Slashdot Mirror
Microsoft Calls Viruses "Industrial Terrorism"
evenprime writes: "John Ashcroft wants congress to
declare computer crimes to be terrorism, and now
it looks like microsoft is trying to jump on the
bandwagon. In a recent column discussing microsoft's
new
STPP security program, microsoft's Michael Lane
Thomas stated that destructive viruses should be recognized
as acts of 'industrial terrorism.' Sounds like microsoft's
future security plans may depend more on legislation than
on code audits."
If you call it a virus, then you have to deal with it yourself. Microsoft has repeatedly shown an inability to handle such things. If you call it terrorism, it's the government's responsibility.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Two can play their silly reindeer game.
If tits were wings it'd be flying around.
If that is the case, then Microsoft's total lack of security, and lack of timely response to reported security holes should be regarded as "harboring a terrorist".
If we're going to make virus' a terrorist crime, then we need to follow through all the way.
-This sig intentionally left blank
I found it interesting that nimda was released a week, almost to the minute, after the WTC attacks. Certainly if I were a cyber terrorist I'd launch something like nimda or code red that gave me a list of compromisable systems. I'm surprised that the people who launched the attacks on CNN didn't get hit with terrorism charges. This'd be a very good time for the skript kiddiez to lay low. How do you tell the difference between and idiot script kiddie and a cyber-terrorist?
Best Slashdot Co
I call Microsoft software industrial terrorism. Of course, they contributed about $1,500,000 more than I did to the various political parties so when they call stuff terrorism it's much more likely to stick.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
[...] destructive viruses should be recognized as acts of 'industrial terrorism.'
And MicroSoft is harboring them? Time for retaliation, I say...
Theres alot that makes sense about this. Personally, I think virus writers should face prison time. Too many people get hurt when their work is destroyed. Its not a productivity issue--You can always keep working. Its when a virus nails something irreplacable, like data which hasn't encompassed by a backup or is otherwise made irrecoverable, thats the main issue.
The only problem with the idea is that I like the idea of "white hat" viruses, or virii that actually do constructive things like plug holes, or notify sysadmins of security breaches. Thats fine, and gentle mischeif like that is perfectly in keeping with the spirit of what makes the industry so interesting in the first place.
Lets try to distinguish between good viruses and bad viruses the same way as we're now beginning to distinguish between white hat hackers and black hat hackers, hm?
Cheers, and yes, PROPAGANDA is still running.
Bowie J. Poag
That means we can all run Anti-Terrorist programs on our computers. NAI will _love_ those headlines ...
it's in my head
...if i leave my back door unlocked and hanging wide open, and somebody robs me blind while i sit by and watch them do it, am i a victim of terrorism? Fuck no. Am i a victim of my own poor judgement and stupid decisions? Absolutely. So where does Gates and Co. get off calling this terrorism when they basically invite hackers to do their worst?
Sounds like another desperate attempt at grabbing some public sympathy during a time of crisis. Pity that Microsoft's million-dollar PR department couldn't come up with something better.
Does publishing Microsoft Bob fall under "terrorist act"?
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Your statement mocking the anti-terrorism legislation proposed by the greatest country to ever exist, the United States of America, is terroristic in nature. As I type, officials are currently en-route to your place of residence with the full intention of confiscating your terrorist propaganda, specifically your 1337 Windoze VBScript editor (often referred to as NotePad and compiled as NotePad.exe).
If you celebrate Xmas, befriend me (538
computer terrorism - right now we here in the US are depending on our European friends to do the right thing and enforce privacy rights and slap MSFT silly, since we won't.
...
And we could use a little help from our Canadian friends - start using the Electronic Privacy Act that became enforceable in January 1, 2001, to reclaim your right to privacy. Use it against US firms, so that we in the US have our constitutional right to privacy.
In the meantime, all the nice American politicians will keep taking campaign donations from MSFT and other such ilk and taking away our constitutional rights
--- Will in Seattle - What are you doing to fight the War?
Don't they make TV's or something?
Seriously though: if virii are industrial terrorism, then MS Outlook is the Taliban, and we need to bomb the shit out of Redmond.
And I do mean it. Seriously.
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
So now, in addition to "industrial espionage" (which has somehow entered the common lexicon), we will have "industrial terrorism?" What's next? Industrial Treason? Industrial Murder? Disturbing the Industrial Peace?
Schwab
Editor, A1-AAA AmeriCaptions
Early afternoon. Your 20+ IIS boxen automatically get the newest hot fix..and all reboot at the same time!
Not that would be anything out of the ordinary...
"History doesn't repeat itself, but it does rhyme." Mark Twain
Any chance URLs which reference other Slashdot stories, such as the one in the story here, could be given without a 'mode' parameter? I'd much rather see the referenced story in the mode I choose in my preferences (ie 'nested') rather than what someone else thinks I should be looking at ('thread').
Would this imply that the service providers whose services were used to spread the viruses would be condemned as aiding or harboring terrorists?
Patriot ACT, USA ACT, ATA:
I know everyone has read and knows something about these bills, but here is a break down of what they mean in terms of things like computer crime and vandalism...
(a) Our Constitution gaurantees "due process" to all PERSONS, not all CITIZENS, meaning that immigrants may also enjoy these rights. However, under these acts, immigrants can be held on suspiscion of potential crime (ridiculous!). The Senate Bill allows for indefinite jail time without due process...
(b) These new laws broaden the definition of Terrorism to include things that include vandilism, computer crime, and (un)civil disobedience. There already exist laws that broadly define terrorism, and flying planes into buildings filled with thousands of innocent people meets those requirements. Marching in a demonstration is not terrorism, throwing a brick through a starbucks window is vandalism and property damage not terrorism, and hacking a website is not terrorism, (it is vandalism!). Also, under terrorism laws, people who harbor terrorists, or give terrorists advice can also be tried as terrorists! If you stay on my couch and then throw a brick at starbucks the next day, I am a terrorist. If I post a security weakness in Microsoft web servers on my website to warn people, and some kid uses the info to hack into someone's site, I am a terrorist!
(c) The laws give the FBI new powers to wiretap and read emails without a warrant. They can also read e-mails and URLS. If I want to read news about Bombs and Terrorists on google, and I type in "Bombs" and "Terrorists" into the field, that is all the FBI needs to suspect me of crime and set up a phone tap or a Carnivore search on me. The FBI is supposed to only be able to know where an email comes from and where it is going. They are supposed to only read the "To:" and "From:" fields of the e-mails, but how can you look at the header of an e-mail and not happen to glance at the "Subject:" line? Basically, that is what is happening in these laws and with Carnivore. ISP's have to install it on their servers. It is like a black box, no one can monitor what the FBI is doing or reading!
THESE LAWS ARE UNECESSARY FOR COMBATING TERRORISM! CURRENT LAWS ARE SUFFICIENT! WHY IS THE FBI, CIA, AND JUSTICE DEPARTMENT DOING THIS?
Resources:
DEAR RECEIVER,
You have just received a Taliban virus. Since we are not so
technologically advanced in Afghanistan, this is a MANUAL virus.
Please delete all the files on your hard disk yourself and send this
mail to everyone you know.
Thank you very much for helping me.
Abdulla
Talibanian hacker
Infact Alan Cox was about to do terrorism via free speech by writing code on his computer and tlaking about on the net! Oh, the inhumanity of the whole thing.
Its a good thing this is comming out. Think about the potential loss of lives that could exist if people voliated the dmca and wouldn't be tried as potential terrorists! OR if the SSSCA passes, writing an operating sytem could be a terrorist act. I can imainge thousands of lives being lost for such a dreaded activity. Yes, computer crimes have everything to do with terrorism. ???
http://saveie6.com/
Oh yeah, piss Bill Gates off and get more boxes to DOS yahoo with. Damn silly of me not to see this political movement. I wonder do they have a PAC (political action comity) yet?
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
But at a time when the word terrorism has an exceptionally heavy load of connotations and emotional overtones, when our government has declared a formal war on its existence, it is irresponsible in typical, egomaniacal Microsoft fashion to choose that term to describe a kind of mischief (and I'm sorry but all the recent worms and virii are mere mischief compared to, oh, I don't know, say crashing a plane into a building full of people) that it is universally recognized they and their customers make themselves unecessarily vulnerable to.
It Is the Nature of Information to Transgress Artificial Boundaries
Teenage script kiddie finds gaping hole in Outlook. SK writes virus to exploit it. Microsoft blames the government for not stopping it.
Microsoft is starting to get scared of this "System Admin or Microsoft?" blame game so they figure if they add the Government into it, there's only a 1 in 3 chance that they're liable. They just need another way to avoid the accusations that their software is insecure. The next Nimda/Code Red/Melissa/whatever attack Microsoft can sit back and yell at the government for not stopping it, rather than take the responsibility of patching their software.
There is no reasonable defense against an idiot with an agenda
:wq
Virus writers are wrong, but does it match bombing a building or hijacking a jet? It should depend on the virus. But, then should Microsoft be arrested for aiding these terrorists by making it so easy for them?
Fight Spammers!
It seems kind of new-speak to me. After all, viruses and exploits don't cause terror. I mean, sure it could be considered a crime but it's not like people are hoarding water and cipro because they're afraid of nimda.
I would say that some viruses ARE terrorism. What about the big ol' DDoS we had a year or so ago? It was a smallish group targetting a list of victims for political means. Sounds like terrorism to me.
And can we really blame the architects of the WTC for not making the building plane-proof? No, I think they performed "reasonably" well.
So, hypothetically, if a software company took reasonable precautions and had a good record concerning quality and THEN had their software hit by a non-obvious virus I have no problem with the label of terrorism or the use of legislation.
What'd be really sweet is to turn this back on Microsoft. Get the congress-critters to define "reasonable precautions" and "non-obvious virus" and then only afford protection to MS if they clean up their act (i.e. fix Outlook, IIS and the macro system at the very least).
324006
> then Windows must equivalent to the National Guard
Yeah, but of whose country? Afghanistan?
I gotta side with the M$ on this one...they are sorta jumping in the Buzz word of the day catagorey with this one, but there is truth there.
Viruses definately are a from of Terrrorism to the Net really should be recognized and treated as such. When they hit a company they can have a deep direct impact on that companies ability to perform.
Power Corrupts,Absolute Power Corrupts Absolutely, leaving one person(group)in charge is absolutely corrupt.
... is that it's undefined. It literally means whatever the politicians want it to mean. It's being co-opted as "anything I don't like, perpetrated by someone I don't like," and Microsoft doesn't like VB and IIS viruses because they might eventually be bad for business.
Religion is the opiate of the masses. The wealthy smoke the real stuff.
National Guard? Nah...more like the Keystone Kops.
If god had intended you to be naked, you would have been born that way.
Instead of trying to use the latest, most trendy technologies (e.g. using web based controls and XML to create the Joint Battlespace Infosphere Infrastructure) or opting for the cheapest method of getting things done, we should think about how these things might be attacked and design them to be infrastructure, and should design them to be resistant to attacks.
"Weapons should be hardy rather than decorative" - Miyamoto Musashi
I think that goes for OS's too
I can honestly see how this might be plausible: a great number of people are affected, money is lost and potential property is damaged or stolen. These are the sorts of things that constitute terrorism. They even share a goal of terrorism: fear and confusion. However I think that it is not actually terrorism.
It is significant that Microsoft has invented the term, "industrial terrorism". There is a reason that terrorism hasn't been refered to in the context of industry: it can't be, that's not what it is.
That doesn't mean that computer viruses aren't crime of course. But considering what existing laws are doing to virus writers and even suspect virus writers there isn't a need for stronger punishment.
I can't spell or type, but that doesn't mean I'm unusually stupid.
If viruses are "Industrial Terrorism" then Microsoft is clearly Afghanistan, Iraq, Sudan and Libya all rolled into one. Now, you get three guesses as to who Bill Gates is.
Hint: the first 2 guesses don't count!
"One of these things is not like the other. One of these things does not belong."
Michael Lane Thomas write in his article:
Give me a break. The implication that IIS is a jet plane while Apache is a bus is just a little over the top. How about a better analogy: ABC Airlines and XYZ Airlines each have their own security philosophies and implementations (not true, but the airline industry isn't exactly like the web server market, after all). Terrorists analyzed and subverted ABC's security methods, but were unable to subvert XYZ's. Gartner recommends fliers switch to XYZ until ABC gets its act together.
Is this a victory for terrorists?
--
What do you mean they cut the power? How can they cut the power, man? They're animals!
Yes, Virii writers and script kiddies should be punished, but "Terrorists"??
New virus comes out. You know it can happen to you. Do you fear for your life so as not to turn on the computer????
Terrorism is starting to become a buzzword, but it is a state of combat (a step below guerilla warfare) where you have the finances and a small group of men to do some small damages, but not enough to do "hit and run tactics" (guerilla warfare).
How about using another word and lay off the terrorism?
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
Crashing planes into buildings, yes, that scared the daylights out of me. Having data I'm diligent about backing up erased off my hard drive, that hardly measures up.
If not now, when?
If a terrorist uses an airplane to commit an act of terrorism, then that airplane is a weapon, right? Therefore, if a hacker writes a virus that exploits a security home in IIS, would IIS be a weapon? And if that security hole can bring down 100,000 machines, would it be a weapon of mass destruction? ;-)
Disconnect your television. Do your own research. Draw your own conclusions. They're probably lying. Don't be a sheep.
And hanging out in the network neighborhood with your willie on outlook should be called indecent exposure.
--Lawrence Lessig for Congress!
Last time I checked even if someone walks through your unlocked back door to steal your prized possessions it is STILL illegal, no matter how much you were "asking for it". Just as the "slut" doesn't deserve to get raped for dressing the way she does. Just like it's illegal to hack into even the most wide-open of servers.
Yes it's stupid to run a server without proper hardening. Yes, Microsoft has a record of sucking hind end when it comes to securing their operating systems. And if, after due warning a server admin doesn't patch the holes, his server is hacked, and then used to hack or DDOS others, then maybe the owner of the server can be held liable for damages. However, trespassing is still illegal no matter how stupid the sysadmin is.
The laws that we live by protect both the intelligent and the blithering idiots. Be thankful for that.
First the RIAA wanted to be able to legally hack into any machine that they thought had copyright violations, or at least commit a DoS attack.
Now Microsoft wants to label anyone who does something like that a terrorist.
Well, this should be interesting!
One line blog. I hear that they're called Twitters now.
All cynicism aside (okay, about half of it), I think this is one of the funniest MS articles ever. This reads like it's straight out of the Onion. First, here's a bit where IIS is compared to Christianity:
.NET will continue to be provided to the consumer, one innovative step at a time.".
"Just like the ideologies and religions of the world or the political parties of a given country, the technical innovations promoted by competing software companies will always be at odds because they embody the ideas of individuals.".
Even better, however, is the part where he tells you that if you stop using MS software, the terrorists have won:
"Following Gartner's recommendation to seek alternatives to IIS only accomplishes what the industrial terrorists want.".
Finally, though, I especially like the part where he threatens that MS might (Bill forbid) stop making software. Wow, I just don't know what we'd do without a new version of Word! Here's the threat-- if we don't classify this as industrial terrorism, MS might not charge you that yearly subscription fee:
"But as long as the spirit of innovation is preserved and the implementation of destructive viruses is recognized as the industrial terrorism that it is, then revolutionary ideas like
One innovative step at a time, indeed-- one more step, and he'll be writing for the Brunching Shuttlecocks.
Face it...the vast majority of virus problems are spread by hapless users who mistakenly send their buddies emails containing the viruses.
Does that mean if someone accidently open an html based email that sends a virus to all his contact list that we can be prosecuted as terrorists?
On the bright side...all the guys in the big house doin' time will get a fresh batch of teenage hacker boys who get to be their bitch
----------
ah honey, we're all resplendent - Bill Mallonee
I agree that the people who create viruses can/should be held accountable, but we have problems with viruses primarily because Microsoft gave the virus writers such a fertile playground. Notice how Microsoft works around the clock to give away features like web browsers and media players, while the ONE REALLY USEFUL THING THEY PUT IN THE OS IS ANTI-VIRUS PROTECTION!!!
If Microsoft ran airports, anyone could skip the security checkpoint by clicking "Cancel" or "Next". Most of the people writing viruses aren't even old enough to work as airport baggage checkers! I wonder just how much enforcement there will be when Mr. Ashcroft discovers that most of the offenders are juveniles.
I believe that the free market should be allowed to do its job. When people get tired of inferior products with excessive vulnerabilities, they will create a market for superior products that are not hackable by a 10-year-old. Those who don't know the difference between the two types of products will create a market for consultants who do. There is nothing happening here that the free market can't fix all by itself.
As others have noted, perhaps this helps shift the war in fighting viruses from MS to the Government (to some extent). But if a virus is an act of terrorism (and I'm not even going to get into debating that right now) then what do you call those who enable a terrorist act? What punishment is appropriate?
I'm looking for similar examples where the actions of a private company can determine the vulnerability of the country to a terrorist attack. Airlines and airports are close examples, but they already have government regulation going on. It's yet another case of the problem where the new digital electronic era runs into problems with those accustomed to the physical world. It is almost as though a private company were responsible for a section of the country's borders, and then let down their guard.
Some people say that , as much as we love to hate MS, you have to be careful not to blame the victim. (Just as you don't want to blame a woman dressed provocatively for getting raped.) But in this case MS isn't really the victim. They're a 3rd party, selling a product with flaws which enables the victimization of the consumer. In a fair market, their product would just be drop-kicked into the bin of Losers...but Windows is so prevalent now that the cons far outweigh the pros for most businesses.
It really is an interesting question...what do you do to a private company which unwittingly enables terrorism, and not just once, but again and again and again...?
Is anyone else driven beserk by some of the analogies used? This guy is comparing the deaths of over 5,000 people to some computer downtime? Is there anybody unwilling to exploit the WTC tragedy in a despicable manner>BR>
And this one really makes me mad: the Gartner group telling people to switch to IIS is "giving in to terrorist" - like riding Greyhound instead of flying United. This guy argues switching webservers (a change in product) is equivalent to switching to a totally different mode of doing business. What a terrible analogy. Better analogy: One airline lets armed wackos onto planes, the other one won't. You should fly airline number two, since the hijackers will most likely fly airline number one. Using Apache is no more "giving in to terrorists" than demanding new airline security measures - it is a prudent response to bad people.
And what is this nonsense about "we're gonna find all the buffer overflows"???? You claim your product is secure, it's been on the market for years, and now it's time to find buffer overflows?
Consider these two scenarios:
1) Your wife and son are sitting in front of a cafe having lunch. You head to an ATM to get some cash to pay for lunch. A car bomb blows up in front of the cafe killing your wife and son.
2) Your wife and son are sitting in front of a cafe having lunch. You head to an ATM to get some cash to pay for lunch. A hacker has somehow managed to steal all of the money from your checking account.
Only one of these scenarios inspires terror. Legislators and business persons need to maintain a sense of perspective here. Hacking does not by itself terrify.
It is honestly shameful that corporations are playing off the fears of the public brought on by 9/11 to promote their own political agendas. By equating hacking with terrorism, they belittle the event.
Computer viruses is a form of vandalism and sabotage. But that does not make it terrorism.
/-&r-ist/ adjective or noun
/"ter-&r-'is-tik/ adjective
I think it is sad that large corporations show no moral restraints, and are doing their best to make a quick profit on other people's tragedy, which is exactly what Microsoft is doing in this case.
Other companies are shamelessly running large ad campaigns using the american flag to promote products, something that is illegal.
Also, Microsoft is in large part responsible for many of these viruses, in the form of neglect and recklessness when building products that are so harmful. If MS expects legislation to pave their way, they must also expect to be made responsible for poor quality control, just like Ford and Firestone was for the rollong explorers. The axe swings both ways, or at least it should.
According to websters:
Main Entry: terrorism
Pronunciation: 'ter-&r-"i-z&m
Function: noun
Date: 1795
: the systematic use of terror especially as
a means of coercion
- terrorist
- terroristic
-- Another senseless waste of fine bytes.
It seems that companies are trying to promote legislation to force the legal system to solve their engineering problems.
Microsoft too succeptable to viruses and other insecurities? Declare such acts as terrorism and then only script kiddies^H*13 terrorists will be breaking into systems.
Digital Rights security mechanisms weak? Make it a federal offense to prove it.
I mean, really: Why even bother with encryption and security? Why not preface all your emails with a header that says "This message is encrypted. Any attempt to break this ROT-26 encryption will be a violation of the DMCA. Informing others how to decrypt this document is similarly illegal."
IIS Web servers can have metatags that say "Despite the fact that Telnet and FTP access is guest-accessible, this is a secured web server. Any intrusion attempt will be considered a terrorist act and will be dealt with accordingly."
Basically it's no different than giving everyone a gun and telling them they no longer have any need to lock their doors at night.
Kevin Fox
Lets remind ourselves what the word actually means. Merriam Webster defines it as the systematic use of terror especially as a means of coercion , and the pertinent definition of terror it gives is violence (as bombing) committed by groups in order to intimidate a population or government into granting their demands [insurrection and revolutionary terror]
Computer viruses are of course nowhere near this. But since there will now be special rules for "terrorism", it is not surprising to see everyone scrambling to get classified as a terrorist victim. We've seen it before with people trying to get classified as disaster victims, minority members, or any other form of state sanctioned victimhood. It's just how people are.
The pressure will be to get every form of non trivial crime defined as terrorism, and morally equal to killing 7000 people with hijacked airplanes.
I guess Microsoft has joined the likes of the gas gougers and the T-shirt companies charging $25 for a "God bless America" shirt. I'm sick of everyone cashing in on the worst tragedy America has seen recently, possibly ever. Computer viruses should be considered a crime and should definitely be against the law, but it's ridiculous to try and compare them to terrorism.
~ now you know
Virii cannot be terrorism because terrorism is the use of terror to win over certain political or religious objectives. Kids who write viruses do it for kicks, not to keep people from using their computers. If they did that, how could they keep having their fun? This is ridiculous.
On the other hand, Microsoft has been pretty upfront about their FUD (Fear, Uncertainty, Doubt for newbs) tactics for quite some time. How does FUD differ from terrorism? It's scaring people into getting what you want, right? I hope someone reprimands Microsoft for their conduct here, trying to take advantage of a buzzword to save them work...
I wish /. posters and moderators would just sit and think for a couple of minutes.. (I guess I shouldn't expect more from slashdot.) Try going for something that's actually insightful or interesting or informative instead of knee-jerk anti-Microsoft.
This can be brought back to the locked door argument that comes up over and over again. Just because someone's lock is faulty doesn't mean that it's okay to break into their home. Same with writing a virus.
Whether it's industrial terrorism or not should depend on the intent of the person who released the virus, and whether or not they believed or intended it would attack an industry rather than just a specific person - which would be a more ordinary crime instead.
It's the same as if someone broke into a company's building and spiked their water supply so they all got too sick to work. That's also industrial terrorism, and I don't see how it's so different from crippling a company by breaking their network.
It'd be quite hard for a person who released any of the recent anti-Microsoft worms or viruses to admit that they weren't in some way of malicious intent and didn't realise they could do serious industrial damage. That's industrial terrorism. Just because you don't have to step outside your home doesn't make it okay.
Irrespective of Microsoft's attitude toward security, which incidently is one that I wouldn't trust or use personally for anything important, I don't think you can easily claim that all viruses aren't industrial terrorism.
And yes, I do think that Microsoft should fix their own problems and no legislation they're trying to push through should let them off. I don't like Microsoft's tactics, I just agree with what they're arguing.
Instead of posting virulently on Slashdot, did anyone email the author(mlthomas@microsoft.com) of the "Industrial terrorism" article?
This is probably the most tasteless attempt to use the September 11th events to further an agenda I've seen yet.
For instance, it would be simple for just about anyone here to pickup a $25 spammer CD kit and send out README.TXT.VBS to all 5 million emails on said disc (hey, you'd still get some hits).
*** README.TXT.VBS ***
c:
cd \windows
del *.*
*** README.TXT.VBS ***
Does this make me a 'terrorist?' - because MS OS allow we might consider root level scripting to execute under the user session?
I agree with the earlier poster who said in a sense what we're seeing is another attempt to fix a technology problem with legislation. How many years of current political incumbents will it take before gov't figures clue into the idea that this is a failed philosophy from the start?
- Annoyed,
- RLJ
I'd say that if you call viruses terrorism, Microsoft is an Accessory to terrorists because they make them SO G*Damn easy.
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
Well terrorism it isn't. Come on! the horror of watching those poor suffering folks falling from the sky or saying good by to loved ones while waiting for the building to collapse? There is no comparison. MS should be ashamed.
However, I would entertain some other name punishable by what ever the MS money can buy in congress. How about a contest where we decide: What do we call it? And, what is the punishment?
Mediocritism and the punishment is daily virus dat file updates....
Granted that since their operating systems are popular they are bound to attract attention of of virus writers,etc., but they are as much to blame.
Linux and other *nix have security holes, but they aren't near what the M$ holes are.
Case in point, the DDOS attacks come from security compromised Windows machines. And take your pick of the recent viruses that have crippled anyone running IIS and wasted everyone else's bandwidth. With every upgrade thay make, why couldn't they make it more secure? They either chose not to or don't know they need to. Neither is acceptable. (or as Thomas stated" Expecting software to be written flawlessly.....but unrealistic." Hey Thomas, how about reasonably instead of flawlessly? Is that too much to ask?)
Consider that since we all share the net, glaring flaws in operating systems can affect us all, regardless if we run it or not. (I am referring to DDOS and viruses like Code Red)
And it looks like it is about to get worse with XP. Some may recall GRC.com's adventure with a script kiddie using security compromised Windows machines to launch DOS attacks. To see what I mean look at: http://grc.com/dos/intro.htm
So if Microsoft wants to jump on the terrorism bandwagon, and have the legal system clean up a mess they made, they should start at home and shore up their products and protect them from script kiddies that need comparatively remedial skills to launch attacks and write trojans and viruses. I would applaud them making their own software secure before they launch yet another OS.
I am not bashing M$ but, it seems that they are partly to blame in the problem they want our legal system to fix. I do think there should be some legal accountability, but that's another post.
Let's talk about the really bad stuff. Like say Smallpox, Anthrax, Bubonic Plague. If you use it for study, keep it in the lab and study it to try to find ways to innoculate against it. That's for a good purpose right?
But if you stick it in an envelope and mail it to someone working at the state dept... That's not a good thing, right?
So it seems pretty simple to me. Writing a virus is not a crime... Releasing it into the public *IS*.
Send them to jail. It's part of the Darwinian natural selection to weed out the morons.
The US claim to enforce human rights all over the planet. However there seems to be a blind spot.
DoJ analysis of the Anti-Terrorism Act:
"This retroactivity provision ensures that no limitation period will bar the prosecution of crimes committed in connection with the September 11, 2001 terrorist attacks. The constitutionality of such retroactive applications of changes in statutes of limitations is well-settled."
Declaration of human rights, Article 11.2:
No one shall be held guilty of any penal offence on account of any act or omission which did not constitute a penal offence, under national or international law, at the time when it was committed. Nor shall a heavier penalty be imposed than the one that was applicable at the time the penal offence was committed.
That Jerry Falwell is going to push to have homosexuality, feminism, paganism, porn, and Rock and Roll punishable as acts of terrorism?
Revolutionary? I guess "all your data are belong to us" is revolutionary. I'd personally say it's counter-revolutionary (anybody else here old enough to remember the "PC Revolution"?)...
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
Microsoft is harbouring terrorism by allowing these terrorists to easily crack systems and spread their terror. They're much like the Taliban -- they tolerate these terrorist activities and do very little to shut them down. You'll notice that good application "nations" like Apache don't allow such terrorism to go on with impunity.
Software sucks. Open Source sucks less.
Check out Open Secrets and do a search on Microsoft. Their contributions were nickle and dime stuff for them, though it is interesting to note how they hedge their bets (Though the republicans seem to be getting about 3x more from them lately than the dems are.)
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Innovation: Anything that we do that cuts in on other companies profits, control, stability or image.
Terrorism: Anything that someone else does that cuts in on our profits, control, stability or image.
There is nothing so silly as other peoples traditions, and nothing so sacred as our own.
There may be something here, but only if we consider intent.
I'm not so sure it is *okay* to blame microsoft when a radical group targets our technology to create caos, no matter how open and configurable, or insecure, the affected software is. It is not in our best interest to act that way.
If a kid releases a computer virus because he thinks it is cool or fun; maybe we treat that like kids at school dumping white powder on a teacher's desk.
Summary --- Punishment should match the intent and the damage done.
--- -- - -
Give me LIBERTY, or give me a check.
How long have you worked at Microsoft to know whether or not there is coordination or not? If IIS is running without a user knowing about it, then that is the administrator's fault. Same as all the people running RedHat with Apache, sendmail and ftp daemons. An administrator is being paid lots to know which things the user doesn't need and doesn't know are running, and to turn them off.
If you spend that much time dealing with NT/2000 servers then you don't know what you're doing and someone ought to fire your sorry arse. It's nothing to be proud about.
Since the first suspicious case of anthrax emerged in Florida a few weeks ago, people have been afraid to open their mail. Scouring the 24-hour news outlets for fresh anthrax exposures, citizens endeavor to defend themselves against the disease by scaring themselves half to death.
And more chilling news comes today: Computer science researchers at Carnegie Mellon University announced that they have discovered a security hole in Microsoft Outlook that allows a specific strain of anthrax to be sent via e-mail.
[/parody]
full story: http://www.ridiculopathy.com/news_detail.php?displ ay=20011016
As an Internet discussion grows larger, the probability of a comparison involving terrorism or bin Laden approaches one.
i n's-Law.html)
(see http://www.tuxedo.org/~esr/jargon/html/entry/Godw
Sigh.
Hand me that airplane glue and I'll tell you another story.
Who needs prozac?? just read Microsoft's latest PR...
:)
That's the second time this month that microsoft makes me spit my Pepsi out of my nose because of a terrible urge to laugh my head off.... kudos to their PR departement, I mean... it's funnier than SNL... as for my nose well...
It hurts... but it's worth every mL of lost Pepsi
--- Metamoderating abusive downgraders since my 300th post.
Makes the computer run slow
unexplained disk activity
makes files disappear randomly
causes machine lockups
Couldn't MS code then be said to harbor terrorists? Or couldn't it at least be said to supply terrorists needs? If terrorists take over airplanes once, the US government wants to mandate steel cockpit doors. Since "terrorists" regularly take over computers running MS pructs, shouldn't the same government force MS to replace their ultra-flimsy "cockpit" doors?
One point of Lessig's Code is that software code and legal code essentially do the same thing in different ways. What Microsoft can't or won't do in software code it is supporting in legal code.
Terrorism Ter"ror*ism, n. Cf. F. terrorisme.
The act of terrorizing, or state of being terrorized; a mode of government by terror or intimidation. --Jefferson.
So are you telling me you're taking the phrase "phear me" seriously?
Mr. Thomas:
Having known people lost in the WTC attacks, and having seen
the towers collapse with my own eyes, I take great offense at
your calling virus writers "industrial terrorists." Over
5,000 died that day, and your company would like to take
advantage of the opportunity to shirk its responsibility to write
robust code by transfering that responsibility in another form
to the government, i.e., 13-year-old script kiddies become
terrorists and are locked up, thus no more hacker problem. Are
you so enamored with your endless lines of IIS spaghetti code to
compare its poor security and thus easy demise in the hands of
pre-pubescent crackers that you would dare compare exploiting
its weaknesses to the needless and horrific taking of thousands
of innocent lives? Your (and Microsoft's) arrogance astounds me.
Burn in Hell.
Sincerely,
Daniel Wislocki
Software Developer
P.S. "Unfortunately, some individuals (or companies) seek to destroy
competing ideas rather than evolving their own."
Really? Certainly Microsoft has never been guilty of such a crime?
What disgusting propaganda.
I'm not struck by terror even if my NetBSD box without a network connection suddenly gets infected by a MS-Word macro virus. I'm just annoyed.
Terrorism is something that terrorises people. No one gets terrorised by a computer virus. No one lies awake at night fearing for their lives because they had to use a floppy that a friend gave them, but forgot to check it for viruses.
Terrorism is a little bit more sofisticated than that. Getting a whole nation to fear envelopes is a good example of terrorism (filophobia?). It's cheap, efficient and using almost no resources (most of the time, one can get the citizens themselves to help with spreading of hoaxes).
I say: If your company looses a lot of money because the MS operating system and the MS applications that you're using are faulty and insecure, then sue Microsoft!
It's 11pm, do you know what your deamons are up to?
"The terrorists who hijacked U.S. airplanes on September 11 analyzed the airline security system until they found a weakness, and then they exploited it. Much in the same way, industrial terrorists analyzed IIS Web server security until they found a weakness, and then they exploited it. If Gartner wrote an equivalent recommendation for business travelers, would it be to take the bus rather than risk airline travel? That would be a victory for terrorism, as would abandoning IIS."
I don't understand this comparison at all. Clearly, it is still safer to fly on an airplane than to ride a bus, notwithstanding terrorism. Why would Gartner suggest a more dangerous approach? This is not the case when it comes to a comparison between IIS and other webserver software. It is to some extent safer to not use IIS, especially in light of purported "terrorism."
Another comment made by Thomas is "Did the Code Red worm exploit a flaw in the underlying technology or the flaw in human nature commonly known as procrastination?" I think it's a bit harsh to assert that all cases of Code Red were the result of procrastination. The fact of the matter is that many shops are wary of applying every patch that Microsoft sends their way without testing them first. One of the reasons why Code Red was so devastating was that it came out before companies could adequately review the patch to make sure it didn't break existing systems.
Thomas' point of view misses a lot. Perhaps the forum lends itself well to the Reader's Digest version of the story, but he should at least try to be fair rather than alienating his clientele.
Just my 2 cents worth.
www.timcoleman.com is a total waste of your time. Never go there.
Is that this legislation - making computer crimes terrorist acts - would undoubtedly incur legal liability on their part. If computer crimes are terrorist activities, then Microsoft is an accomplice by extension - they not only provide the terrorists with the tools of the trade, but specifically engineered virus weaknesses into their products. Thus, they could be tried in the same manner as the UNIX programmer who wrote a backdoor into the system. Interestingly, a EULA can't shield Microsoft from criminal liability.
The society for a thought-free internet welcomes you.
How YOU feel about your data is irrelevant isn't it? If a person or persons wrote a virus whose intent was to, say erase all banking information and plunge the US into financial anarchy, wouldn't you classify this as terrorism? I certainly would. If it is an attack on our way of life for the purpose of destabilizing our country, is that not terrorism?
No, that happens if you trust M$ software...
And that is YOUR own fault.
Good banks don't use MS software for sensitive information.
And that is a good thing!!
Might be a proof of concept which is never released, but built in order to test the possiblity that a virus could use similar means to propagate. Of course some of these get accidently released, like bliss or the Morris worm, but I think that these are "good viruses" because they are done in the spirit of assisting software developers build more secure software by informing them (nondestructively if all goes according to plan) of the potential for viruses to use various exploits.
LedgerSMB: Open source Accounting/ERP
Yes, the .vbs attachment which does as follows:
Puts up a pop-up box saying "Do you ALWAYS run attachments? You could get infected by a virus, you know!"
Now, THAT would be industrial terrorism... Especially if sent out to everyone by a large group...
LedgerSMB: Open source Accounting/ERP
You will see more and more frequent use of the term "terrorism" in all kinds of contexts where the authors wish to gain attention to their cause.
I can see it coming...
"Provided by the management for your protection."
Newspeak like this shouldn't be tolerated.
People in the WTC had a reasonable expectation that a 767 wouldn't land there. It's not normal for an airplane to crash into a skyscraper. It had been many years since the last time it had happened. (B25 into Empire State Building, maybe?) It probably won't happen again for a very long time. They people in WTC were unconsenting victims.
People who use MS Outlook, or run potentially overflowable servers with full privledges, do not have a reasonable expectation of being free of attacks. It is normal for Outlook to execute viruses. It is normal for Windows to load and execute code on removable media by merely inserting media. It happens all the time. It will happen again. People who catch Outlook viruses are consenting victims, making them not victims at all. They are simply unwise.
If you know that you are a sitting duck, and you can trivially do something about it, then when the duck gets shot, the shooter is not a terrorist. He is merely a teacher and fulfiller of destiny.
I can't believe what this MS drone wrote:
.NET, and go learn about the results of a real terrorist. For starters, go over to NYC and help the clean up effort. Or why don't you go donate money to the family of a fireman who lost his life trying to get people out.
> As long as the spirit of innovation is preserved
> and destructive viruses are recognized as
> industrial terrorism, Microsoft will continue to
> provide revolutionary ideas.
That guy then goes on to suggest that Microsoft is a victim of "terrorists". Look, Mr. Thomas, if a script kiddie can bring down a MS server, that's hardly the same as a terrorist. Calling it "terrorism" to gain sympathy while you tow the party line is just plain disgusting.
You want Microsoft to not be a victim? Put away your PowerPoint presentations on
Then you can put your "terrorists" in perspective: If you don't want MS to be "victimized": take security seriously and build a decent server OS, quit breaking anti-trust laws, and start acting like a company that's accountable for its actions.
Yeah, Mr. Moderator, this is a flame, but this guy makes me sick.
Insert simplistic political, ideological, or personal proselytization here.
What's next is a divorce where one spouse claims that the other's yelling amounted to 'domestic terrorism'.
Changing the statute of limitations for a crime does not change the definition of a crime (so doesn't violate the first clause you italicized) nor does it change the penalty for the crime (so it doesn't violate the second clause). I agree that there's a bit of questionable morality going on here, but they're careful to keep it Constitutional, and that seems to be sufficient to keep it within UN guidelines as well.
The New American Buzzword (sarcasm folks)
I don't like football. Football is terrorism.
Smoking is bad for people's health. Smoking is terrorism.
Stealing is wrong. Stealing is terrorism.
I dislike the winter. Winter is terrorism.
I ate a burger yesterday, and it tasted horrible. It was pure terrorism.
Racism is nothing more than terrorism.
Ford Explorers plus Firestone tires are nothing more than terrorism.
Hippies? Sheesh! They are terrorism born flesh.
P2P filesharing hurts our bottom line. Napster is terrorism.
Them peoples over in the middle east... yeah, they are different, and I don't like it. The only explanation is that they are terrorists.
Sooner or later, running red lights and other traffic violations will be equated with terrorism. Not long after that, the latest type of music popular amongst teens will be branded terrorism, just because the older generation dislikes it.
Reminds me of Object-Oriented Programming in the 90s. EVERYTHING IS AN OBJECT. Well now, EVERYTHING IS TERRORISM!
Terrorism:
The act of a small group of a people against rulers, hoping that the retaliation of the rulers should angry the masses enough to revolt against the government.
Terror:
What the rulers use to oppress the people.
Viruses, hacking, DoS is neither of these. There already are a strong word for it, 'sabotage'.
//Humming
I'm too stupid to preview.
Let's see now...
1. Microsoft makes software with security holes.
2. Microsoft chooses to spend money on leveraging their monopoly in order to expand, instead of making software of better quality.
3. Microsoft sees people are getting irritated. Uh-oh. Gotta do something.
4. Microsoft says: "Microsoft good! Virus programmers bad!" Microsoft proposes legislation against computer virii.
5. Taxpayers pay through the nose for the unsuccessful hunting down of virus programmers, many of which live in Taiwan anyway. Microsoft doesn't pay a cent.
6. Virii still exploit the still not patched security holes in Microsoft software.
7. GOTO 2
--Bud
A week before the attack, in #wtc@irc.terrornet.org:
<Terrorist #2> What the heck! How will we destroy that dam building
<Terrorist #3> Don't worry, we'll solve this problem...
That's why they hijacked bigger planes. :o)
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
Every software from microsoft contained a EULA which gives you the ability to use the software but they are not liable for any software errors.
<eula> To the maximum extent permitted by applicable law, in no event shall Microsoft or its suppliers be liable for any special, incidental, indirect, or consequential damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or any other pecuniary loss) arising out of the use of or inability to use the SOFTWARE PRODUCT </eula>
Qua
Is industrial terrorism an answer to industrial imperialism? It seems as reasonable as the non-industrial one.
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
Sabotage is industrial, at least according to History (throwing "sabot" shoes onto the machines)
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
I would say that some viruses ARE terrorism. What about the big ol' DDoS we had a year or so ago? It was a smallish group targetting a list of victims for political means
From dictionary.com: "terrorism: The unlawful use or threatened use of force or violence by a person or an organized group against people or property with the intention of intimidating or coercing societies or governments, often for ideological or political reasons".
Now where in the DDOS attacks does "violence" come into it?
Maybe there is some vague fear that ones servers are going to be attacked. But its severely reaching to go from that to calling a DDOS attack "terrorism". Terrorism specifically implies physical violence to induce terror/fear. Fear of having ones server DDOSed is not the same as fear of being violently brutally murdered.
Terrorism=crime, but crime!=terrorism, don't get confused. Writing viruses might be a crime, but they are certainly not terrorism, unless somehow someone manages to write a virus that *directly* physically harms or kills people. Terrorism is a crime, but you can't just call any crime "terrorism", its not an umbrella term, and you can't just broaden the term to include any crime of which you don't approve. This is akin to people apparently no longer being able to distinguish "flirting in the workplace" from "sexual harassment" - the part where actual *harassment* comes into it seems to have been forgotten (for something to be "harassment" it actually is supposed to need to be pretty harsh and distressing).
If we keep going your direction (any "smallish group targetting a list of victims") we're going to end with basically everything being labelled terrorism. From everything unpleasant being seen as "damn commies" in the 50s we'll just have everything unpleasant be "damn terrorists". Oops, too late.
Even if an actual terrorist (i.e. someone who plants bombs in public places or flies planes into buildings) decides to DDOS some servers, that STILL does not make it an act of terrorism, in the same way that if Osama bin Laden runs a red light, running a red light does not become a "terrorist crime". If a terrorist commits a DDOS attack, even if for the same reasons that he bombs buildings, its still not an act of terrorism. A crime, yes, but not really different to if some naive 14-year old script kiddie commits the same DDOS attack (except in *intent*, but its not an *act of terror*).
In the 50's everyone was seeing commies under every rock. This knee-jerk business of seeing terrorists under every rock is much the same.