Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Calls Viruses "Industrial Terrorism"

Posted by ryuzaki0 on from the emotional-appeal dept.

evenprime writes: "John Ashcroft wants congress to declare computer crimes to be terrorism, and now it looks like microsoft is trying to jump on the bandwagon. In a recent column discussing microsoft's new STPP security program, microsoft's Michael Lane Thomas stated that destructive viruses should be recognized as acts of 'industrial terrorism.' Sounds like microsoft's future security plans may depend more on legislation than on code audits."

8 of 473 comments (clear)

  1. ANTI-TERRORISM BILLS VS. Computer Crime by mr_don't · · Score: 5, Insightful

    Patriot ACT, USA ACT, ATA:

    I know everyone has read and knows something about these bills, but here is a break down of what they mean in terms of things like computer crime and vandalism...

    (a) Our Constitution gaurantees "due process" to all PERSONS, not all CITIZENS, meaning that immigrants may also enjoy these rights. However, under these acts, immigrants can be held on suspiscion of potential crime (ridiculous!). The Senate Bill allows for indefinite jail time without due process...

    (b) These new laws broaden the definition of Terrorism to include things that include vandilism, computer crime, and (un)civil disobedience. There already exist laws that broadly define terrorism, and flying planes into buildings filled with thousands of innocent people meets those requirements. Marching in a demonstration is not terrorism, throwing a brick through a starbucks window is vandalism and property damage not terrorism, and hacking a website is not terrorism, (it is vandalism!). Also, under terrorism laws, people who harbor terrorists, or give terrorists advice can also be tried as terrorists! If you stay on my couch and then throw a brick at starbucks the next day, I am a terrorist. If I post a security weakness in Microsoft web servers on my website to warn people, and some kid uses the info to hack into someone's site, I am a terrorist!

    (c) The laws give the FBI new powers to wiretap and read emails without a warrant. They can also read e-mails and URLS. If I want to read news about Bombs and Terrorists on google, and I type in "Bombs" and "Terrorists" into the field, that is all the FBI needs to suspect me of crime and set up a phone tap or a Carnivore search on me. The FBI is supposed to only be able to know where an email comes from and where it is going. They are supposed to only read the "To:" and "From:" fields of the e-mails, but how can you look at the header of an e-mail and not happen to glance at the "Subject:" line? Basically, that is what is happening in these laws and with Carnivore. ISP's have to install it on their servers. It is like a black box, no one can monitor what the FBI is doing or reading!

    THESE LAWS ARE UNECESSARY FOR COMBATING TERRORISM! CURRENT LAWS ARE SUFFICIENT! WHY IS THE FBI, CIA, AND JUSTICE DEPARTMENT DOING THIS?

    Resources:

  2. Passing the buck? by Lxy · · Score: 4, Insightful

    Teenage script kiddie finds gaping hole in Outlook. SK writes virus to exploit it. Microsoft blames the government for not stopping it.

    Microsoft is starting to get scared of this "System Admin or Microsoft?" blame game so they figure if they add the Government into it, there's only a 1 in 3 chance that they're liable. They just need another way to avoid the accusations that their software is insecure. The next Nimda/Code Red/Melissa/whatever attack Microsoft can sit back and yell at the government for not stopping it, rather than take the responsibility of patching their software.

    --

    There is no reasonable defense against an idiot with an agenda
    :wq
  3. Re:And why not? by Hard_Code · · Score: 5, Insightful

    You're going to leave it up to the *politicians* to discriminate between white hat and black hat, good and bad viruses? Thanks but no thanks, I'd rather have no legislation at all, and us techies can sort it out. Once you let politicians into the mix, all of a sudden campaign donators are the ones consistently making "good" viruses, while political enemies are the ones making "bad" viruses.

    --

    It's 10 PM. Do you know if you're un-American?
  4. Airlines vs. Buses by devnullkac · · Score: 5, Insightful


    Michael Lane Thomas write in his article:


    Following Gartner's recommendation to seek alternatives to IIS only accomplishes what the industrial terrorists want. The terrorists who hijacked U.S. airplanes on September 11 analyzed the airline security system until they found a weakness, and then they exploited it. Much in the same way, industrial terrorists analyzed IIS Web server security until they found a weakness, and then they exploited it. If Gartner wrote an equivalent recommendation for business travelers, would it be to take the bus rather than risk airline travel? That would be a victory for terrorism, as would abandoning IIS.

    Give me a break. The implication that IIS is a jet plane while Apache is a bus is just a little over the top. How about a better analogy: ABC Airlines and XYZ Airlines each have their own security philosophies and implementations (not true, but the airline industry isn't exactly like the web server market, after all). Terrorists analyzed and subverted ABC's security methods, but were unable to subvert XYZ's. Gartner recommends fliers switch to XYZ until ABC gets its act together.


    Is this a victory for terrorists?


    --

    --
    What do you mean they cut the power? How can they cut the power, man? They're animals!
  5. Complete perspective failure... by Rothfuss · · Score: 5, Insightful

    Consider these two scenarios:

    1) Your wife and son are sitting in front of a cafe having lunch. You head to an ATM to get some cash to pay for lunch. A car bomb blows up in front of the cafe killing your wife and son.

    2) Your wife and son are sitting in front of a cafe having lunch. You head to an ATM to get some cash to pay for lunch. A hacker has somehow managed to steal all of the money from your checking account.

    Only one of these scenarios inspires terror. Legislators and business persons need to maintain a sense of perspective here. Hacking does not by itself terrify.

    It is honestly shameful that corporations are playing off the fears of the public brought on by 9/11 to promote their own political agendas. By equating hacking with terrorism, they belittle the event.

  6. Re:Naturally by dillon_rinker · · Score: 5, Insightful

    Who was responsible for security on their ariplanes? The airlines. Who skimped on security because it was too expensive? The airlines. Who lobbied Congress to prevent governmental mandates that would have required greater security? The airlines.

    In case you hadn't noticed, they have already laid of several thousand people - tens of thousands, actually. In a capitalistic economy, if you can't find enough customers, your business goes under.

    I believe that the airlines negligently contributed to the tragedies of 9/11. They didn't pull the trigger, so to speak, but they left a loaded gun where the bad guys could find it.

    In the same vein, Microsoft is guilty of negligence in the design of their OS and applications. They have created products whose purpose is to be connected to the National Information Infrastructure. They have cut costs, in part, by ignoring security issues.

  7. Human rights, anyone? by jeti · · Score: 4, Insightful

    The US claim to enforce human rights all over the planet. However there seems to be a blind spot.

    DoJ analysis of the Anti-Terrorism Act:
    "This retroactivity provision ensures that no limitation period will bar the prosecution of crimes committed in connection with the September 11, 2001 terrorist attacks. The constitutionality of such retroactive applications of changes in statutes of limitations is well-settled."

    Declaration of human rights, Article 11.2:
    No one shall be held guilty of any penal offence on account of any act or omission which did not constitute a penal offence, under national or international law, at the time when it was committed. Nor shall a heavier penalty be imposed than the one that was applicable at the time the penal offence was committed.

  8. Re:Good for Goose... by BrK · · Score: 5, Insightful

    In most Microsoft EULAs, it states you can't give the software to nations or individuals involved in making atomic, bacteriological, or chemical weapons.

    Do they mean *besides* the US?

    --
    -This sig intentionally left blank