Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Calls Viruses "Industrial Terrorism"

Posted by ryuzaki0 on from the emotional-appeal dept.

evenprime writes: "John Ashcroft wants congress to declare computer crimes to be terrorism, and now it looks like microsoft is trying to jump on the bandwagon. In a recent column discussing microsoft's new STPP security program, microsoft's Michael Lane Thomas stated that destructive viruses should be recognized as acts of 'industrial terrorism.' Sounds like microsoft's future security plans may depend more on legislation than on code audits."

19 of 473 comments (clear)

  1. Naturally by drinkypoo · · Score: 5, Interesting

    If you call it a virus, then you have to deal with it yourself. Microsoft has repeatedly shown an inability to handle such things. If you call it terrorism, it's the government's responsibility.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    1. Re:Naturally by dillon_rinker · · Score: 5, Insightful

      Who was responsible for security on their ariplanes? The airlines. Who skimped on security because it was too expensive? The airlines. Who lobbied Congress to prevent governmental mandates that would have required greater security? The airlines.

      In case you hadn't noticed, they have already laid of several thousand people - tens of thousands, actually. In a capitalistic economy, if you can't find enough customers, your business goes under.

      I believe that the airlines negligently contributed to the tragedies of 9/11. They didn't pull the trigger, so to speak, but they left a loaded gun where the bad guys could find it.

      In the same vein, Microsoft is guilty of negligence in the design of their OS and applications. They have created products whose purpose is to be connected to the National Information Infrastructure. They have cut costs, in part, by ignoring security issues.

  2. Good for Goose... by BrK · · Score: 5, Funny

    If that is the case, then Microsoft's total lack of security, and lack of timely response to reported security holes should be regarded as "harboring a terrorist".

    If we're going to make virus' a terrorist crime, then we need to follow through all the way.

    --
    -This sig intentionally left blank
    1. Re:Good for Goose... by BrK · · Score: 5, Insightful

      In most Microsoft EULAs, it states you can't give the software to nations or individuals involved in making atomic, bacteriological, or chemical weapons.

      Do they mean *besides* the US?

      --
      -This sig intentionally left blank
  3. What Utter Bombast by ewhac · · Score: 5, Funny

    So now, in addition to "industrial espionage" (which has somehow entered the common lexicon), we will have "industrial terrorism?" What's next? Industrial Treason? Industrial Murder? Disturbing the Industrial Peace?

    Schwab

    --
    Editor, A1-AAA AmeriCaptions
  4. Can you imagine... by Dr+Caleb · · Score: 5, Funny
    From the article: "Windows Update Auto Update security hot fixes for businesses...."

    Early afternoon. Your 20+ IIS boxen automatically get the newest hot fix..and all reboot at the same time!

    Not that would be anything out of the ordinary...

    --
    "History doesn't repeat itself, but it does rhyme." Mark Twain
  5. ANTI-TERRORISM BILLS VS. Computer Crime by mr_don't · · Score: 5, Insightful

    Patriot ACT, USA ACT, ATA:

    I know everyone has read and knows something about these bills, but here is a break down of what they mean in terms of things like computer crime and vandalism...

    (a) Our Constitution gaurantees "due process" to all PERSONS, not all CITIZENS, meaning that immigrants may also enjoy these rights. However, under these acts, immigrants can be held on suspiscion of potential crime (ridiculous!). The Senate Bill allows for indefinite jail time without due process...

    (b) These new laws broaden the definition of Terrorism to include things that include vandilism, computer crime, and (un)civil disobedience. There already exist laws that broadly define terrorism, and flying planes into buildings filled with thousands of innocent people meets those requirements. Marching in a demonstration is not terrorism, throwing a brick through a starbucks window is vandalism and property damage not terrorism, and hacking a website is not terrorism, (it is vandalism!). Also, under terrorism laws, people who harbor terrorists, or give terrorists advice can also be tried as terrorists! If you stay on my couch and then throw a brick at starbucks the next day, I am a terrorist. If I post a security weakness in Microsoft web servers on my website to warn people, and some kid uses the info to hack into someone's site, I am a terrorist!

