Slashdot Mirror
Is Virus Spreading Criminal?
Ghost-in-the-shell writes "I just read this article on CNN stating that spreading a virus in the state of Pennsylvania is now illegal. The bill signed in to Law on May 26th, by Governor Tom Ridge states that the spreading of a virus can land you 7 years in jail, a $15,000 fine, and possible restitution to the person(s) damaged by the virus. My only question is what happens in the cases of a virus like the famed "Melissa" who automatically passes it's self around?
"
Read the full text of the law .
Interesting to note that unwilling transmitting information is illegal. So the Real Networks scanning your drive and uploading information is a 'virus'. Or microsoft sending reg info without your permission is illegal.
-RossB
Here's the full text of the PA bill as it was signed.
/. two days ago when it was signed - go figure.
I had submitted this to
Simply because companies don't want people "banned from the net" -- that means people won't buy online... and believe me, they want people buying online.
They don't care about netiquitte or responsibility, they care about dollar signs.
Mind you, I don't know that I agree with your idea anyway. How is a person supposed to KNOW they have a virus on their system. Even when you're careful you can still get stuck...
Eviscerati.Org: All Hail the Eviscerati
[Microsoft] put the auto-preview in *intentionally*, and were responsible for all the dodgy code. So get them.
Can't get them with this law, because it was passed after they did it. (You might get them partly, for stuff they ship after the law goes into effect...)
But it would be interesting to go after them for negligence in a civil suit. B-)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
People who intentionally spread a computer virus face a seven-year prison sentence and a $15,000 fine
It does say intentionally.
*Emphasis added
Eric
The person who gave me this damn flu bug must be punished!
134340: I am not a number. I am a free planet!
Hmmmm. I would say that they could probably be prosecuted under the "attractive nuisance" law.
Prosecutor: So you deliberately left the gate open by default on Outlook, Mr. Gates? Surely you knew that that was attractive to virus-writers?
DNA is a Turing machine. You, however, being dynamic and emergent, are not.
Kids throwing bricks off of overpasses aren't trying to kill people, they're just stupid and think that it's funny. Nevertheless they still do kill people sometimes, and rightly get prosecuted for it whenever they are caught whether or not there was an actual death. Just being stupid doesn't absolve you from culpability for doing the wrong things, especially when you could reasonably have been expected to know that your actions were a bad idea.
The real tragedy about the lack of security present on the Internet today (mostly due to the homogenization of most end-user software, at least in quantitative terms) is that thoughtless people can affect thousands of others around the world with their actions. To be fair, most users aren't really to blame for the poor security of the products they use, but on the other hand if there were more penalties for spreading viruses, maybe the public would be more interested in using products which are more secure. The buying public gets the security it asks for, and so far it hasn't been asking.
Your right to not believe: Americans United for Separation of Church and
I'd say the chances of a successful class action suit in VA against spyware publishers just went up quite a bit. Any VA lawyers interested in nabbing the next spyware release?
Neither of the programs you describe are self-replicating.
The RADIATE (formerly Aureate) monitoring programs that are packaged with over 400 freeware, shareware and demo programs is a perfect example of a deliberately spread virus (in Win9x)
1) you are not informed that a *separate* program will be installed, in addition to the program you intend to install. This program can monitor your activity even when the program it came with is not in use.
2) the monitor program is not removed when you uninstall the 'carrier' free/shareware program or purchase the paid version of a demo. In fact, there is no way to completely remove it except through an external program like OptOut from Steve Gibson (freeware)
Sounds like a classic, deliberate, and very malicious 'virus'. I'm sure there's something in the license allowing the installation, but nothing about it persisting forever (even after you remove the program the license applies to). True, you could prosecute under the 'unauthorized computer use' felony, but I think the virus law gives a better tool, since the virus+vector model is a familiar one (putting an unannounced virus inside a desired executable doesn't make it less of a virus)
If you can go to bed, knowing you did a valuable thing today, you're very lucky. If you can't... it's not bedtime
What definition of virus are they going to use? Would this include programs that sniff down your net connection to collect personal info? A virus could be: a standalone program, a file that executes other programs on the client system, a file that executes a program on a server, a file that resides on a server and effects a client system... you name it. A simple script on someones webpage to check user browser info and client browser settings could be seen as either a valid tool or benign virus.
Like Bush, his strong points seem to be that he doesn't have any strong points someone could object to. The economy is good (like everywhere else in the US), he's cut business taxes, pushed welfare reform, yadda yadda. He's also managed to stay mostly clean of the morass that our other Republicans in Pennsylvania's state government have found themselves in, such as various corruption charges, Serafini's felony perjury conviction (fellow Republicans blocked an attempt to kick him out, too), Druce's alleged fatal hit-and-run, etc.
While I'm not a big fan of Salon, they recently did a real nice hatchet job on the guy, in an article titled Bland Ambition. Worthwhile reading.
"Don't blame me! I voted for Kodos!"
Then, quite frankly, the average user shouldn't be using my systems. If other places are anything at all like the places I've worked, every user is required to receive and acknowledge a usage agreement. In the usage agreement, which is 100% common sense and 0% rocket science and/or brain surgery, users are specifically and explicitly prohibited from disclosing their password(s) to anyone. ANYONE. If you violate this agreement by giving your password to your SO, your friend, or the man on the street, I can and will revoke your access per the terms of the agreement.
Now, failing to read the agreement is no excuse. Just as ignorance of the law is no defense. Just because people are stupid and will give away their passwords doesn't mean we should let them get away with it. The law should stand as written, no excuses for idiocy.
There's no legal penalty for being stupid. Until you leave your hospital room/bubble/cell/ward/cave. If you want to interact with the rest of the world, you're expected to maintain a reasonable level of rationality and common sense.
Yeah. Hate crime legislation is just an attempt at criminalizing thoughts. It shouldn't matter what you were thinking when you killed someone. What matters is whether you killed them or not and whether you intended to kill them or not.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
I was chuckling at your response (and agreeing with you) and then I remembered: food service workers ... Typhoid Mary ... "Employees Must Wash Hands" .... There are constraints placed on us in all kinds of circumstances where we interact in society. It was said:
When what we do (or don't do) affects others, we need to be on the alert for regulations. No Smoking.
-- @rjamestaylor on Ello
holding users responsible for their privileged passwords is a good idea.
To the tune of putting them in jail for five years?! Doesn't this strike you as something between utterly ridiculous and very, very scary?
Kaa
Kaa
Kaa's Law: In any sufficiently large group of people most are idiots.
No. We're just having a discussion; debating the idea. I'm not for this, just thinking.
Furthermore: requiring everyone to have a license because *some* people are irresponsible is, in essence, saying "Everyone is guilty until proven otherwise."
Or it's a way of saying "you don't have the right to be here; you must prove that you're able to bear the responsibility." Don't freak: I'm describing a driver's license. So, what if this was applied to running Internet-connected computers? Better put: what if your OS and Software had to be approved for Internet use before you could put it on the 'net? Put the onus on the OS/Email/Services programmers.
The reason that the law says "intentionally" is because for a crime to be proved there are 3 irreducible elements: Means, motive and opportunity.
If your car rolls down a hill and smashes into someone's property (or person) you may have had no Means, motive or opportunity to commit a crime but you'd be liable (civilly) nonetheless. And, if it could be proved that you were recklessly endangering others, you could be held criminally responsible, too (involuntary manslaughter, for example).
I guess as I consider this topic I am becoming aware of our responsibility toward others on the Internet. Perhaps I should be repremanded if I leave my system open and it is used as part of a DDoS attack.
-- @rjamestaylor on Ello
Microsoft Outlook
Poorly written Petri Dish
Microsoft Lookout!
Need Free Juniper/NetScreen Support? JuniperForum
OK, I like this a little better. Ideally, the marketplace will winnow out buggy and insecure programs. BUT -- there will always be people who will write software and just put it in their FTP directories for anyone to download. And there will be people who will use it just because the cost = $0.
I guess as I consider this topic I am becoming aware of our responsibility toward others on the Internet. Perhaps I should be repremanded if I leave my system open and it is used as part of a DDoS attack.
What is ironic is this: in the old days on the Net (before '95), *everyone* would leave their system open so as to facilitate email forwarding. The idea that people would DDOS was simply unthinkable. I'd say that there is nothing wrong with leaving your system open -- providing you monitor it carefully. Most DDOSing is done using server farm machines that are only loosely monitored (the rationale being: "Well, all this machine does is serve pages and there aren't any user accounts on it, so we won't bother with checking it unless it goes down."). But you are right about one thing: personal responsibility is important. The only thing I disagree on is the theory that people need to be monitored, checked and licensed to make sure that they are being responsible. Children may need such strictures -- but adults aren't children.
DNA is a Turing machine. You, however, being dynamic and emergent, are not.
Define always. To me and you DL's are eternal requirements. To my grandparents (who lived before autos were common) DL's did not exist at one point. What changed? Automobiles became an integral part of American life and commerce. Bad (dangerous, ignorant, reckless, et al) drivers were no longer merely a threat to themselves but to all drivers around them and to normal business conducted over-the-road. Something had to be done, so regulations were made and minimum standards were set.
what you aren't realizing here is that connecting to the 'Net can't be compared to, as you've done here, driving a car. The 'Net has become such a integral part of businesses worldwide, that it would just cost too much to start educating a semi-computer literate world in the way you're suggesting.
Okay, I rearranged your quotes to make this point: because the Internet is integral to business internationally it may become necessary to make regulations and establish minimum standards. Scarry.
You can't disconnect these people because they fail a Internet security test, because then you would be disconnecting way too many people. Remember, the average CEO of a company (Suit) isn't even semi-literate (computerwise), perhaps if it's a tech company, yes, otherwise, you'll be luckily if he's semiliterate.
Okay. Maybe we require that the OSes and Internet-connecting programs (don't ask me to define them all, I'm just thinking out loud!) be certified to operate on Internet-connected devices. Sure, let the CEO use the net -- but not with Outlook and Windows Scripting Host enabled! Who enforces this? The ISP? (Hmmm....).
-- @rjamestaylor on Ello
The 'spyware' program does nothing more than say what ads have been received, and what have been clicked. Period. I don't know about you, but I don't do my surfing through ads. Hell, I get weird enough ads from Doubleclick crap as it is.
The problem is that this has been claimed as spyware.. ie: it monitors your surfing habits, and I've even heard that it could see which programs are installed on the HD. This is where the paranoia overtakes the fact.
I have yet to see comprehensive proof that this does (only or all of) what either side of this issue says it does. Most people take for proof that Aureate/Radiate is evil the presence of any of the 'bad' DLL's.
The program has been proven to exist, true. Get some simple network tools and a little registry viewer and sure enough, you'll notice something's set stuff up in the registry, and something's calling home. Nobody has given proof that shows what it's actually doing beyond that.
It's a task I'd think someone in the /. audience would be glad to undertake. At this point both my curiousity and rage at the propensity of this falsehood to spread so easily are motivating me to crack down as much as I can. Only.. I don't really have the time, I don't have the resources or knowledge either. Someone needs to just sit down with a packet sniffer on a controlled network, and see what's up. I personally, can't tell what to look for, but I'm positive that someone can.
Steve Gibson claims that some of the scarier stuff like arbitrary execution has been proven. I ask... show me the proof.
Now I can sue all those bastard MS Outlook users who have me in their address book, and hopefully put them in prison, too!
True, on my personal system I have no fear or worries about others' systems being exploited. I never got one of these macro worms sent to me, yet. But it does harm me. Very much. For one, my mail servers at work and elsewhere are overwhelmed with the exponential flood of garabage that is sent during the height of these attacks. Moreover, I've been spammed to death by people leaving their sendmail (et al) servers open for relay. Maybe ORBS is not enough. You wanna run a mailserver? Get a license.
We're just talking, here. I'm not suggesting this should happen. be my guest: Shoot me down.
-- @rjamestaylor on Ello
but what if I sneeze?
But does using Microsoft Outlook count as intent? :-)
Unleash a virus
Fun for the first few minutes
Then the cops show up
19. I understand that this software may send copies of itself to everyone in my address book.
20. The authors of this software shall not be held responsible for any data that may be lost.
Certainly a very large portion of the population would click on the [ACCEPT] button as a matter of reflex. It wouldn't even make it out of the brain stem.
Would the author of this virus be subject to prosecution?
Would they be safer in states that have passed UCITA?
-Jeff Bell
The message is loud and clear: We want to keep using mIcKeY$oFt crap. If you rain on our parade, we're going to nail you good.
