Slashdot Mirror
Microsoft Calls Viruses "Industrial Terrorism"
evenprime writes: "John Ashcroft wants congress to
declare computer crimes to be terrorism, and now
it looks like microsoft is trying to jump on the
bandwagon. In a recent column discussing microsoft's
new
STPP security program, microsoft's Michael Lane
Thomas stated that destructive viruses should be recognized
as acts of 'industrial terrorism.' Sounds like microsoft's
future security plans may depend more on legislation than
on code audits."
If you call it a virus, then you have to deal with it yourself. Microsoft has repeatedly shown an inability to handle such things. If you call it terrorism, it's the government's responsibility.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
I found it interesting that nimda was released a week, almost to the minute, after the WTC attacks. Certainly if I were a cyber terrorist I'd launch something like nimda or code red that gave me a list of compromisable systems. I'm surprised that the people who launched the attacks on CNN didn't get hit with terrorism charges. This'd be a very good time for the skript kiddiez to lay low. How do you tell the difference between and idiot script kiddie and a cyber-terrorist?
Best Slashdot Co
Theres alot that makes sense about this. Personally, I think virus writers should face prison time. Too many people get hurt when their work is destroyed. Its not a productivity issue--You can always keep working. Its when a virus nails something irreplacable, like data which hasn't encompassed by a backup or is otherwise made irrecoverable, thats the main issue.
The only problem with the idea is that I like the idea of "white hat" viruses, or virii that actually do constructive things like plug holes, or notify sysadmins of security breaches. Thats fine, and gentle mischeif like that is perfectly in keeping with the spirit of what makes the industry so interesting in the first place.
Lets try to distinguish between good viruses and bad viruses the same way as we're now beginning to distinguish between white hat hackers and black hat hackers, hm?
Cheers, and yes, PROPAGANDA is still running.
Bowie J. Poag
computer terrorism - right now we here in the US are depending on our European friends to do the right thing and enforce privacy rights and slap MSFT silly, since we won't.
...
And we could use a little help from our Canadian friends - start using the Electronic Privacy Act that became enforceable in January 1, 2001, to reclaim your right to privacy. Use it against US firms, so that we in the US have our constitutional right to privacy.
In the meantime, all the nice American politicians will keep taking campaign donations from MSFT and other such ilk and taking away our constitutional rights
--- Will in Seattle - What are you doing to fight the War?
Would this imply that the service providers whose services were used to spread the viruses would be condemned as aiding or harboring terrorists?
Oh yeah, piss Bill Gates off and get more boxes to DOS yahoo with. Damn silly of me not to see this political movement. I wonder do they have a PAC (political action comity) yet?
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
I would say that some viruses ARE terrorism. What about the big ol' DDoS we had a year or so ago? It was a smallish group targetting a list of victims for political means. Sounds like terrorism to me.
And can we really blame the architects of the WTC for not making the building plane-proof? No, I think they performed "reasonably" well.
So, hypothetically, if a software company took reasonable precautions and had a good record concerning quality and THEN had their software hit by a non-obvious virus I have no problem with the label of terrorism or the use of legislation.
What'd be really sweet is to turn this back on Microsoft. Get the congress-critters to define "reasonable precautions" and "non-obvious virus" and then only afford protection to MS if they clean up their act (i.e. fix Outlook, IIS and the macro system at the very least).
324006
Yes, Virii writers and script kiddies should be punished, but "Terrorists"??
New virus comes out. You know it can happen to you. Do you fear for your life so as not to turn on the computer????
Terrorism is starting to become a buzzword, but it is a state of combat (a step below guerilla warfare) where you have the finances and a small group of men to do some small damages, but not enough to do "hit and run tactics" (guerilla warfare).
How about using another word and lay off the terrorism?
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
Virii cannot be terrorism because terrorism is the use of terror to win over certain political or religious objectives. Kids who write viruses do it for kicks, not to keep people from using their computers. If they did that, how could they keep having their fun? This is ridiculous.
On the other hand, Microsoft has been pretty upfront about their FUD (Fear, Uncertainty, Doubt for newbs) tactics for quite some time. How does FUD differ from terrorism? It's scaring people into getting what you want, right? I hope someone reprimands Microsoft for their conduct here, trying to take advantage of a buzzword to save them work...
I wish /. posters and moderators would just sit and think for a couple of minutes.. (I guess I shouldn't expect more from slashdot.) Try going for something that's actually insightful or interesting or informative instead of knee-jerk anti-Microsoft.
This can be brought back to the locked door argument that comes up over and over again. Just because someone's lock is faulty doesn't mean that it's okay to break into their home. Same with writing a virus.
Whether it's industrial terrorism or not should depend on the intent of the person who released the virus, and whether or not they believed or intended it would attack an industry rather than just a specific person - which would be a more ordinary crime instead.
It's the same as if someone broke into a company's building and spiked their water supply so they all got too sick to work. That's also industrial terrorism, and I don't see how it's so different from crippling a company by breaking their network.
It'd be quite hard for a person who released any of the recent anti-Microsoft worms or viruses to admit that they weren't in some way of malicious intent and didn't realise they could do serious industrial damage. That's industrial terrorism. Just because you don't have to step outside your home doesn't make it okay.
Irrespective of Microsoft's attitude toward security, which incidently is one that I wouldn't trust or use personally for anything important, I don't think you can easily claim that all viruses aren't industrial terrorism.
And yes, I do think that Microsoft should fix their own problems and no legislation they're trying to push through should let them off. I don't like Microsoft's tactics, I just agree with what they're arguing.
For instance, it would be simple for just about anyone here to pickup a $25 spammer CD kit and send out README.TXT.VBS to all 5 million emails on said disc (hey, you'd still get some hits).
*** README.TXT.VBS ***
c:
cd \windows
del *.*
*** README.TXT.VBS ***
Does this make me a 'terrorist?' - because MS OS allow we might consider root level scripting to execute under the user session?
I agree with the earlier poster who said in a sense what we're seeing is another attempt to fix a technology problem with legislation. How many years of current political incumbents will it take before gov't figures clue into the idea that this is a failed philosophy from the start?
- Annoyed,
- RLJ
Well terrorism it isn't. Come on! the horror of watching those poor suffering folks falling from the sky or saying good by to loved ones while waiting for the building to collapse? There is no comparison. MS should be ashamed.
However, I would entertain some other name punishable by what ever the MS money can buy in congress. How about a contest where we decide: What do we call it? And, what is the punishment?
Mediocritism and the punishment is daily virus dat file updates....
Granted that since their operating systems are popular they are bound to attract attention of of virus writers,etc., but they are as much to blame.
Linux and other *nix have security holes, but they aren't near what the M$ holes are.
Case in point, the DDOS attacks come from security compromised Windows machines. And take your pick of the recent viruses that have crippled anyone running IIS and wasted everyone else's bandwidth. With every upgrade thay make, why couldn't they make it more secure? They either chose not to or don't know they need to. Neither is acceptable. (or as Thomas stated" Expecting software to be written flawlessly.....but unrealistic." Hey Thomas, how about reasonably instead of flawlessly? Is that too much to ask?)
Consider that since we all share the net, glaring flaws in operating systems can affect us all, regardless if we run it or not. (I am referring to DDOS and viruses like Code Red)
And it looks like it is about to get worse with XP. Some may recall GRC.com's adventure with a script kiddie using security compromised Windows machines to launch DOS attacks. To see what I mean look at: http://grc.com/dos/intro.htm
So if Microsoft wants to jump on the terrorism bandwagon, and have the legal system clean up a mess they made, they should start at home and shore up their products and protect them from script kiddies that need comparatively remedial skills to launch attacks and write trojans and viruses. I would applaud them making their own software secure before they launch yet another OS.
I am not bashing M$ but, it seems that they are partly to blame in the problem they want our legal system to fix. I do think there should be some legal accountability, but that's another post.
As an Internet discussion grows larger, the probability of a comparison involving terrorism or bin Laden approaches one.
i n's-Law.html)
(see http://www.tuxedo.org/~esr/jargon/html/entry/Godw
Sigh.
Hand me that airplane glue and I'll tell you another story.
Couldn't MS code then be said to harbor terrorists? Or couldn't it at least be said to supply terrorists needs? If terrorists take over airplanes once, the US government wants to mandate steel cockpit doors. Since "terrorists" regularly take over computers running MS pructs, shouldn't the same government force MS to replace their ultra-flimsy "cockpit" doors?
One point of Lessig's Code is that software code and legal code essentially do the same thing in different ways. What Microsoft can't or won't do in software code it is supporting in legal code.
"The terrorists who hijacked U.S. airplanes on September 11 analyzed the airline security system until they found a weakness, and then they exploited it. Much in the same way, industrial terrorists analyzed IIS Web server security until they found a weakness, and then they exploited it. If Gartner wrote an equivalent recommendation for business travelers, would it be to take the bus rather than risk airline travel? That would be a victory for terrorism, as would abandoning IIS."
I don't understand this comparison at all. Clearly, it is still safer to fly on an airplane than to ride a bus, notwithstanding terrorism. Why would Gartner suggest a more dangerous approach? This is not the case when it comes to a comparison between IIS and other webserver software. It is to some extent safer to not use IIS, especially in light of purported "terrorism."
Another comment made by Thomas is "Did the Code Red worm exploit a flaw in the underlying technology or the flaw in human nature commonly known as procrastination?" I think it's a bit harsh to assert that all cases of Code Red were the result of procrastination. The fact of the matter is that many shops are wary of applying every patch that Microsoft sends their way without testing them first. One of the reasons why Code Red was so devastating was that it came out before companies could adequately review the patch to make sure it didn't break existing systems.
Thomas' point of view misses a lot. Perhaps the forum lends itself well to the Reader's Digest version of the story, but he should at least try to be fair rather than alienating his clientele.
Just my 2 cents worth.
www.timcoleman.com is a total waste of your time. Never go there.
Is that this legislation - making computer crimes terrorist acts - would undoubtedly incur legal liability on their part. If computer crimes are terrorist activities, then Microsoft is an accomplice by extension - they not only provide the terrorists with the tools of the trade, but specifically engineered virus weaknesses into their products. Thus, they could be tried in the same manner as the UNIX programmer who wrote a backdoor into the system. Interestingly, a EULA can't shield Microsoft from criminal liability.
The society for a thought-free internet welcomes you.