    (c) The laws give the FBI new powers to wiretap and read emails without a warrant. They can also read e-mails and URLS. If I want to read news about Bombs and Terrorists on google, and I type in "Bombs" and "Terrorists" into the field, that is all the FBI needs to suspect me of crime and set up a phone tap or a Carnivore search on me. The FBI is supposed to only be able to know where an email comes from and where it is going. They are supposed to only read the "To:" and "From:" fields of the e-mails, but how can you look at the header of an e-mail and not happen to glance at the "Subject:" line? Basically, that is what is happening in these laws and with Carnivore. ISP's have to install it on their servers. It is like a black box, no one can monitor what the FBI is doing or reading!

    THESE LAWS ARE UNECESSARY FOR COMBATING TERRORISM! CURRENT LAWS ARE SUFFICIENT! WHY IS THE FBI, CIA, AND JUSTICE DEPARTMENT DOING THIS?

    Resources:

  6. virus by networkmonkey · · Score: 4, Funny

    DEAR RECEIVER,

    You have just received a Taliban virus. Since we are not so
    technologically advanced in Afghanistan, this is a MANUAL virus.

    Please delete all the files on your hard disk yourself and send this
    mail to everyone you know.

    Thank you very much for helping me.

    Abdulla
    Talibanian hacker

    1. Re:virus by canning · · Score: 4, Funny
      Somebody's got to find a fix for this one. I've deleted everything from my hard drive twice this week already and my friends are getting really pissed off.

      --
      I love the smell of Karma in the morning
  7. Terrorism by cluge · · Score: 5, Interesting
    Usually terrorists have some political goal. Even Anarchists have a goal. What exactly is the political motivation for l33t h@x0r from albania that wrote nimda?


    Oh yeah, piss Bill Gates off and get more boxes to DOS yahoo with. Damn silly of me not to see this political movement. I wonder do they have a PAC (political action comity) yet?

    --
    "Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
  8. Passing the buck? by Lxy · · Score: 4, Insightful

    Teenage script kiddie finds gaping hole in Outlook. SK writes virus to exploit it. Microsoft blames the government for not stopping it.

    Microsoft is starting to get scared of this "System Admin or Microsoft?" blame game so they figure if they add the Government into it, there's only a 1 in 3 chance that they're liable. They just need another way to avoid the accusations that their software is insecure. The next Nimda/Code Red/Melissa/whatever attack Microsoft can sit back and yell at the government for not stopping it, rather than take the responsibility of patching their software.

    --

    There is no reasonable defense against an idiot with an agenda
    :wq
  9. Re:And why not? by Hard_Code · · Score: 5, Insightful

    You're going to leave it up to the *politicians* to discriminate between white hat and black hat, good and bad viruses? Thanks but no thanks, I'd rather have no legislation at all, and us techies can sort it out. Once you let politicians into the mix, all of a sudden campaign donators are the ones consistently making "good" viruses, while political enemies are the ones making "bad" viruses.

    --

    It's 10 PM. Do you know if you're un-American?
  10. There's a spectrum here... by BillyGoatThree · · Score: 5, Interesting

    I would say that some viruses ARE terrorism. What about the big ol' DDoS we had a year or so ago? It was a smallish group targetting a list of victims for political means. Sounds like terrorism to me.

    And can we really blame the architects of the WTC for not making the building plane-proof? No, I think they performed "reasonably" well.

    So, hypothetically, if a software company took reasonable precautions and had a good record concerning quality and THEN had their software hit by a non-obvious virus I have no problem with the label of terrorism or the use of legislation.

    What'd be really sweet is to turn this back on Microsoft. Get the congress-critters to define "reasonable precautions" and "non-obvious virus" and then only afford protection to MS if they clean up their act (i.e. fix Outlook, IIS and the macro system at the very least).

