Slashdot Mirror
McAfee Manufactures Virus Threat
The latest "news" to come out of the AV industry is New Virus Infects Picture Files. McAfee put up their description and made sure to issue a wide-spread press release to stir up some interest. McAfee's spokesdrone fans the flames:
- "Potentially no file type could be safe."
That evolution should make computer users think twice about sending pictures or any other media over the Internet, Gullotto said.
"Going forward, we may have to rethink about distributing JPGs."
Now, if you know much about computing, you may be a little suspicious of this. JPEGs are compressed image files that only contain data representing an image to be displayed, not code to be executed. A modification of that data might screw up the picture of your cat dangling from the edge of the kitchen table you like so much, but it won't turn the image into a potential virus transmitter, because the programs that display JPEGs don't read them with an eye toward executing the code. An image file is just data to be displayed. The line between "data" and "code" is a little bit fuzzy - often particular characters or a particular file can be both data and code, depending on the context of how other code handles it. Or a particular file can include both data and code separately, like a Microsoft Word file that includes data (your text) and code (some macro designed to be executed by Word when the document is opened).
But for JPEGs there's a well-designed standard, and it doesn't include executing code of any sort. If a JPEG-handling program doesn't like the data it sees, it should just stop trying to display the image, not decide to start executing code from the image. JPEGs are mostly harmless.
McAfee's claim of a virus spread through JPEGs requires one essential element: you have to have already been infected by ANOTHER virus transmitted by some actual executable code. What it comes down to is:
Once you're infected with a virus, the virus can set you up to be infected by other viruses.
No shit, Sherlock. Once you have enemy code running on your system, you're toast. A virus could alter Microsoft Word so that opening any Word document at all would erase every file on your hard drive, making every single Word document in existence a deadly threat -- to you, and to you alone. But this isn't a new virus threat of any sort. It isn't a breakthrough. It's a consequence of being infected, not a new method of being infected.
Two weeks ago, we ran a story about a cross-platform virus. Like this one, it didn't really exist in the wild. Like this one, it was mainly a PR ploy (by Symantec, in that case). But we thought it had at least some minimal technical interest as a bit of code that would run under Windows or Linux.
McAfee and Symantec (and all the other AV vendors out there) are waging a PR war to "discover" ever more news-worthy viruses to defend against. To get maximum coverage, your new virus needs to do something unique or different -- make your computer turn green, or infect something previously uninfectable, or whatever it might be. Compare this to Klez, a very basic virus similar in most ways to viruses that have gone before, which is still out there looting and pillaging tens of thousands of computers every day, but isn't ideal for AV vendors because they don't have a monopoly on the cure.
The press is catching on, to some tiny extent at least, that most virus alerts are fictitious and just designed to drum up business for the vendors. But it's far easier to repurpose a vendor's press release and call it a story than to dig into real threats that exist on the Internet, and the causes of those threats. Today, like last year and the year before and five years ago, there are major email-borne virus threats out there. (There are still old-school viruses out there too, transmitted by sneaker-net or by downloading suspicious software, but email is clearly the way to go for the discriminating virus creator.) All the real email virus threats share a few distinguishing characteristics:
- They only affect Microsoft Windows. If you aren't running Windows, you are safe.
- They're usually transmitted by email. If you know enough on your own, or you've had a half-hour class in "Email 101", you should be able to avoid executing random files received by email.
- They auto-execute in Microsoft Outlook or Outlook Express. Microsoft has finally made some progress, after many years, in reducing the vulnerability of their flagship email programs. So if you have a recent or fully-updated version of these programs, you may not be as vulnerable as people running older versions. Nevertheless, this was (and still is, since so many people don't have recent or fully-updated versions) a primary vector.
And that's really it. If you don't run Windows, you're safe. If you have basic email skills, you're safe. If you don't run Outlook, you're safe. That's the story of modern viruses, and fortunately or un-, it's a pretty boring one.
McAfee, and Symantec, and everyone else involved in the anti-virus FUD business: lay off. I mean that literally, as in, "Lay off the people you employ for the purpose of drumming up new virus threats." Lay off the public relations people you employ to say things like, "We may have to rethink about distributing JPGs." Lay off the BS. There's a real market for your product, people who (for whatever reason) are using Windows and/or Outlook, and haven't received the half-hour training course necessary to avoid viruses. You can market to them based on your fast responses to real virus threats - you don't need to manufacture any more.
I use AVG from Grisoft and just updated the signature file. I am SOOooo glad I use a freeware/shareware product that keeps up with REAL virus and not marketing. As they say here in the U.S. "There ought to be a law..."
"If you are on fire you can just stop, drop, and roll. If you fall into Lava you are just dead." - my 5yr old daughter
Against misinformation the public via the news channels? I understand they want business, but using FUD techniques will only backfire and cause major distrust among the public.
Would you want to use a product from an entity you don't quite trust?
I am the evil aardvark!
It's pretty simple to stay safe, and I have repeated this many many times to customers when I worked at an ISP. If you are using Windows or Outlook, do not open an attachment if you don't know what it is. It's very simple. I don't care if it says "This is very important, Bob and you must open this now." Unless you know specifically what it is and you were expecting it, don't open it. There is no need to, and you aren't going to miss out on much.
Of course, in the case of stupid users, there are some steps you can take on the server side to filter some viruses, but it's not perfect. In the end, patch Outlook, and educate your users. You could probably pretty easily drop any potentially executable attachments before they even got to Outlook (which drops many of them on its own).
What?
They only affect Microsoft Windows. If you aren't running Windows, you are safe...
No you are not. Its not what fscking OS you are running, it about what OS and applications are running on the system to which you gave your credit card number and your SSN. Its about what OS your company runs to store the employee databases. You can hide your head in sand and pretend that you are safe ofcourse..
I'm running Windows and Outlook, and I haven't been infected with a virus yet. It's just common sense... "MY WIFE NUDE.JPG.exe" probably isn't something I want to open. The real anti-virus software is common sense, but there don't seem to be many available copies out there. :-/
say an attacker knows you use a certain program to view JPEGs, or other data/multimedia files. This attacker knows that certain program contains a buffer overflow, and how to exploit it. The attacker can assemble a specially formed file that exploits the overflow and opens a backdoor on your machine, granting himself some level of access to your computer (most likely user level access). Combined with knowledge of a local root hole, the attacker now has root access to your machine (ie, he 0wns j00). The attacker delivers this specially formed file to you in some manner (email, webpage, etc).
Suddenly, this "data" file is now containing a virus, isnt it?
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
There was a Charlie Chaplin movie, silent, made in 1926? that was about a glazier(Charlie) who needed to drum up some business, so he employed a small boy to run around town, breaking windows. The victims of this nefarious window breaking were then offered "discounts" if they purchased charlies services. Odd, how history seems to repeat itself....
Stupid Humans.....
Intelligence is my anti-virus. I have been running Windows for a long time now, and have never been infected with a virus. Why? Because I am careful about what I allow to run on my computer. Linux or Windows, it doesn't matter. If you don't have some common sense, you are going to get burned.
The world moves for love. It kneels before it in awe.
Just because an image file consists of data, if a poorly designed decoder has been written, then if the data is corrupted, you could end up spewing data over stack or even main memory.
If you had some control over what data is written, then you could get the decoder to write out what amounts to a virus, and then get the decoder to execute it (by trashing the stack).
I won't use JPEG as an example, but some lossless compression, such as GIF. Instead of having the image compressed, you could have your program compressed. Decompressing the data would effectively copy the code into some memory location. The difficult bit would be getting the decoder to actually execute it.
Don't forget that such a virus doesn't actually need to spread itself in images; it could be a simple bootstrap loader in the images that downloads a larger virus with its own payloads.
If you aren't running Windows, you are safe
If you don't run Outlook, you're safe
Ironic seeing as the author is blasting the AV companies for using the news to push propaganda.
Should almost all home users use another email client or OS I am sure that virus writers would target that, probably with similar results.
One statement of yours needs modification:
They only affect Microsoft Windows. If you aren't running Windows, you are safe.
There have been macro viruses which have inadvertently worked on the Mac versions of Word and Excel. I would correct the statement to:
They only affect Microsoft products, primarily Windows. If you aren't running Windows, you are almost entirely safe.
Now, if you know much about computing, you may be a little suspicious of this. JPEGs are compressed image files that only contain data representing an image to be displayed, not code to be executed. A modification of that data might screw up the picture of your cat dangling from the edge of the kitchen table you like so much, but it won't turn the image into a potential virus transmitter, because the programs that display JPEGs don't read them with an eye toward executing the code
.exe files. In windows 98/2k you can be infected simply by clicking on a file once (because of the little preview window thing). Holes in Word, outlook, IE, IIS, and even windows explorer have made things completely ridiculous.
No, and HTML readers don't download HTML with an expectation to run the code natively, but it can happen thanks to bugs in IE.
Just like Outlook, the program you deride for its ubiquity, a huge, huge number of jpegs are viewed through the Microsoft libraries. If a hole was discovered in that library, it could be used as a vector for viruses.
The truth of the matter is that if you run windows, there is a real risk of getting a virus from things other then just running
Also, Your list of things not to do to catch a virus reminds me like avoiding pregnancy via the 'pull out' method. Sure it might improve your chances, but it won't 'protect' you in any real sense.
I don't think viruses on Linux have any real future, due to the fact that the most obvious holes would get fixed quickly, but if you run windows you really should get some Anti virus software.
autopr0n is like, down and stuff.
It's been more-or-less common knowledge that McAfee has done this since the Michelangelo scare in 1993.
I recommend going to vmyths.com to read their "rantings" section.
Let me predict that about 50% of the replies in this thread will consist of arguments like "Well even if we did get rid of MSFT products we'd still have a virus problem: look at staoG or Bliss or Ramen or the '88 Internet worm."
Those replies are guilty of a flaw called The Excluded Middle where one argues that a situation that in reality has a spectrum of situations only has the 2 extreme cases. In this case the replies will say that even Linux has viruses and worms (true and probably inescapable for a Turing-complete computer) so doing away with the source of 99.44% of viruses and worms won't solve the problem.
Of course this is crap. I'm still getting hits from Code Red I v2 nearly 10 months after it was released. When was the last time you got a sadmind/IIS hit? The problem isn't to eliminate 100% of all worms chainmails and viruses the problem is to keep worms chainmails and viruses from ramping up the exponential part of the logistics curve.
Quit playing Monopoly with Bill. Switch to one of many non-Microsoft products today.
a steady stream of new threats. There was another model for anti-virus
software. One that didn't have a patch model, but it was ignored because
profit driven companies require "revenue streams".
Rather than having a program that removes a virus from your system after
you've been infected or which requires an "inoculation" to recognize
viruses, the other system looks at program activities.
The actions taken by a virus are painfully obvious when you look at them
from a macro point of view (no pun intended). While not a trivial coding
task, it's possible to monitor for these types of action and freeze a
program that would take them. More over, with an ample supply of ram and
CPU, new programs could be tested in a "Safe Zone" the first time they are
run, ensuring that problem programs would be caught in the act.
Unfortunately this type of protection doesn't require incremental upgrades
from Anti-Virus companies and so we're stuck with something that can make
profits rather than something that works pro-actively. Thus is the basic
flaw of capitalism.
If you have basic email skills, you're safe.
.jpg and mp3 files with dummy executables that Explorer will foolishly make look like the original files. So common MP3 shares and such make a pretty good vector for crossing the network, as well.
Unfortunatley, this is not entirely true. Quite a few of these viruses are happy to infect non email files once they get on a network via the email vector. We haven't seen many where I work, but we have seen a few that will infect various system files. Then, when a user logs into that system, the virus infected system will gleefully infect any exe's on the network that that user has write access to. Log into a machine like this as a domain administrator, and the chances of it getting to every machine on the network without them opening any email message is quite good.
Some of them will replace
They key is that the virus scan software tells you when you have a virus. What if you somehow get infected with a virus that gives no outright signs of infection? You could be making your backups for months without relizing that you data was compimized. The virus could have gotten in though some buffer overflow attack, or something that was no fault of your own. Without the anti-voris software you have no idea how far back you need to go for a good backup, or if any of your backups are even good.
Besides the obvious 'don't run random executables', keep in mind that by default, Windows has 'Hide File Extensions Of Known File Types' enabled. So, Joe End User thinks he's opening BritneySpearsNaked.jpg, when he's really running BritneySpearsNaked.jpg.exe. Never mind the fact that Joe End User doesn't realize that this 'jpg' doesn't have the normal .jpg icon.
I believe this is one of the worse Windows offenses, yet gets zero press.
Plus... rather than delete all attachments in a panic, it's fairly easy to save to disk, then scan with your favorite AV software prior to opening/running/etc.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
Open-source anti-virus would be very cool, but it's really labor intensive and the signature databases are the vendor's crown jewels.. as it were.
The Virus Bulletin's VB100 test rates AVG fairly low. Do other tests rate it higher?
Actually I think they farm this out to their overseas operations in Bulgravia or someplace similar. Keeps it better for the bean counters. Plausible denial, etc.
Although I can see the scandal if it was found that they actually do have virus writers on payroll someplace.
"It is a greater offense to steal men's labor, than their clothes"
Fine until some moron writes a virus that orders
50 random books from Amazon on your behalf.
You are assuming that the only damage the virus
can do is to your hard drive - but these days,
that's a rash assumption. Once it's running code
on your machine, it can do anything you do.
Bottom line: Use a mail program that doesn't
execute *anything*. PINE is OK. If you do that,
there is no conceivable way that you can ever
catch a virus from email.
I don t mean to sound paranoid but wouldn't it make more since if a virus company just hired an offshore team to create new viri that only they had the antidote too?
i tch
Think about it, they could send it out in junk mail (which everyone gets).
Well ok this evil plan works only if your using a Microshaft based email client or a Microshaft OS.....
Hmm....
break the MS!! dependency !!
http://www.freebsd.org
http://www.apple.com/sw
I wouldn't say it's because no one uses it. By even the most cautious estimates, there are more Linux users than Mac users. Add to that the fact that much of the internet (web/ftp/etc sites) is powered by Linux and you see that Linux is indeed a big target.
/home directories that I discovered one for a user I never added... But I do know I had been compromised.
But with Linux we will never see the same level of email virus type threats that we see on Windows, because Linux users are encouraged to not run as root (the system administrator). Non-root users can do little more than destroy their own personal files. They will not be able to take down the system or do any real damage to the OS (unless, as I said, they are logged in as root).
With Linux the threat is more in the sense of exploits: either as a worm type virii that exploits some known problem in a large number of Linux systems (eg those Lion variants from several years back) or from some cracker out there who knows the exploits and uses them to gain malicious access to your system.
So, just like Windows, as a Linux user you still have to be carefull... keep up on the latest pacthes for your distro/software you use, and be paranoid... It's just that the threat is different, and in many ways, not as easy to neglect.
I've used Linux as my primary OS for some 6-7 years now. I've never gotten a virii or worm of any sort. I browse the web comfortably, and read mail without worry. However, I have had problems. About a year and a half ago I had someone break into my home system and use it to launch attacks on other systems. This person used some exploit I didn't know about, gave themselves and administrative account, and then proceeded to install and setup various cracking utilities. I'm not really certain what (if anything) they did with my system, because shortly after this happenned, I rebuilt my desktop (switched from RedHat to Debian), and it was only when I was restoring my
So the moral of the story is that you are never completely secure or safe. But with Linux, you do start out more secure than you otherwise would on Windows.
BTW, the way I now handle security is I just have an external firewall and router that protects my private home network. I have an old 486 running Coyote Linux that sits between me and the rest of the internet. It's still not Fort Knox... but it is very very close.
Go out and get FRISK Software'sF-Prot antivirus instead. It is competently written with timely updates. I have relied on it since before I ever heard of the internet. There are DOS, Windows (network or standalone) and ($free) Linux versions. They do not generate hype or nasty bloated programs. They do generate a good antivirus product.
I do not work for this company. I am just a satisfied customer. You can get free trials on their site. Prices: US$25/yr for single private license, US$2/machine for corporate or educational ($40min) and there are extra educational discounts.
Well, let's be fair. Once upon a time, there was no such thing as an email virus, and a great way to have some fun was to email someone with a message saying, "If you're reading this, you've been infected with a virus!" or some such. