. Peacefire does not claim the whole block list is inaccurate at 76%. 2. They note upfront in the first paragraph that they only test the first 50 reachable
Peacefire isn't a competitor claiming better performance than Symantec. They are claiming that this(symantec's product) cannot substutite for direct supervision. This is a simple proof by counterexample and one exception is all that is required.
Duncan Watson -Rock climbing, Encryption, privacy
PGP Fingerprint -PGP Key on www.keyserver.net
Duncan Watson
--
Time is Nature's way of keeping everything from happening at once... the bitch.
Actually, no... the way that this sort of software works (I used to work for a company which is a purveyor of a like product) is using hash tables. The order that the sites come out has nothing to do with how bad they are, just the particular combination of hashing algorithm and URL database.
[TMB]
OK, I now I'm really begining to wonder. One of the pages that was censored was 75k of latin (at least according to the description). Well, being a latin major I was intrigued and decided to check this out. It turns out that this is part of the Confessions of St. Augustine, perhaps one of the most famous theologans in christianity!!! The rest of the corpus is located in the same directory, but apparently not blocked either, but I still find it quite humorous that Symantech thinks St. Augustine to be worthy of censorship. Must be Calvanists and Lutherans, only plausible explanation. :-)
I wonder if their blocking of that all Latin site had anything to do with the frequent recurrance of the word "cum".
Yes, we know that its a perfectly innocent word in Latin (meaning with, when, as, while, since, and although - depending on context), but if they scan the text of pages for keywords, I'm sure "cum" would set off a flag somewhere.
Just a thought. Not so much a defense, as the author said, if they had paid some bloke $10 to just check the blocked sites, they would do a far better job of convincing people they actually care about the quality of their product, which apparently they don't. They're willing to spend more money covering the fact that they don't care about its quality then they probably will on actually improving it.
Typical...sadly.
Tcl my Pico! There are 10 kinds of people in the world: Those who understand binary, and those who don't.
There still are. Check out AntiVir or Sophos. I personally use AntiVir which kicks NAV's ass thoroughly.
I sent the following to Symantec via online feedback forms. We'll see what happens.
/*begin letter*/
y mantec-to-media3.3-1-2000.txt
Product Feedback
URLabs support(They're the subsidiary apparently responsible for IGear)
This is something that should more properly be sent to public relations, but no such email address was provided. Please forward it to the appropriate people.
I have recently been made aware of your company's harrassment of the Peacefire.org group concerning their decryption of I-Gear's blocking list. http://peacefire.org/censorware/I-Gear/igdecode/s
As a customer and longtime user of Symantec Products, I thought you should know that your company's action in this matter has cost you my business. The sort of reverse engineering done by Bennett Haselton is essential to keep companies honest(as the reaction of your company in this situation amply demonstrates). Your attempts to prevent this sort of activity will hurt you in the marketplace, as many, many IT professionals care passionately about issues of privacy, censorship, and the freedom of information.
In the future, I will be buying from your competition, until such time as your company reverses its position on this matter.
Thank you very much,
Brent R Eubanks
"Research is what I am doing when I don't know what I am doing." -- Wernher von Braun
As I had said before, this censor list can be used a "Hot List" of the web. Buy your list here, you will save much time not having to search for porn yourself.
Some companies actually spend time and money checking their list, it may not get all of it right, but it may improve.
But with the list hidden, you don't know if it's valid, since you can't check yourself.
Who will watch the censors?
Fight Spammers!
The truly absurd thing is that Symantec claims that the list of sites the software blocks is a trade secret. Thus, potential customers are not allowed to find out what the software blocks!
"Install our software! It blocks bad sites!"
"Which sites in particular does it block?"
"Bad ones!"
"Which bad sites?"
"We can't tell you which ones, because then someone else might come along and block the same sites."
*wince*
Disney.com!
Blonde Jokes!
I always picture sites like that with sweet little old ladies as moderators. Sitting there, reading the results, reading the query tags. Knitting.
In my mental picture, they just burst into flames!
Bwhaaahahahahaha ha haaaa!
"History doesn't repeat itself, but it does rhyme." Mark Twain
Maybe someone should remind Symantec that the DOJ nailed Microsoft for its anti-competitive business practices. If you open up your MS OS history book to the page describing DOS 6.0, you might remember all those wonderful utilities that were bundled into it. Most, if not all, of those were Symantec utilities. Symantec did this to kill its competitors, Central Point & Fifth Generation Systems, and to dominate the PC Utility market. In fact, Symantec bought both of those companies after the market was saturated with built in DOS utilities and they failed due to the lack of sales. Symantec colluded with Microsoft to gain a monopoly over the PC Utilities market and when they got it, they yanked all their products from Microsoft's operating systems.
This might be a nice threat to pass on to Gordon Eubanks. Behind Bill Gates, he is the next jerk that needs to feel the hot breath of a cellmate down the back of his neck.
Once a company attains "Evil Empire" status in my book, I'm careful not to do anything that condones or rewards their actions in any way.
(Yes, M$ is also in the book...)
Slashdot: come for the pedantry, stay for the condescension.
Haselton didn't publish the encrypted data, nor the decrypted data apart from the 50 URLs he analyzed. He published the code to a decryption program, and a link to Symantec's website to obtain the encrypted data. (Symantec quickly removed the data at the other end of that link - security through obscurity after the horse is gone, to mix metaphors.)
Again - the only thing he published on his own site was the code to do the decryption, and the 50 URLs which he analyzed.
Jamie McCarthy
Jamie McCarthy
jamie.mccarthy.vg
Who the hell blames the axe maker for the axe murder? That's like this crap of people who want to sue gun makers because someone gets shot.
Pleassssseee people!!!
The company has a few mistakes in a couple million address in the data base.. So what?
They just sell the product.. The people who use are responsible for what they use it for.
"I also remember when there was more than just two companies making anti-virus software (Let's not even get into McAfee). "
:-)
There goes my karma, but I feel compelled to mention the fact that Norman, Kaspersky and others are still around.
I'm using the Kaspersky AVPlite for Dos scanner on my Win95 partition. It works great, and AVP scores 100% in the Virus Bulletin wildlist tests time after time. I put a shortcut in my send-to menu with replaceable parameters so I can scan a directory by right-clicking.
Tray-resident monstrosities like NAV and Macafee are designed for people foolish enough to click indiscriminately on anything that comes their way. I don't think that's necessarily a bad thing--I'd rather have them take a performance hit than pass me an infected floppy anyday.
G
"You requested that I send this request in writing" and that's what he did. I don't see the word lawsuit anywhere, although, admittedly, the letter is from their head counsel. It just seems that we're reacting to what will *probably* happen, and not to what has happened so far. I'm gonna go back to snorting my laundry detergent now....
mas cerveza, por favor politically incorrect stu
No, but it is equivalent to allowing anyone to hire chemical engeineers to figure out the formula. And I believe that this is perfectly legal. In fact, it's the basis for the Designer Imposters perfume line (assuming all liquids are entitled to equal protection under the law).
- bridgette
The censorware is not very good, but letting the government regulate is worse!
Fight Spammers!
For most people, I recommend not using anti-virus software at all. AV is a non-solution to something that is mostly a non-problem.
It's a non-solution because most AV software protects only against known viruses, and is therefore useless against anything newer than the most recent signature update you've installed. Of course, the kind of virus you are most likely to encounter is a new one that the virus scanners don't know about yet, so what good is your scanner doing? (There have been attempts to develop techniques of recognizing "virus-like behavior", but the eternal problem with that is that there is nothing that most viruses do that isn't also done by perfectly harmless, useful, legitimate software, especially debugging tools.)
It's mostly a non-problem because viruses just aren't that common and are, for the most part, easily avoided by simply not being stupid. I haven't run an anti-virus package on any of my computers since I left the Norton AntiVirus development team in 1993, and have never been hit by a virus in the almost seven years since then.
It makes sense for people producing executable images of software for distribution to have a scanner handy just to be as sure as possible that the software they're giving out isn't infected, but most of us aren't in that situation.
Btw, the best source for free, up-to-date information on viruses (and even more importantly virus hoaxes, which greatly outnumber viruses) is the Computer Virus Myths web site.
Thanks for the clarification. I should have said "once encrypted contents". My point still stands however. Mr Haselton's publication of the once-encrypted contents along with an analysis of the contents, (not just publishing tools or an alert that the security was weak) suggests quite strongly that his goal was *not* testing security methods but gaining access to secured content. If he had just published the code, he'd have a much stronger argument. The actual number of URLs posted and analyzed is fairly irrelevant. Whether you publish 50 of the URLs or all of them, you have still posted some of the once-encrypted contents, and if the DMCA applies, Mr. Haselton is in legal trouble AFAICT.
--LP
I liked that a Wierd Al website was fourth or fifth on this list. Nothing says "Hot, Nasty Sex" like Wierd Al Yankovic. Oh, Yeah!!!
Its possible that in the next update that this discussion group will be blocked because of our excessive cum lauding.
:)
I think the net should protest censorship by having a metatag with the seven dirty words on every page. I dont know if it would work but I bet my site would get more traffic.
Sites I've found blocked over the past two weeks with ANS Interlock from UUNet.
*.freshmeat.net
*.sourceforge.net
Note, www.sourceforge.net and sourceforge.net were not blocked. However, anything else in the sourceforge domain such as mesa3d.sourceforge.net was blocked by the software. There is no wildcard expression in the sites.allow list to let you unblock an entire domain. This has really given us fits with things like x*.deja.com. It's a real pain in the ass to type
x1.deja.com allow
x2.deja.com allow
etc.......
The one thing that ANS appears to be good at finding is anonymizer sites. Those get blocked about a week after they pop up. Damn, I hate our corporate insecurity policy.
I did the sections on the school board, and the history classes. check out the school board stuff...a little out of date now (b/c i have better things to do then update it ;-) ) but the graphics are pretty neat looking, if i do say so myself.
and to think...we graduate under 50 kids a year heh heh...an alumni organization!
holt
I just called into the local radio show on which the vice-president of Semantec was (WRKO in Boston). What timing! I mentioned that his company was violating its own privacy policy by sending people's real (window's) name back to their servers, and said it was ironic that this was coming from a supposed leader in computer security. I also mentioned how Icrave got it wrong 3/4 of the time. His response was that filtering software gets it wrong about 50% of the time, and that's industry standard, so that's that. He didn't get a chance to comment about sending info back to their servers (we ran out of time), but he asked where I read it. "Wired," I said. The host laughed when I said that Icrave incorrectly filterd out Latin, probably due to heavy use of the word "cum." "Thank's for slipping that in"
Fight Spammers!
www.imsa.edu
if i link to your site and someone who clicks on the link is refused access by igear, then symantic is calling you a pornographer and me a panderer. this is all well and good if true, but if it is false it is slander if spoken and libel if written. this is not acceptable. symantic probably doesn't want you to be able to read a list of people it is actively libeling thousands of times a day for profit because of the propensity of libelees to recover damages after protracted litigation.
Problem - legitamate but embarrassing searches. Go ahead and look for cures for adolescent bed wetting, its just a librarian! Try to find some semi annonymous info on sexual abuse recovery or gay teens. That would be fun. Or just look for info on "different sex twins" for your family topic report and die of embarrassment if someone walks by while you look at a page full of porn site hits.
-Kahuna Burger
...will work for Chick tracts...
I really hope someone from Symantec reads this and realizes how stupid this claim is. Every time i read something like this or something like the whole DeCSS issue, it makes my blood boil! People have a right to tinker with things they own, denying this right basically equates to facism. SYMANTEC: Sorry if your company is "threatened" by someone pointing out your errors. Perhaps instead of being complete walled-off jackasses about the issue at hand, you could use the information provided by Peace Fire to improve your product.
$.02
Um, not to get off topic, but could we please stop pretending that porn is nothing but "nude pictures"? I have heard people compare the range avalible on the internet to a kid being able to read "our bodies our selves" and other such silliness.
If you are pro-porn-choice, be honest about what you are talking about. On line porn includes (but is not limited to) stuff which can be 1. graphicly disgusting (a picture of a man shitting into a woman's mouth) 2. emotionally disturbing (B&D S&M) or 3. humiliating or frightning to those who identify with the subject (teen, pre teen or "oops" sites.)
You do not need to be a puritan to imagine that a kid particularly could be confused or disturbed by such things, especially if they don't have the sort of relationship with their parents which allows them to ask about it and sort out why it makes them feel that way. Now we can argue about what the best way to deal with this is, from better parenting to start out with to censorware, but could we acknowledge the reality of the problem instead of brushing it under the rug? To hear this group sometimes, you would think the porn content of the internet was mildly more raunchy than a display of renisance sculpture. It is unneccassarily insulting and condesending to the people we should be reaching out to, and it prevents rational discussion of solutions that work for everyone.
-Kahuna Burger
...will work for Chick tracts...
not to mention the allergy therapy faq
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
Only for 18 months, but it was long enough. I must say I'm very disappointed in them :-(
- --------
Although I cannot say I actually ever believed that they make very good software, there are a lot of nice people working there. But in the end they are just another American Windows software company, that is, a shark among sharks.
There seems to be a culture clash between the freedom loving, online cyberculture and the older forces of commerce and traditional government. This has been predicted long ago, and anyone could have guessed that the sense of freedom of the Internet would collide head-on with 'old world' ideas and institutions sooner or later.
I think that we need to be strategic in choosing what can be defended and what we can't. Open and free software needs to be defended, free speech, free criticism, nobody can argue about that. On the other hand: porn, violence, crackers, warez etc shouldn't be. Nobody argues about that too.
But there is a large and vague middle ground where things are not so clear. I see people foray too far into that vague space and see them try to defend ground that is disputable at least, and setting up their defence (or attack) there.
In this case, the censor-software breaking, you say 'see this software sucks, see that censorship does not work, it shouldn't exist'. That is very true, and I don't think that you can't block 'bad things' succesfully in the end with this kind of software. But try to understand the confusion and fear, that comes with the Internet. Suddenly, the whole world enters your house, your family. A lot of people are not going to be able to sort the good from the bad, at least in the beginning. They cannot cope with it. Most people are just followers, lost without rules or guidelines. So this censorware is bad, but who comes to the rescue of the worried parents then? Should they just not have Internet at all then? Or are they just being overprotective?
The Open Source idea of 'having a million eyeballs looking at the bugs' could help a lot here. The problem with filters of course, is that they can never catch everything, and always catch what they shouldn't. But a million worried parents, rating webpages into categories, that could actually work. You would need a clever rating system, and just rate a site for what it actually is: educational, commercial, obvious porn, sites about sex but not porn, etc etc. Categories without a moral value judgement, just cleanly categorize it. And of course with a voting system, so that at least say 10 people put some site in the same category, before it actually stays there. Have search engines seek out sites that change, with a crc check, and set up a system where some parent would get a list of a 100 sites, and categorize them, in a distributed system, and then has done his/her service to the community.
Then you have a more or less fair categorization of the Internet, and a parent could then choose a package of things that his children can or cannot see. No porn, no violence, but maybe a yes for sites about coming out for homosexuality.
I see that this might be abused by a government to 1984 its citizens. But a governement could do that anyway, though. China does it now.
You could try to categorize only universally bad things (blatant violence, _commercial_ porno, the Ku Klux Klan (did you know their site runs on Linux, by the way? www.kukluxklan.org), and mark the rest as 'mostly harmless'. I don't know.
I just think that something along those lines needs to be done, because nobody with any sense is adressing the fears of the fledgling millions of new Internet users right now. We could even give this community provided lists to Symantec. That would be quite a shock to them.
-----------------------------------------------
UNIX isn't dead, it just smells funny...
-------------------------------------------------
UNIX isn't dead, it just sme
while posting here is nice, Symantec has numerous places on thier web site ( http://www.symantec.com ) that you can flame them from. Why load up /. servers, when you can stress test symantec, and vent at the same time?
It was Judge Woodlock, in the US District Court for Massachusetts, with a gavel.
Realistically, they do not need to use reversible encryption, instead the software could use a good one-way hash, similar to the standard unix password encryption scheme.
Such a list of URLs could not be decrypted, but would be vulnerable to the same sort of dictionary attack as 'Crack' uses to break unix passwords.
A dictionary attack only works because passwords are limited to relatively short lengths (8 characters on older systems), URLs have no such limit.
If this worked as an incentive for CensorWare companies to block specific (and thus longer) urls rather than entire sites, everybody would benefit.
I do not deploy Linux. Ever.
Could this possibly be material covered under the DMCA? This is not unlike the DVD encryption issue !
I've seen many replies complaining about a 3rd party deciding what defines "obscene" or "inappropriate".
How about a program that allows a parent to define their own list of sites to block. The parent (and this should be the husband, since he is the ultimate boss), would have to look at a continous stream of porn sites and click "yes-offensive for kids" or "no".
He would have to use the program alot to make sure all the bad sites got blocked, but wouldn't the peace of mind be worth it?
If you are a library and don't show one book because of its content, then you are censoring. One book or one thousand, censorship is censorship.
I know our smartfilter blocks out anonymizer and spaceproxy as all of the categories since you can use them to reach sites in any category even if they're blocked. This is fair I suppose.
If you want me to quiet down, you convince Mattel to dismiss their countersuit with prejudice. Then I'd have less to talk about.
Fight Spammers!
Cracking a URL list is fair use for security testing, for the following reason:
Suppose I have a kid who's starting to get computer literate and I decide I want censorware. Well, in that case I would want to know the false positives rate because too many false positives would increase my kid's motivation to try to circumvent the censorware. The more motivation on my kid's part, the more insecure the censorware package.
So yes, Hasselton's actions in my book constitute a form of security testing and thus should be protected.
McAfee's Uses a different method of updating the virus definition files. While Symantec's products do a scheduled pull from an FTP or Web site, VirusScan uses an agent that gets the new file pushed to it, when it becomes available. Alternatively you can manually download the new defs from the mcafee.com website if preferred.
> we'd have to write a Win32 version
Not necessarily - it could be implemented at a proxy server level:
Proxy returns error 666: Site Full of Filth
Go there anyway?
No, I am pure of heart
Yes, I believe in Freedom
Heh, it said 'filth', huh huh. *snicker*
dave
Here's a scary idea ... we donate the money, then Symantec sues, and because peacefire is "obviously" in the wrong ("stealing" Symantec's trade secrets, oh my!), Symantec gets our money (what the lawyers don't get, that is).
No thanks.
Of course, if you ask me what I really think, is that we should start calling the guys that run Symantec names. Clearly, if they had a quality product this wouldn't happen, so that must mean that their penii are small (or whatever).
Ok, rant's over.
"Oh, I hope he doesn't give us halyatchkies," said Heinrich.
Furrfu! Why does plain text filter out brokets?
There should have been [ ] against the options, with the last one selected.
dave
I beg to differ. I too, spent several years in the development side @ Symantec. However for the last few years, I have been consulting on Security (especially AV) and have to disagree.
Striker and Bloodhound technologies do work. They work quite well as a FIRST line of defense against the #1 problem right now. That problem is Macro viruses. 90% of the common viruses propigated are of this type. The other 10% are worms that exploit MS mail clients. To not use an AV system in an Exchange environment is tantamount to suicide.
I do agree that if you are a security concious user (as you are) then you are not likely to need an AV product to scan all your files, only those that are suspect.
Road maps have been known to do that. One MI map had towns of Beatosu and Goblu in OH.
http://www.google.com/search?hl=en&q=%E5%8D%8D&bt
I would guess that you might be able to sue for tortious interference or libel.
But for that, you probably need a lawyer and lots of money.
Fight Spammers!
What's a security system? Something that keeps out harmful or undesirable data and communications? Isn't the blocking software itself a security system? Here's how Secure Computing describes SmartFilter:
SmartFilter can improve the effectiveness, power, and safety of Internet access. This advanced, flexible software adds a new dimension of management control to Windows NT and UNIX Internet servers, firewalls and Netscape and Microsoft proxy servers.
Estimates show that in some cases, up to 45% of employee time on the Web is spent surfing on non-business Web sites. By eliminating irrelevant and unwanted Internet content, SmartFilter can improve employee productivity. It facilitates consistent and effective implementation of Internet security policies and user guidelines. The SmartFilter Web tool can substantially reduce the time and expertise required of vital support resources, the network bandwidth consumed by Internet explorers and the potential legal liabiliby to the overall organization.
http://www.securecomputing.com/index.cfm?skey=85
To keep my kids out of porn, I use a network sniffing tool like urlsnarf (part of sniffit) to save every URL that anyone on our network goes to on disk. I let my kids know that everything they do online will be traced by me, and so far it has worked perfectly. I strongly recommend other concerned parents do the same.
Okay, I will come right out and say that I really don't know much about blocking software. In fact, I have no idea how it is supposed to work. If someone would try their best to enlighten me as to how such a package would decide what is to be blocked and what is okay to pass through?
Ciao
nahtanoj
Congratulations, Symantec....you suck.
Now, you're on the blacklist. Your products will be removed, and not purchased in the future.
(4) Currently blocking software dose not work and people will eventually figure this out, so we could patent all the workable blocking software technology to prevent anyone from using it (maybe let the ADL use it if we must let someone use it). The list of things we should patent include:
:)
(a) All applications of artificial intelegence to scanning content either from the blocking software OR to create a master list. I am including simple search applications like looking for fleshtones commonly found in porn. I am also including the idea of using a combination AI / human interface where the AI flags the human and lets them check the content.
(b) Patent the simple protocoll ideas, like online blocking list updates and special codes the porn sites can give out to help the blocking software avoid them. Also, patent the buisness model ideas like using a common blocking standard which many diffrent groups can provide lists to. Note: I realise that there is prior art for some of this, but that did'nt stop amazon..
It would be really cool to kill this industry with software patents! Unfortunatly, this takes a lot of money. It might be possible to work out some deal where joe hacker submits the idea, the ADL's blocking software company foots the bill, and the EFF/ACLU controls everyone else access to the patent, i.e. get the anti-Nazi people to pay for it in exchange for being the ONLY blocking software which is allowed to use it.. and they would hopefuly not be permitted to censor anyhting but hate speach. It's not an idea situation, but it might be the only way to get the patents paid for.
Plus, it might make more people understand the problems with software patents (and intelectual property in general).
(5) We need to produce hard evidence that human censorship methods (i.e. the librarian ask someone to leave when they cause a problem) are more effective then blocking. There are a variety of variations on the human sencorship method, including having a flshtones alarm (or slide show) on the circulation desks computer which scans the web browser caches, but they all havethe property that they block a MUCH larger percentage of porn then censorware dose.
We also need to point out that human censorship is the ONLY thing which wil block the kinds of things that the AFA uses to drum up support (like someone changing the background to porn).
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
My proposal considers this completely. First, the blacklist is open, you can see EXACTLY if your web site is being blocked; grep comes in handy there."
Did you read the article? The blacklist is encrypted, poorly admittedly, but GREP may not do you much good.
By the time you know what's happened, you're out of business.
unless they also block that too...in which case you can use
http://www.80s.com/Entertainment/ValleyURL/
which should do the same thing, except like totally in valley speak (oh my gawd!) Anyway that may help...
mcrandello@my-deja.com
rschaar{at}pegasus.cc.ucf.edu if it's important.
After serious thought, I'd like to offer up some information on what is happening.
In 1998 the Gartner Group put out a report that basically re-defined the security marketplace. Symantec saw that it had no product for consumers or Corporations that would do content scanning and URL Blocking (These are the Gartner terms).
I was charged with evaluating every sever-based solution on the market. After several months, my research had found that I-Gear was the most advanced solution on the market (and still is). Hell they even had a version out for Red Hat Linux over a year ago. So the deal was hammered out, and Symantec acquired UR Labs in Virginia.
Now I-Gear and Mail-Gear (the companion mail product) do blocking based on URL lists and a heuristic engine that examines the text content. Now comes the zinger: It is completely end-user customizable. You can block URLs, you can explicitly allow access, you can have different user accounts/ groups/ and individual rules for each person, even different rules based on time and day!
This product enables sites (this is a web proxy, not a desktop product) to set security policies as they see fit. The courts have already proven that a corporation can choose what sites to allow their employees to visit. I see no issue in this whatsoever. If a site is inadvertantly blocked... then ask the admin to allow it, don't go kill the manufacturer!
Now I DO NOT agree that the URL lists should be hidden. I left Symantec soon after the acquisition because I didn't agree with the direction that they were taking. I had the pleasure of talking with Bennet while staffing DEFCON, and agree with the tenents of PeaceFire, if not their practices.
What it boils down to is that filtering is not an out of box solution, but it is viewed that way. Similar to a Firewall or Mail Server, the default config isn't going to suit every company's individual needs and tastes. PeaceFire should work with vendors of server-side filtering products to increase awareness about the need for proper administration and vendors, such as Symantec, need to realize that cease and desist letters are not the best way to iron out their differences.
- This is is a copyright violation issue. The list of encrypted URLs was posted. This is copyright material. Period. To its credit, Peacefire has removed the link, which satisfies this complaint. But Symantec still was in the right here.
- This is definitely also a reverse engineering issue. Symantec clearly stated in the letter that Peacefire had not been given "permission" to decode the list. In this regard, this does become a sticky legal issue that Peacefire is correct in raising.
- Privacy: Symantec is violating its privacy policy. However, as Peacefire states, the software was manufactured by URLabs, which may have had a different policy than Symantec, so we must be careful in claiming malice on their part. The violation must still be corrected though.
However, Peacefire, and everyone here on Slashdot, is immediately jumping on the "Symantec is evil" bandwagon, where in reality Symantec in the letter did not mention, at all, the claims of failure rate. Symantec clearly stated concerns over a valid copyright violation, and a legally debatable claim to prohibiting reverse engineering.Yes, you can extrapolate that Symantec is not happy with this disclosure. But just blindly posting parts of their code was stupid. To say in this article that Peacefire clearly did not post copyright material is WRONG and muddles discussion of the real issue, which is simply reverse engineering. A valid, important issue, worthy of discussion, no doubt. But as with so many other things on Slashdot, people are quick to jump to conclusions without thoroughly reading what has actually happened.
----------
In a real emergency, we would have all fled in terror, and you would not have been notified.
>It's mostly a non-problem because viruses just aren't that common and are, for the most part,
>easily avoided by simply not being stupid. I haven't run an anti-virus package on any of my
>computers since I left the Norton AntiVirus development team in 1993, and have never been hit
>by a virus in the almost seven years since then.
This strategy may work for you, but for the vast majority of users out there it's not an option. Sure, you can disable MS Office macros and that's 90% of the problem. And you could run only shrink-wrapped software to avoid executable viruses. Most people tend to be more "promiscuous" about sharing files. Even if you are careful, as a Windows users you will always be running untrusted binaries on your computer (don't forget about data-mining trojanware like Realjukebox and the Win98 Registration wizard).
You do have a point though. The antivirus companies do keep users on an upgrade treadmill of endless virus updates. Very much a dealer/junkie relationship. Under this revenue model there is no incentive to develop "smart" virus protection that doesn't need continuous updates.
On a side note: vfind is one of the lesser known products, and it claims to detect viruses by actually examining code.
Here at UC Berkeley, I have been called "racist" because I am opposed to Affirmative Action. This system won't work because the standards are no defined. Even if they seem very clear to you, or to me, they also seem very clear to the people whose opinions differ widely from yours.
The only solution to this sort of system is based on automatic matching of your opinions to those of individual moderators. For example, you moderate 10 pages a day. Over time, the system can determine how you would moderate a page based on the similarity of your moderation to other moderators, and can block pages based on criteria you specify.
So, for example, I would agree with those moderators who moderate child porn as "obscene", but would not agree with those moderators who moderate Anais Nin as "obscene", so my browser could tell me "You will probably find this page obscene. Continue?" before displaying it. Or, I could configure it to block such sites if my kids (maybe such a system will actually be functioning before I have kids) are using the computer.
If I'm a puritanical christian, maybe I agree with other puritanical christians, and my software will block damn near everything. The key is that it's using the same system.
The same system could also be used to rank results in search engines, for example, and I could ask the computer for recommendations on some new fiction based on what other people with my taste recommend. Assuming suitable go-betweens to preserve privacy could be established, it could be the world's first successful computer dating service.
--Kevin
I don't agree that such a law would be "just" or even practical. In the same way that you have a right to view whatever material you like on your computer, others have the right to block content *on their own computers/networks*. The law should not interfere with any of these rights. It sgould not tell you what you can and cannot be allowed to read, neither should it tell others what rules to impose or not impose on systems they own. That is the basis of freedom: freedom of speech and property rights. Both are required.
The real issue here is something different than censorship. Haselton found that Symatecs list of offensive sites stinks, and published his findings. Symantec is not pleased with the bad publicity and sues Haselton for the way he got that list in the first place. They may be within their rights (IANAL, thank god).
What you should (always) ask yourself is: do I want to do business with a company like Symantec that a) uses legal pressure tactics like this and b) produces such a shoddy product? Or, should I convince my ISP / university / library to no longer block offensive sites, or perhaps use better blocking software? THIS is what is called making an informed decision. That's why open source is such a great idea: you can verify the quality of the goods yourself, to the last detail. Your suggestion of having censorware compile a central list of sites that were actually blocked is a good one, and would make the quality of the software verifyable. But it should not be made into a law
IMHO a good law would be one that adds quality control to the list of valid reasons for reverse-engineering.
100% is not "fair use". That's more like "theft".
Mendax Veritas dun said:
Well, they aren't the only ones in the market, really--F-Prot, which comes in two different flavours (the Data Fellows "Finnish Mix" and the Command Software "British Remix"), is damned good, beats the pants off of both McAffee and NAV, and hasn't been bought out by either company (largely because at least Data Fellows also sells other security software like firewall programs, SSH clients and SSH servers for NT, etc.). Also worth noting is the Best Damn Antivirus Software Money Can Buy (according to alt.comp.virus--and by the way, it's not just antivirus writers who hang out there; there are a fair number of virus coders who hang out there as well), AVP...hell, they've even got a version for Linux for folks who run servers (who want to scan the stuff they're serving for Nasty Stuff).
By no means are you restricted to what Network Solutions or Symantec have to offer. There's other stuff out there that's actually better but less well known about (wow...kinda like BeOS and *BSD and Linux, eh? ;).
I wouldn't say it's entirely a non-problem. In a home environment, with a clueful user who doesn't download strange binaries without checking the source twice, and especially if he's using an OS for which very few viruses exist (such as BeOS or Linux or *BSD)...and more importantly anymore, never uses certain office suites out of Redmond with extensive macro capabilities including hooks to Visual Basic (which has hooks to system calls in Win32) nor uses programs with extensive HTML and Javascript capability to read email, then yes, it'd be a non-problem.
There are cases where it could be a problem, though. Say...work environments that have to use Office 97 and accept Word and Excel documents from Goddess-only-knows where, or home users who dabble in warez because they don't feel like paying $200 for the latest killer game, or work environments where people take stuff from home and put it on the boxes, or people who are new to the net (and don't know about stuff like Good Computer Hygiene) and get offered this "cool South Park screensaver" from an email address that belongs to their friend on the net (and they are completely and utterly unaware that said program is in fact the "Pretty Park" trojan/worm that mails itself to everyone on your Outlook Express address list)...in those cases, yes, it could be a problem.
Now add in those folks who have to take home stuff from work. Now add in the number of folks at work who are the clueless folks who will blindly run that "Pretty Park" executable, and/or have warez'd copies of Diablo, and/or take stuff to work to show folks how "cool" it is...and you have to take Word documents home to work on them, or Excel spreadsheets...and think of all the OTHER companies your company might be sharing Word documents with...'s pretty scary, really, if you think about it.
I'll touch some more on this below...
By and large, antivirus software isn't for us who know how to use debugging tools :) It's for folks who might be new to computers, or who have to take stuff home from work and run it, or who might want to be double-safe that the program they just downloaded doesn't have anything nasty in it.
Yes, some TSRs and some programs will cause antivirus software to hiccup. I'll also note that these are (in the case of most folks--not necessarily us techy ones) few and far between. It also depends specifically on the heuristics that the program is looking for--I've heard that Norton Antivirus tends to give quite a number more false positive alarms than AVP or F-Prot do, for instance (in fact, on alt.comp.virus it's recommended that if you run Norton or McAffee Antivirus (another AV program bad for false positives in heuristics mode) you double-check it by running F-Prot or AVP in heuristics mode because the latter two programs are far less susceptible to false positives).
As it is, for binary viruses and trojans heuristics can work well; for Word macro viruses (which are the single largest category of viruses today, by the way) they're nearly foolproof. As Word macro viruses are a far worse problem nowadays, this is probably a Good Thing.
I'll assume you practice Good Computer Hygiene (not downloading strange binaries, etc.) I do have some questions for you, though...
Do you run Microsoft Office? Do you accept Word documents from possibly untrusted sources? (The single largest category of viruses and worms, not to mention the one with the most growth by far, is Office macro viruses and worms (especially Word macro viruses which often are also worms in that they have specific hooks to common mail applications to enable spread by email)...in 1993, Word macro viruses were literally unheard of. The first "proof of concept" Word macro virus appeared in 1997, and eventually spread to the wild. A year later there were over 200 known Word macro viruses, and the first Excel macro viruses were known. In 1998-ish the first known Word macro worm was discovered. As of now (early 2000) there are over four thousand Office macro viruses (the vast majority Word macro viruses, and a fair number of which can be considered worms as well; more than a few also are "droppers" for destructive payloads), depending on whom one is talking to (some would put it higher, some would put it closer to two thousand)--literally more Word macro viruses and worms exist than binary-based viruses at present, and it is becoming a fairly serious problem in businesses (a Word macro virus/worm brought the email systems of many businesses to a screeching halt last year because of all the load--one of those companies just happened to be [ironically] Microsoft). The largest portion of databases for antivirus software are for Word macro viruses; I suggest you take a look down at Data Fellows' virus-lists and see just how many have the little prefix "W97/M" (Word 97 macro virus)...it's really a staggering number. Binary-based viruses like CIH are by far the exception now; most folks doing viruses are either working in Word macro viruses or are working on worms (such as mIRC worms, or trojans that are worms such as "Pretty Park").
Fortunately for antivirus software authors, most Word macro viruses have specific infection routines and use specific Visual Basic calls (Microsoft, in its infinite wisdom [HAH!], decided to allow one to use Visual Basic hooks in Office macro code...which is a security disaster waiting to happen, as Visual Basic has hooks into the operating system itself) to do nastier things (like the "propogation behavior" of Word macro worms, or droppers for destructive payloads for the nastier Word macro viruses--in a way, they behave more like trojans than viruses), so it's pretty easy to kill such things with heuristics. (It's also pretty easy to kill such things if you don't enable macros, or you use stuff like StarOffice to read the file. But that's another issue :)
(Unfortunately, it seems the bulk of the business world not only uses Win95/98 or WinNT, but also Office, and also Outlook Express--which helps Word macro worms spread like wildfire through a network (by the way, Word macro worms are having the same growth Word macro viruses had in the beginning, and some have been found with destructive payloads--things are going to get interesting indeed). Even worse, Word macro viruses are cross-platform--they can infect Word on Winboxen, Macs, and presumably any other platform that can run Microsoft Word and/or a word processor that recognises Word documents and Word macros (fortunately, most of the Word macro worms can spread only under WinXX and largely only if Outlook Express exists as a mailer, though some can also use Eudora [the other big mailer], but I don't expect this to last very long--and the Mac users can still infect documents with the worms).)
Do you have to share computers at work with anyone? (Their computer could be crawling with viruses. Just because you don't do anything stupid doesn't mean your co-workers won't.)
Does your workplace have a strict "no-files-or-disks-from-home, no-programs-from-home" policy? (If not, they're wide open unless they're using a scanner. Again, you might practice Good Computer Hygiene, but others won't necessarily do so.)
If you do consultation work, are all your boot-disks and install material on non-writable media like CD's? (If they've got a boot-sector virus, they can infect ZIP disks and floppies.)
Are you absolutely certain that all of the software you get is virus-free? (About the only way you CAN be certain is if you compile and run it yourself--and even then, if the compiler itself has virus code, you still might not be safe (cref. a proof-of-concept of this where hidden backdoor code was included in early C compilers for Unix--if code was removed, the compiler simply reinserted it at compile-time; the only way to remove it for certain was to compile from a known clean copy, and reportedly the backdoor generated WAS used a few times). Commercial software has been released accidentially with virus code before (most infamously, a demo CD included with a PC game magazine that was infected with CIH); hell, computers have literally come preinstalled that had viruses (there was a rather infamous case where either Dell or IBM (memory fails me on which one) actually sold some laptops which were infected with CIH--it turns out that the standard disk image used to copy the OS and apps onto the drives had been infected with CIH somehow). There are now known worms that can infect a computer using Outlook Express (with HTML and ActiveX extensions turned on) without even opening the mail itself (just by previewing the mail). Most Internet worms propogate themselves anymore by sending copies to everyone on an address-book list in email clients (the vast majority of Word macro worms, and even some "trojan" worms like PrettyPark), or by mass-DCC send (most mIRC worms propogate this way--the worms take advantage of insecurities in mIRC scripting language).
Do you serve files for other people? (If so--even Word documents--if you don't check them before offering for download, you may unwittingly pass along infected files. Again, infected files don't even necessarily have to be binaries anymore--the vast majority of viruses anymore are Word macro viruses and worms, and the few actual binary viruses tend to be spread either through warez or as "trojans" or worms.)
You see...it's not as easy keeping virus-free as one thinks. In fact, if you accept foreign Word documents at ALL and don't have either a damned good virus-scanner or macros turned off completely, you are essentially wide open to getting a rather nasty case of computer VD. Even more so if you use Outlook Express, or (God Forbid) accept attachments of *.exe or *.doc files in email, or accept HTML-email or have Javascript or ActiveX enabled in your email browser.
1) Even commercial software has been infected--there is more than one documented case of this.
2) As stated above, things have changed a LOT in the world of viruses since 1993 :)
2a) The major problem, with rare exception (CIH, which really is novel in that it attempts to over-write BIOS info in boxen with flashable BIOSes), is not binary-based viruses like Stoned or Jerusalem (the two biggies in 1993, by the way). The biggies, by far, are Word macro viruses (literally more Word macro viruses exist now than binary ones exist now or in 1993, a fair number have nasty droppers or destructive payloads, and an increasing number can also be classified as worms as they propogate through vulnerabilities in a number of Internet programs [a short list--Outlook Express, Free Agent (Usenet client), Eudora, etc.]).
2b) With the exception of CIH, the major problem with malicious binaries isn't with viruses anymore but with Trojans of various types. The vast majority of these may be classified either as worms (i.e. PrettyPark.exe, the latest in this line) or as attempts to pass off Back Orifice (a program designed by Cult of the Dead Cow to spotlight rather serious security flaws in Win9X, and which can be used to remotely control another computer--often without the victim knowing, as Back Orifice hides its processes and tries to make it difficult to uninstall).
3) The single largest increase of ANY viruses or malicious programs today is in the form of worms. Many of these worms are essentially multiplatform and the vast majority target the single largest used office suite in businesses today. Many of these companies must share Word documents and other traffic with other sites, often untrusted traffic. In a way, the Internet has been the best thing since sliced bread for propogation of viruses (keep in mind, too, that when you left Symantec the vast majority of "program trading" was at universities and most of the "warez" traffic as well as virus traffic was at universities and on small, members-only BBS's; there were still roughly an equal number of *.edu and *.com sites online, the plague known as AOL had yet to hit the net (that occured in 1994 or 1995, and AOL has always had a wee bit of a script-kiddie/V/C community), and the Internet had NOWHERE near the penetration it has now--it was next to impossible for worms to spread the way they do now, much less Word macro viruses (again, keep in mind that macro viruses of ANY kind were unheard of before 1997).)
4) In 1993, a lot of companies still used dumb terminals or didn't have much computer access. Now, a large number of folks have computers--frequently connected to the Internet--and they frequently have to take home work and such. Many of these folks don't practice Good Computer Hygiene--they run programs their friends send them online (unaware that many worms use address-lists specifically to propogate), while spreading rumours like "Good Times" because they literally don't know any better. Sometimes this even extends to the folks running the boxen--a number of sites use NT or even Windows 98 to administer networks, and many of these folks don't use proper security precautions (like not allowing executables to be installed, etc.). 5) The fact that so many folks ARE on the net with Win95/Win98 boxen has to be a major factor in how viruses are spreading, and especially worms (which had pretty much died out in the days of tht Morris Worm and WANK-Worm until Word macro viruses started coming out). Win95 and Win98 are notoriously insecure--in essence, everyone (even on a multi-user system) has root/administrator access, most of the Internet applications for these systems--especially those from Microsoft--are not exactly designed with security in mind, the major office suite for these boxes (Office 97) has major security flaws in its scripting language insofar as using it in a networked environment...the major scripting language for Microsoft-based Internet apps, ActiveX (which has even been incorporated into the OS in Win98) is so insecure that nearly every security site recommends disabling it...also, Win9X is designed for people who are complete and utter computer virgins, who aren't going to know about computer security and who are lucky to know how to install a program without some kind of installation-wizard. It's an OS designed for the clueless, and it's user-friendly to the point of sacrificing security...it also doesn't help that Internet apps (by and large) were actually an afterthought to the OS, added when the Internet exploded in popularity (especially the World Wide Web).
I'd even go so far as to say that, as designed, Win95 and Win98 are outright unsafe to use in a networked environment without some sort of protection both against malicious programs and scripts AND against malicious parties trying to gain outside access. Win9X was not designed as a multi-user, networkable OS; it was originally designed as a home OS for the newbie user who needs stuff to be point-and-click simple, and networkability was an afterthought added when Microsoft found out people actually wanted that Internet thing. Security has always been an afterthought, if it's been thought of at all; to make it secure actually requires either add-ons (like antivirus software and intrusion-detection software) or keeping it off a network period. Yes, security really IS that bad with Windows9X. (NT and Win2000 are considerably more secure, but that's partly because they were designed as networkable OS's and they do have security features in light of this. They are also somewhat less user-friendly, especially in tighter security settings (many WinNT sites have EVERYONE with admin access because some things become unusuable in lower settings).)
It's not just the Microsoft apps for Win9X that have security bugs, either--the whole idea of running untrusted apps is a Bad Thing (there REALLY needs to be a "sandbox" area for untrusted apps; moxe *nixes do this with multiple users and security settings, and Java does it by running it in a virtual machine with no direct hardware access). Eudora has had serious security bugs that worms exploit. mIRC, a major IRC client for Windows boxen, has had periodic troubles with script worms (in fact, before Word97 worms became popular, mIRC was the major target of worms on the net). WinGate, a popular telnet server for Windows boxen, is so horribly broken that early versions have essentially no security whatsoever and can be used as an anonymous relay host by Bad Folks because it has no logging whatsoever (and it HAS been used like this by Bad Folks, which makes it a MAJOR pain in the arse to try to track them down). Most FTP servers for Windows boxen can be cracked. Nearly any Internet-capable program for Windows can be made to cause the system to crash by simply sending "file://C|/con" (with HTML browsers and email clients that parse HTML like Outlook Express and Eudora), or requesting "C:\con" (with FTP clients)...hell, you could probably write malicious ActiveX code to do the same thing, or add that as a dropper to a Word macro virus. This is partly the fault of the programs, but it's partly a sign that the OS in and of itself is horribly mis-suited for network use.
In short, there've been a lot of deep, almost fundamental changes in the world of viruses and malicious code, and more importantly, the dominant means by which they spread and the dominant "host" they breed in to begin with.
I wouldn't say virus myths outnumber actual viruses (I think the number of Word macro viruses slightly beats the number of variants of "Good Times"/"Jessica Maddick", etc. :) but Kumite's a good site. (Hell, I recommended it in my last post. :) There IS bad stuff out there, though (especially if you are misfortunate enough to have to use Win9X + Outlook Express + Office 97) and "computer condoms" never hurt. "Computer safe sex" (and yes, I posted a number of tips for that too) never hurts, either. Combine the two and you shouldn't have trouble. :)
-Windigo The Feral (NYAR!)
Lest people think that the Symantec corp's involvement in a censorship campaign is anything new, I want to point out that CENSORSHIP is nothing new to Symantec -
Case in point :
Sometime last year, when I found out that the OPTASM compiler - those of you who were from the _old_ world of 16bit dos/win3.1 may still remember the wonderful things the OPTASM compiler could do - is currently owned by the Symantec corp., and since Symantec is NOT selling OPTASM anymore, and is NOT interested in upgrading the OPTASM compiler to the 32/64bit world of today, I wrote to Symantec and request that they release the OPTASM compiler to the public domain, either on a GPL or related license, so that the world at large can benefit from some of the wonderful techniques that many people have enjoyed.
Do you think this is a reasonable request?
I mean, the Symantec corp isn't selling OPTASM anymore, and not selling OPTASM means they are NOT making any money out of OPTASM anymore, and they do not have ANY PLAN to introduce an upgrade version of OPTASM,
So, my asking of Symantec to release the source code of OPTASM to the world should not be treated as an unreasonable request, right?
But to the Symantec corp, it isn't so.
They have stonewalled my request, and when I post my messages on Symantec's website forum, the Symantec Corp CHANGED THE ENTIRE FORUM and DELETE EVERY SINGLE MESSAGE THAT I HAVE POSTED !!
For the life of me, I do not know why Symantec wants so much to hold on to OPTASM - as far as I am concern, something that MAKES YOU NO MONEY is something that has NO VALUE, and something that has NO VALUE is something that can be consider as JUNK.
And if someone ask you to release the sourcecode of that junk, if I were Symantec Corp, I would do it in a martian minute !
I mean, why not?
If something is already NO VALUE for me, and if my release of the sourcecode to the world will give lots of GOODWILL, I would do it.
Apparently, Symantec doesn't operate that way.
They want to hold on to EVERYTHING, and they will go to the length of CENSORING other people to attain their goal of DOMINATION.
And about DOMINATION - I just don't know just what the hell that is worth Symantec's effort (including censorship) to dominate...
If it's MicroSoft, I can foresee that there _IS_ still some value to their Windoze code. But OPTASM, the 16bit assembly compiler?
C'mon !
Muchas Gracias, Señor Edward Snowden !
The Internet is great, but now we're seeing the underbelly of the United States of America. Nowhere else in the world would such an issue foment so much hysteria. It's the Clinton blowjob all over again - and this time the world is laughing again - or even worse, maybe it's crying. Americans: grow the f+ck up!
Dang, I coulda sworn it was the top 50.
Well, I still stand by the first point, that you can't just scan real quickly, and to do hundreds would simply take too long.
Sorry 'bout that, chief...
--
Infuriate left and right
I don't think every censorware company is inherently evil, I just think they want to cover up the fact that they didn't have enough foresight to not jump on that bandwagon and make some money.
Mankind has always dreamed of destroying the sun.
Hey! Symantec should be the one to talk about breaking encryption! They do it all the time by reverse engineering viruses. Hey! now where did I put those virus programs? :) So does this mean if I come out with a competing anti-virus program that I'm in violation of their patent/encryption anit-virus program? Hey! I've reversed engineered the virus myself too and have used the same solution - since that's the only one that'll work. Maybe they need to license the virus algorithm from the person who invented it! Otherwise, the virus writer should sue them for violating their trademark, copyright, patent, virus algorithm without permission (under DMCA, UCITA law of course).
a) Dont get into trouble because of premature drinking.
b) Grow up to a person able to make his own wise decisions.
The same goes for porn. I dont want him to take sneak views of porn since I would punish him if I caught him. I want him to realize that porn is a relly perverted form of sexuality, and that by looking at a porn site he is supporting a really dirty business.
If I caught my teenage son watching porn I would not punish him. I would simply ask how he would feel if it was his sister or friend on that picture.
I really don't think that porn hurts the viewer much. (and the very young children accidentally exposed to porn will simply not understand what they are seeing) It *does* hurt the people involved though. *That* is why I'd like t block it. I dont want them to get any ad revenue from me. Period.
All opinions are my own - until criticized
I checked out one of the sites identified as correctly blocked. It contained some shots of a movie actress posing topless. Playboy established that this was not pornography about 1954. Our would-be censors are clueless as well as mistaken. Parents should explain to their children why some material is objectionable, and viewing it is a waste of time. Companies being censored should sue the censors, but stupidity is not yet a crime. If it was, censor executions would be the next great TV show.
Here at UC Berkeley, I have been called "racist" because I am opposed to Affirmative Action. This system won't work because the standards are no defined. Even if they seem very clear to you, or to me, they also seem very clear to the people whose opinions differ widely from yours.
I don't see this as a problem. There would have to be more than one category of racism reflected in the label set. Even if there wasn't, articles arguing against affirmative action will either be clearly racist or they won't, depending upon the tone and the arguments employed. "Moderators" applying labels incorrectly would be caught sooner or later. And end users attempting to filter out racism will at least be spared the worst of it in the meantime. At the end of the day, I'm not trying to imagine a system that will render invisible all traces of a given idea - just one that will filter out chosen categories of content that are likely to offend certain people.
So, for example, I would agree with those moderators who moderate child porn as "obscene", but would not agree with those moderators who moderate Anais Nin as "obscene"
Of course, work needs to be done on selecting an appropriate set of labels. Labels which imply a value judgement must be completely avoided: the definition of "obscene" depends entirely on who you are. Definitions of Mild, Explicit etc. need to be commonly understood from an openly published and clearly precise set of guidelines. Probably a numeric rating system for each category would be more useful, as Kesh suggested in this thread.
I don't know what Anais Nin has to do with it (excuse my cultural ignorance!), but what most people understand by "child porn" might well be labelled as:
"Entertainment+ExplicitChildSexuality+Graphics"
And filtering out all kinds of genuine child porn, without blocking discussion of Nabokov's "Lolita" and other similar literary works could be done using my scheme like this:
"FILTER *ChildSexuality UNLESS Mild AND Literature AND NOT Graphics"
It seems to me that the system could be as flexible and precise as we make it to be.
Consciousness is not what it thinks it is
Thought exists only as an abstraction
WARNING!!! WARNING!!!
Moderator SOH (Sense of Humor Failure) detected!!
Asshole moderators... moderate this down too then.
PF wrote a sensationalistic article the type of which has become comonplace on the internet when it comes to privacy. The reason the article was written was a complaint about a marginal infringement on user privacy. The bottom line is, most people register all of their software programs with the same name, which isn't necessarily their real name. The reason why PF went into the discussion about the blacklist was to enrage the readers before they came to the marginal offense to the point where it didn't seem mariginal anymore. First off, after looking at all the sites, with the exception of a few, which is normal when building a large black list, they were all legitamate blacklists. They mostly contained lists of or referenses to sexually explicit material. Now anyone who is going to purchase this product is already agreeing to err on the side of caution and understands that they are oing to miss out on some legit sites. Second of all, even if all 38 were "invalid", they only looked at the first 50. Had they looked at the entire list, with an unbiased eye, they would have seen much better results in the long run. The bottom line is, though Symantec was wrong in taking the NT reg name instead of its own, it hardly warrents such a vicious attack. I also don't agree with the steps Symantec tried to take to get rid of the article, but the bottom line is, it's no different than the numerous articles out there that rip the open source community by showing how poorly designed open source projects are hacked and therefore open source is evil.
Why is it that people always hear what I say, and not what I mean?
They just seed their lists
with bogus names and addresses; if someone's mailing hits a bunch of them, they know that someone was using their list (whether they paid for it
or not). Symantec could easily salt their lists with a bunch of bogus URL's designed to fingerprint it</I><BR>
<BR>
But such "bogus URLs" has better have a real webserver on the end of them. Otherwise it would be rather trivial to get them removed. Maybe all these "false positives" are there for that reason...
Let's leave aside the fact that these filters cannot screen out all offensive of obscene material. Let's leave aside the fact that these filters accidentally screen out legitimate material. Let's leave aside the fact that filter vendors maliciously filter out information that reflects badly upon their companies. Let's leave aside that filter software is designed and promoted by philistines. Leave all those powerful arguments aside.
The world is a dangerous place. Information is powerful, and as a corollary some information is dangerous to the unprepared and immature mind. Unsupervised Internet (IRC in particular) puts children in contact with strange adults, many of whom are malicious.
People who advocate filtering software are promoting a dangerous illusion: that we can abandon our laborious and difficult role as protectors and guardians of our children to some kind of convenient technological quick fix. I do not let my children play on the Internet unless I am playing with them. I seldom even let them watch commercial television unless I am sitting right there to deconstruct the program and the advertisements for them (I'm working on raising some major contrarians).
As they get older they'll sneak around this, but sampling the forbidden fruit is a time honored ritual of becoming and independent adult that harkens back to the days of the dime novel hidden in the corn crib and the dirty magazine tucked away in the treehouse; it seldom damages when the child has the cognitive ability to circumvent vigilant parenting.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I'll shoot *anyone* who tries to make a play on words regarding the phrase "summa cum laude".
OK. I've understood everything.
666 is sex, sex and sex !
(there is another theory about that:
http://www.fourwinds10.com/phb/666.htm
)
So if Symantec blocks my site because they think it's "bad", then THEY own the copyright on MY URL?
I think NOT!
If anyone owns copyright on the URLs (dubious), it's the owners of the pages. And Symantec is in violation.
Symantec doesn't own the copyright on each individual URL, as individual URLs. It owns the copyright to an encoded list of URLs which is part of their program. This is what was published.
----------
In a real emergency, we would have all fled in terror, and you would not have been notified.
That's debatable. Copyright is to protect creative effort, and courts have decided that automatic generation of data is not protected by copyright. That why people can take the phone book, scan it in, and put it on the net.
If the url list was created by a program scanning for words, even with manual modification it may not be legally copyrighted.
I'm not a programmer, or else I'd take a crack at it myself, but if the community's against blocking software why not create a GPLd free version and set up a site where people can submit URLs to be added to the blocklist (via automatic update) subject to vote or some other type of approval process?
You could even use more realistic content types to choose from when configuring the software.
If there's already a package like this out there, please someone let me know.
First, I may not have been in AV development since '93, but I haven't been ignorant of developments since then. I do know about MS Office macro viruses, HTML-embedded viruses, etc. (Last year, our office got hit by Melissa. Needless to say, all the people who got it were running either Norton or McAfee, but of course the scanners were useless because they didn't yet know about Melissa.)
One can easily resolve the MS Office problem (and still use MS Office, which, of course, is a problem in itself for a variety of reasons) by disabling macros. Similarly, I have Outlook Express configured to treat incoming mail as if it were in the IE "Restricted Sites" zone (which I have customized to totally disable ActiveX, Java, cookies, and scripting -- IMHO, HTML in email is only for text formatting and hyperlinks, not active content).
I also follow a variety of other security-conscious practices, such as write-protecting diskettes, configuring my machines to boot only from the hard disk, not running binaries obtained from untrusted sources, etc.
One might observe that this is a lot of work to go to just to not have to use a virus scanner. Sure. But the point is that it is quite possible to be safe without a scanner. The worst problem is Microsoft's stupid security defaults, which are equivalent to a large sign saying "Shoot Me".
I want to respond specifically to this statement:
The thing to understand is that the Preview pane in OE opens the mail. Don't think, as your statement implies you do, that previewing a message in OE is any different from viewing it in a separate message window. This is the great danger of the Preview pane: it makes it absolutely impossible to select a message without opening it at the same time. And of course you can't delete a message, or move it, without selecting it. The moral of this story is that if you have scripting and the Preview pane enabled in OE, you are risking disaster. (Of course, by default, both are enabled.)Labels which imply a value judgement must be completely avoided: the definition of "obscene" depends entirely on who you are. Definitions of Mild, Explicit etc. need to be commonly understood from an openly published and clearly precise set of guidelines.
My point is that even fairly reasonable people may honestly believe they are applying objective criteria, when in fact, different people will see things differently. To use the racism example, a recent article in the Daily Cal quoted a black high school student saying something derogatory about the "white kids" at her school. It was mild, but a reader wrote in to comment on the fact that this was accepted but if the races had been reversed, it would have been labeled as racist.
I'm not saying that the lines are vague. I'm saying that there are many categories where one person will be 100% sure something should be labeled one way, and another person, also fairly rational, will be 100% sure it should be labeled otherwise. And these are frequently the criteria that would be most relevant to blocking. Everyone will have similar opinions about whether a page is about cars or computers. People will not have similar ideas about whether a page is "explicit", whether a given JPEG is art or pornography, or whether a page promotes drugs. Is Naked Lunch literature or pornography? How about Anne Rice's Exit to Eden with content as explicit as what you would find on the newsgroups, but also literary value as commentary on the impossibility of finding real gratification in debauchery (but much more so the former than the latter)?
This is why we need many moderators, and the ability to define your own effective moderation as a function of all the moderations.
--Kevin
I'm saying that there are many categories where one person will be 100% sure something should be labeled one way, and another person, also fairly rational, will be 100% sure it should be labeled otherwise. And these are frequently the criteria that would be most relevant to blocking.
[snip]
People will not have similar ideas about whether a page is "explicit", whether a given JPEG is art or pornography, or whether a page promotes drugs.
I do understand what you are saying. But there are ways to get around these things. Wannabee moderators could undergo a calibration test maybe to see where they are themselves in the spectrum of opinion. Just one idea.
Is Naked Lunch literature or pornography? How about Anne Rice's Exit to Eden with content as explicit as what you would find on the newsgroups, but also literary value as commentary on the impossibility of finding real gratification in debauchery (but much more so the former than the latter)?
But I've already addressed that. Literature and pornography are not mutually exclusive, they measure completely different dimensions. That's why I'm proposing (and it's nothing new, I know) that every site/page is rated on a range of different categories, and that the filtering software allows rules with nested exceptions, eg. "block all porn unless it's mild porn and literature rather than graphics".
Consciousness is not what it thinks it is
Thought exists only as an abstraction
Intel tries to do the same with the WebOutfitter service. Basically, if you decide you want to click AGREE to get their software that checks for your Pentium!!! (you don't just get on the internet...), you agree to take intel's side in the event of any legal action against them and also agree to not present any meterial that would prove to degrade the expecte quality of the company's product. Symantec's is on a alrger scale, but they all try to do this. Whenever you download one of those binary windows drivers the license you must sign to get it requests the same behavior.
One thing I haven't seen in all the vilification of Symantec for this is any indication of whether or not their other products, like NAV & pcAnywhere, also return your WinInfo without your permission or knowledge. Does anyone have the ability to test this? I can't ...
"A gun is a tool, Marian. No better, no worse than any other tool. An axe, a shovel, or anything." Shane (1953)