So they're going to send someone up for 7 years in PA. In NC, that's the penealty for bank robbery. Does passing a virus rate that much time? It's more than B&E, assault, assault & battery or assault with a deadly weapon. Either the penalties for these ought to be increased or they ought to back this don't For crying out loud. Every thing on the books is getting ratcheted up to 7 years. This breeds contempt for the law.
Wansu, th' chinese sailor
IANAL, But I believe you'll find that intent is important in US law. If your intent is to do harm (dropping bricks on people) and you kill someone, then you are guilty of a some kind of Manslaughter. Usually, you have to intend to kill to be convicted of 1st degree murder. The kids you cite are probably guilty of some other kind of Manslaughter.
Being stupid isn't the issue, intention to do harm is. Now, there are crimes of negligence. If you can be reasonably expected to know not to open attachments that might do harm and you do it anyway, you are guilty of negligence.
I don't think that it's been true in the past that people could reasonably be expected to know not to open attachments, after all, so much of their work requires them to open attachments, even attachments with executable content. It may be true that now or in the near future, it would be considered to be negligent to open attachments that may have executable content if you don't have a good idea as to what that content is or will do.
It's almost getting to the point that anyone who sends ANY executable content in email using insecure facilities like VB or Word Macros, as opposed to languages that support a relatively safe programming environment like Java, are being negligent in that they are helping to set the stage for future worms and Trojan Horses.
-Jordan Henderson
How do you *prove* the "intention" to spread the virus?
Are we going to throw a lot of clueless people in jail?
-
air and light and time and space
It seem simple to me. If you intentionally write software that's purpose is to spread without the users knowledge and/or control and/or permission, and intentionally release it in such a manner that it would begin to spread in this manner, then you ARE doing something that has no useful purpose in society, and hence, wasting others time.
Good luck on enforcing the law, though! I'd like to see what happens the first time someone creates a virus somewhere else, say Montana, and it damages a computer in Pennsylvania. Pennsylvania could argue for jurisdiction, but would Montana extradite someone all the way to Pennsylvania for prosecution?
Stop by my site where I write about ERP systems & more
Your blue-sky proposal is ridiculous. Who is going to set up the "test"; who is going to administer it; what penalties will there be for "driving without a license", etc. Do you really want to install *yet another* bureaucracy over us?
Furthermore: requiring everyone to have a license because *some* people are irresponsible is, in essence, saying "Everyone is guilty until proven otherwise." Go back to France: that's where that bass-ackwards system of "justice" originated. Here in America we have a fundamental principle that people are "innocent until proven guilty".
There is a reason for having a driving test: you have to prove that you can adequately handle a ton-and-a-half vehicle at high speeds before you actually get on the road. A computer is not a car; if you crash your computer, no one else is affected. If you drink while programming, you'll just produce bad code, but it won't affect anyone else. Using your computer to design and upload a virus is using a tool in a weapon-like way. People *have* used cars as weapons, but I don't recall any questions on the Driver's Ed test about "Will you be using your vehicle to commit a homicide?" That's just as strange as asking someone "Will you be using your computer to commit a crime?" -- and who is going to answer *that* question in the affirmative anyway?
I realize the law says "intentionally" but what if a more proactive stance was adopted?
The reason that the law says "intentionally" is because for a crime to be proved there are 3 irreducible elements: Means, motive and opportunity. If a virus comes into your computer and uses the copy of Outlook you have installed to perpetuate itself, the means is there, the opportunity is there, but YOUR MOTIVE is not. Therefore YOU cannot be accused of propagating the virus. (Perhaps you could be prosecuted for maintaining an "attractive nuisance", but if you installed it in a manner so as to leave it in the default condition, then the software manufacturer is just as -- if not more so -- liable).
A more "pro-active" stance would only apply two of the three conditions -- perhaps your motive is irrelevant. Then you could be thrown in jail -- perhaps without even realizing that your computer passed the virus along -- just because a computer log somewhere had your IP address as the (from its point of view) origin. How would you feel about *that*?
DNA is a Turing machine. You, however, being dynamic and emergent, are not.
It seems that there are already laws that cover this. I have often seen the creators of unwelcome self-replicating programs charged with "unauthorized use of a computer", (sorta like unauthorized use of a motor vehicle) which is an effective catch-all for people who do anything to take control over other people's computers without their consent.
I think that the expedited creation of new laws in reaction to a phenomenon that most people in positions of power could never hope to understand, let alone competently regulate is a dangerous thing. I recognize that these legislators probably have teams of advisors, but i still worry about the original intent/usefulness getting diluted/lost in the legislative process.
---
Play Six Pack Man. I
This seems like it's for show.
:)
Well, I realize that laws can make people feel more comfortable, but there comes a point where penalizing somebody doesn't make anymore sense. For example, if they guy who wrote melissa had to pay restitution or pay a $17,000 fine for every copy of the virus he spread, he'd probably own millions upon millions of dollars which he'd never be able to repay, no matter how long he lived.
You can punish a person harshly, you can even make it so that the person will never get away from the punishment for the rest of their lives, but fining somebody $40 million is pretty much the same thing as fining them $40 billion. At least the effect is the same, and the amount of money you'll actually collect is the same.
I say this because if you make it a crime to spread a virus and make it punishable by jail, restitiution, or fines, then anybody who spreads a virus (since they go all over the world) will be liable for damages in so many damn jurisdictions that it will be the same as fining them $40 billion, and just as pointless.
Not to compare virus spreading to murder, but just as an example of over-punishment - when Jeffry Dahmer went to jail, he got *400* years in jail. 400!!!! What's the point? Of course it was arrived at by adding the amount of time he got for each murder, just like the fine would be arrived at by adding the recompensation for each victim for a virus spreader.
An effective punishment would be a $0.25 fine and no restitution, since by the time everyone on earth got finished suing the poor bastard, he'd be in for millions.
-- Truth goes out the door when rumor comes innuendo. -- Groucho Marx
I'm talking about intent in the legal sense. The crime you are charged with and ultimately your punishment are often linked to intent (i.e. did you commit the crime on purpose, or was it an accident?). Intent in this sense does not take into account what you were thinking at the time, although those things can be examined to determine whether or not you intended to commit the crime. The goal is to determine, yes or no, whether you intended to commit the crime. Once intent is established, the case can proceed and you can be charged with the proper crime and receive the proper punishment. Your punishment should not be linked to your beliefs or your thoughts at the time, it should be determined impartially, based on the crime you committed. Any attempts to determine the beliefs of the accused, can never be more than speculation, even if you are able to convince a jury with that speculation. Speculation as to a person's reasons for committing a crime should not be used to determine the specific crime or punishment of the accused.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
The article states:
"Accessing and damaging a computer or system is a felony of the third degree, facing a seven-year sentence and $15,000 fine. Interfering with a computer, system, or network or giving out a password or other confidential information about a system is a misdemeanor of the first degree, with a maximum penalty of five years and $10,000 fine. "
What scares me is the part where they refer to 'other confidential information.' That is such an amazingly grey area. And what constitutes giving out a password? Once again, the focus should be on 'illegally obtaining passwords.' This is a section where the victim (piegon in a scam) could be prosecuted for their unwitting part in a crime. (Remember the IQ of the average user).
Just a few rambling thoughts from yours truly.
Check out Magic Firesheep!
I think the issue here is whether or not you passed the virus onto another computer you own.
I could plausibly see someone in some comp sci class writing a harmless virus, and studying how it replicates. A broad law could land this student into jail
So I guess the question isn't whether someone who intentionally damages other people's computers should be illegal, because we all know it should. The question should be, are we inhibiting innovation by making too broad of laws?
I can't really say that it's suprising that intentionally propagating a virus has become a crime - I don't think that anyone can argue that spreading a virus is not a nice thing, even if creating one is purely a "technical challenge". I expect that this legislation will be quickly followed by other states and countries, especially in light of the "ILOVEYOU" virus and its successors.
However, in the words of the article, "It also defines a computer virus for the first time". The definition of virus has already changed over the last few years, and as technology changes the pathogens that affect it will change as well. How soon will it be until this law and its definition of a "virus" becomes obsolete? Given current trends, not long at all.
A good law to have then, but as with all laws that attempt to regulate technology, the pace of advancement in the technology far outstrips that of the law to keep up with it.
I can't really say that it's suprising that intentionally propagating a virus has become a crime - I don't think that anyone can argue that spreading a virus is not a nice thing, even if creating one is purely a "technical challenge". I expect that this legislation will be quickly followed by other states and countries, especially in light of the "ILOVEYOU" virus and its successors.
However, in the words of the article, "It also defines a computer virus for the first time". The definition of virus has already changed over the last few years, and as technology changes the pathogens that affect it will change as well. How soon will it be until this law and its definition of a "virus" becomes obsolete? Given current trends, not long at all.
A good law to have then, but as with all laws that attempt to regulate technology, the pace of advancement in the technology far outstrips that of the law to keep up with it.
Why the "intentional" requirement? What about negligence?
Example (a real virus): If a surgeon found out he had AIDS but didn't quit his job and later infected a patient during surgery, I think we'd all agree that he'd be liable for the patient's sickness.
Another example: I advocate the use of murder charges against drunk drivers who kill. Why? Because they deliberately make choices that are known to have a high rate of death for potential victims.
So why not for computer viruses? In all seriousness, why can't Joe User be held (partially) liable for running an email client (*cough*outlook*cough*) that is known to cause a large amount of bandwidth sucking and server crashing? A little less ridiculous (although I'm not conceding that the example was ridiculous) is holding site admins responsible for viruses leaving their site. If they can strip incoming, they can strip outgoing.
And this isn't empty moralising, either (although that should be sufficient). There's a practical reason for all this: Advocating point-source solutions to an epidemic problem will never work. Prosecuting only the virus originators (and maybe a few knowing Typhoid Mellissas) doesn't reduce the attractiveness of the target--so new originators pop up. By prosecuting the victim (who is in turn a new originator) you can reduce the attractiveness of the target and thus the incidence of infection.
--
Have Exchange users? Want to run Linux? Can't afford OpenMail?
Linux MAPI Server!
http://www.openone.com/software/MailOne/
(Exchange Migration HOWTO coming soon)
If you recall, Pennsylvania cut a deal with Microsoft a year or two ago, to use Windows products exclusively in the Pennsylvania state government. That, combined with the Love Bug and other such niceties, has probably made computer life very difficult in the PA state government offices lately. That considered, it's not surprising that they're the first to adopt legislation like this. The states which are still running on mainframes and Unix boxen like they should, can sit back and laugh at PA.
--
Tired of FB/Google censorship? Visit UNCENSORED!
Microsoft wanted this law to prevent people from sharing Win95/98/2000 with their friends (or enemies). Everyone knows there hasn't been a virus unleashed yet that can compare to the damage caused by these viruses.
Looking for a computer support specialist for your small business? Check out
Interfering with a computer, system, or network or giving out a password or other confidential information about a system is a misdemeanor of the first degree, with a maximum penalty of five years and $10,000 fine.
OK. So we all know about "bad" viruses -Mellisa, etc, and "trojans" -but what I want to know is how this legislation can be used to keep Large Corporations from digging around in my HardDrive..
When RealNetworks or Aureate/Radiate add "special features" to their software to profile my music listening habits, or track my web access from within, rather than from accessed pages- does that count as "Interfering, or giving out confidential information".
-
air and light and time and space
How exactly do they plan to prosecute on this? I can understand if you're the initiator of the virus and leave some sort of tracker so people know YOU did it - in fact, laws are in place for situations like that. But, how can they PROVE that you intentionally distributed the virus? Understood, they will forgive accidents (Melissa, et. al.), but how often do people say, "Ha ha, now I gave you a virus!"
It seems to me that this is just a front for trying to force internet / computer users into revealing their motivations behind their actions - an invasion of mental privacy. There's not a good solid way in most cases to prove that you deliberately gave a virus to another user, and even then, it's easy enough to disprove in almost all circumstances.
"I'm not even supposed to BE here today!"
Here a news blurb about it. There's an interesting point in it:
The Pennsylvania legislation defines a virus as any "computer program copied to or installed on a computer, computer network, computer program, computer software or computer system without the informed consent of the owner that may replicate itself and that causes unauthorized activities within or by the computer."
So what about the software that is automatically installed when you install a program. Especially the stuff that allows for tracking your online habits, etc. Go!zilla's ad engine is like this, though it's unclear exactly what it does. So can these companies be prosecuted now?
everyone and his brother should know by now NOT to launch attachments?
I got to deal with the ILOVEYOU virus. It was not the secretary that launched it. It was not the big boss that launched it. It was one of the other programmers that launched it. Trust me, after humiliating him I don't think he would be stupid enough to do something like this again, but one never knows.
Also, a friend of mine works for a large company. IS sent around a message saying "Do not under any circumstances launch this app." 15 minutes later someone did because they "wanted to see what it would do." This also happened at one of the local hospitals.
Couldn't one argue that in all three of the cases I mentioned that it WAS intentional in every case? Just because you are stupid does not under any circumstance give you the right to do stupid things.
Let me apply this "burden" to the 'net: if you connect to the Internet and pass a virus (even unaware) your privileges to stay connected may be revoked or suspended. What?!? Well, you take on a lot of responsibility to connect to the rest of us. If you cannot take basic precautions to protect others from your transmissions then you are subject to loosing your right to be on the 'net. The onus is on you.
What does this mean? It means you must be able to prove that you took reasonable precautions to prevent your system from harming others. This may include using an updated anti-viral package on Windows and Mac systems. Properly adhering CERT advisories on UNIX systems. Avoiding easily-exploitable software packages (Outlook, for example). Using basic security protocols.
Offenders (those who fail to protect others from attacks via their systems) may be forced to disconnect until they
I realize this is radical.
Perhaps a better model (than the counterfeit bill passing) is the transportation regulations we have today. We require people who drive on our highways to take basic precautions to avoid harming others (no drinking when driving, obey traffic laws, maintain car at reasonable operational standards). Heck, we don't let you drive unless you obtain and maintain a proper license! How about a license to connect to the Information Super Highway? And what about liability insurance? If your system has an exploitable hole that damages someone else's system, you may be liable.
The Internet is a part of our lives. We can't allow stupidity and laziness ruin it for the rest of us.
-- @rjamestaylor on Ello
Section. 1.
Full Faith and Credit shall be given in each State to the public Acts, Records, and judicial Proceedings of every other State. And the Congress may by general Laws prescribe the Manner in which such Acts, Records and Proceedings shall be proved, and the Effect thereof.
Section. 2.
Clause 1:
The Citizens of each State shall be entitled to all Privileges and Immunities of Citizens in the several States.
Clause 2:
A Person charged in any State with Treason, Felony, or other Crime, who shall flee from Justice, and be found in another State, shall on Demand of the executive Authority of the State from which he fled, be delivered up, to be removed to the State having Jurisdiction of the Crime.
The last section is the most important.
Gamingmuseum.com: Give your 3D accelerator a rest.
That's it, no longer will I spread virii from Pennsylvania. No longer will that place put down with such liabilities as vampires and virii writers.
You can't handle the truth.
I see. So, simply because you could write a program that could fuck up a few programs means you deserve to be locked up with murderers, rapists, and drug dealers? Yeah, I see the logic in that one. It's called Republican Stupidity. The Governor of PA is an asshole. You can tell him I said that.
This is truly unbelievable. The sad thing is that you could be convicted of raping a woman and do less time than if you wrote a virus. What ever happened to common sense in this country?
jumps from machine to machine
who knows its maker?My only question is what happens in the cases of a virus like the famed "Melissa" who automatically passes it's self around? "
um, perhaps i am missing something here, but isn't that the definition of a virus? people seem to have forgotten what a computer viru is, and generally just associate "virus" with malicious program. a virus is a program or part of a program whose primary purpose is to propagate itself to other programs/computers. (i say programs because in the old days before outlook and office, viruses could only affect executable files, and when those executable files were run, they would infect other executable files on the disk) it doesn't have to be malicious. you might never even know you have one, even though it has put copies of itself all over your computer and everyone's you know.
anyway, the point to all of this is that the question "what about viruses that spread themselves?" is a dumb question, because if it doesn't spread itself, it is not a virus. malicious code perhaps, but not a virus...
If I don't put anything here, will anyone recognize me anymore?
I spend my spring semester working as tech support/computer person for the law branch of one of the state departments in PA. The ILOVEYOU epidemic was pretty bad there, and from what I understand it was pretty bad all throughout the state government offices.
This might have helped to push the legislation through.
What makes it really funny is that AFTER it was announced over the building-wide intercom that email with the subject ILOVEYOU is infected with a virus and that the attachment to that email should not be clicked on, a disturbing number of people walked back into their offices, opened outlook, and clicked on the attachment. Simply "to see what it would do"
This law seems to make their actions illegal. I think that's good.
This is supposed to be great art. So why does it look like a bunch of decapitated naked people? -- Calvin