Slashdot Mirror

← Back to Stories (view on slashdot.org)

Should Virus Distribution be Illegal?

Posted by michael on from the do-it-for-the-children dept.

mccormi writes "In a guest editorial on Newarchitect Sarah Gordon looks at whether posting malicious code should be allowed and what steps could be taken to stop it. What's worrisome though is that restrictions on malicious code doesn't take into account who it's malicious against and what truly defines malicious." Note that she's not talking about actually infecting computers, but merely making the code available for others to examine (and for some of them, no doubt, to try to spread in the wild).

12 of 405 comments (clear)

  1. is spyware viral? by hobbitsage · · Score: 3, Interesting

    would spyware be included in the categorization? It could be argued that it is viral in intent if not propigation.

  2. Sounds like a broadened DMCA... by Demon-Xanth · · Score: 3, Interesting

    The DMCA had the intentions of eliminating piracy, however it ended up being used to fight battles that never should have been fought. If MS releases an OS with a known backdoor, does that count as malicious? If someone makes a program that utilizes this backdoor in a way that MS did not intend (regardless of in a good way or bad way), can MS claim this as malicious? Would NTFSDOS be considered malicious since it bypasses NTFS's protection?

    This is one of those issues where a law cannot be both effective and fair. And possibly not either.

    --
    If you think education is expensive, you should try ignorance -- Derek Bok, president of Harvard
  3. I like the scientific analogy by Dephex+Twin · · Score: 3, Interesting

    I like the idea of thinking about biological and computer viruses in the same way.

    Researching biological viruses is legal, although people could attempt to spread said viruses maliciously. Those who deal with lethal viruses and diseases often can't just make samples and research easily accessible to anyone, even anonymous people. Why should virus "researchers" be able to do what is essentially the same thing?

    Free speech is good, research is good... but so are ethics and responsibility.

    mark

    --

    If you want to make an apple pie from scratch, you must first create the universe. -- Carl Sagan
    1. Re:I like the scientific analogy by dillon_rinker · · Score: 4, Interesting

      I feel fine letting Symantec et al worry about studying viruses.
      I feel fine letting Sun worry about Java.
      I feel fine letting Microsoft worry about computer security.
      I feel fine letting the LAPD internal affairs department worry about police corruption.
      I feel fine letting the military worry about war.

      In general, I feel fine about letting the fox worry about the henhouse.

    2. Re:I like the scientific analogy by jedidiah · · Score: 3, Interesting

      MORON.

      The US has a "slippery slope" legal system.

      I don't care what your high school english told you about rhetoric, when speaking of law a "slippery slope" argument is perfectly acceptable. It reflects the way that the system ACTUALLY WORKS.

      ...and good luck TRYING to hold Symantec accountable.

      --
      A Pirate and a Puritan look the same on a balance sheet.
  4. Re:Hmm. by Slynkie · · Score: 5, Interesting

    Ugh.

    Code is -art-.

    When I was but a wee hacker, I used to LOVE reading virus source code. I would download all I could find (granted, at the time, it was from BBS', or sneaker-net), and let me tell ya, I learned much more from those virus' than I ever learned in any mainstream assembler class I've taken.

    And no, I -never- used the code for malicious purposes. It was just amazingly interesting to me.

    To make it illegal to write ANY type of code is just insane; and if you distribute it without disguising it as something else, what's the real problem??

  5. What if its intent was not to be malicous? by CMiYC · · Score: 3, Interesting

    Although not directly related to the article, I did get an idea. Some may say this is slightly off-topic, but we'll see. I've picked "test equipment" because I want a reputable source. Meaning, this scenario would be a honest accident.

    Okay so I write some code for a piece of test equipment. Let's just pick an example situation. I don't want to argue if this is a good or bad idea, but say I did it anyway. Every once in a while the machine checks to see if it is slipping its calibration. If it is, it contacts some server to say "hey look at me." Then the server responds and says "yeah I see you." Well with my expansive programming skills I accidentally code a bug. Let's say instead of contacting the intended target, I just start contacting anything I can find. Well another analyzer sees my cries for help and starts yelling too. See where I am going?

    The code was never intended to broadcast huge amounts of useless traffic. It happened by accident. I picked this haphazard example to be similar to Code Red. The machines are basically messaging, like mad, between each other. So does this mean my company or I should have charged (civil or criminal) against us? I say no, but I'm sure a lawyer would scream yes.

    1. Re:What if its intent was not to be malicous? by Stonehand · · Score: 3, Interesting

      The "Oops, we didn't MEAN to do that" defense is not particularly strong in product liability cases if you're being accused of negligence. It may mean that the penalty is less than that of deliberate malfeasance (e.g. a potentially lethal safety defect in a car will probably result in a far greater penalty if the manufacturer decided that it was cheaper to settle lawsuits than to fix it), but it won't absolve you.

      --
      Only the dead have seen the end of war.
  6. obfuscated code by psyclone · · Score: 3, Interesting

    just like this contest has been promoting for years, obfuscated code may "fool" any automated tool that would somehow parse various languages. Virus writers already display some talent -- this would just encourage them to be more creative with the source.

  7. viruses are good for computers.... by supernova87a · · Score: 5, Interesting

    If you think about it in the biological sense, from a purely result-oriented perspective, one might make the argument that viruses are good for computers. The justification is that viruses force people to make their code more robust, and less vulnerable to attack.

    I think I subscribe to this to some extent. If we had no viruses, and didn't know what havoc they could play with our system, we'd be completely unprepared for any such trouble in our systems -- whether maliciously, or because someone's code happened to go wrong.

    I don't think that you can place restrictions on what people write or do not write. I feel it's still the obligation of the system user to protect him/herself against problems and to be vigilant. It keeps us all in practice, and makes us more ready for whatever is out there, no?

  8. good for Symantec, bad for everyone else by dmoen · · Score: 3, Interesting
    Sarah is a security researcher for Symantec. She doesn't need to rely on public sources to get information about the latest exploits, because Symantec has a huge market share and lots of customers: Symantec can get this information directly from their customers and other contacts.

    Security researchers who don't work for dominant companies like Symantec aren't in such a sweet position, and rely on public forums to learn about exploits. And it's not enough to be told "there is a new virus that attacks X", with the details held secret (eg, known only by Microsoft, Symantec and a few other giants). Security researchers need precise details of how the exploit works, and they need to see the virus code itself in order to write code for detecting that virus signature, or to protect against certain aspects of its behaviour.

    Sarah's proposal is just a way to shut down the competition by criminalizing the only way that independent researchers have for getting information.

    Doug Moen

    --
    I have written a truly remarkable program which this sig is too small to contain.
  9. Forms of speech describing illegal action by jridley · · Score: 4, Interesting

    Code for a virus is no different than certain Stephen King books. Both can describe illegal action. Nobody is claiming that Stephen King did anything illegal, nor is it illegal for people to buy and read his books. It's illegal to try to do some of the things he describes, in sometimes tiny detail, exactly how to do.