    --
    324006
    1. Re:There's a spectrum here... by Phrogz · · Score: 4, Interesting
      And can we really blame the architects of the WTC for not making the building plane-proof? No, I think they performed "reasonably" well.

      Actually (my wife is an architect) the buildings WERE designed to be plane-proof...as long as the plane was a 707 or smaller and not loaded with as much fuel as the 9/11 planes were. Here's a story where the architect is quoted. You just have to set limits somewhere (as is your point) as to how far you can go. You obviously can't design the building to withstand the equivalent of a kiloton of TNT...I mean, sure you could, but it simply wouldn't be practical.

  11. Airlines vs. Buses by devnullkac · · Score: 5, Insightful


    Michael Lane Thomas write in his article:


    Following Gartner's recommendation to seek alternatives to IIS only accomplishes what the industrial terrorists want. The terrorists who hijacked U.S. airplanes on September 11 analyzed the airline security system until they found a weakness, and then they exploited it. Much in the same way, industrial terrorists analyzed IIS Web server security until they found a weakness, and then they exploited it. If Gartner wrote an equivalent recommendation for business travelers, would it be to take the bus rather than risk airline travel? That would be a victory for terrorism, as would abandoning IIS.

    Give me a break. The implication that IIS is a jet plane while Apache is a bus is just a little over the top. How about a better analogy: ABC Airlines and XYZ Airlines each have their own security philosophies and implementations (not true, but the airline industry isn't exactly like the web server market, after all). Terrorists analyzed and subverted ABC's security methods, but were unable to subvert XYZ's. Gartner recommends fliers switch to XYZ until ABC gets its act together.


    Is this a victory for terrorists?


    --

    --
    What do you mean they cut the power? How can they cut the power, man? They're animals!
  12. Wrong Buzzword by FortKnox · · Score: 5, Interesting

    Yes, Virii writers and script kiddies should be punished, but "Terrorists"??

    New virus comes out. You know it can happen to you. Do you fear for your life so as not to turn on the computer????

    Terrorism is starting to become a buzzword, but it is a state of combat (a step below guerilla warfare) where you have the finances and a small group of men to do some small damages, but not enough to do "hit and run tactics" (guerilla warfare).

    How about using another word and lay off the terrorism?

    --
    Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
  13. Complete perspective failure... by Rothfuss · · Score: 5, Insightful

    Consider these two scenarios:

    1) Your wife and son are sitting in front of a cafe having lunch. You head to an ATM to get some cash to pay for lunch. A car bomb blows up in front of the cafe killing your wife and son.

    2) Your wife and son are sitting in front of a cafe having lunch. You head to an ATM to get some cash to pay for lunch. A hacker has somehow managed to steal all of the money from your checking account.

    Only one of these scenarios inspires terror. Legislators and business persons need to maintain a sense of perspective here. Hacking does not by itself terrify.

    It is honestly shameful that corporations are playing off the fears of the public brought on by 9/11 to promote their own political agendas. By equating hacking with terrorism, they belittle the event.

  14. Human rights, anyone? by jeti · · Score: 4, Insightful

    The US claim to enforce human rights all over the planet. However there seems to be a blind spot.

    DoJ analysis of the Anti-Terrorism Act:
    "This retroactivity provision ensures that no limitation period will bar the prosecution of crimes committed in connection with the September 11, 2001 terrorist attacks. The constitutionality of such retroactive applications of changes in statutes of limitations is well-settled."

    Declaration of human rights, Article 11.2:
    No one shall be held guilty of any penal offence on account of any act or omission which did not constitute a penal offence, under national or international law, at the time when it was committed. Nor shall a heavier penalty be imposed than the one that was applicable at the time the penal offence was committed.

  15. Harboring Terrorists by Merk · · Score: 4, Interesting

    Couldn't MS code then be said to harbor terrorists? Or couldn't it at least be said to supply terrorists needs? If terrorists take over airplanes once, the US government wants to mandate steel cockpit doors. Since "terrorists" regularly take over computers running MS pructs, shouldn't the same government force MS to replace their ultra-flimsy "cockpit" doors?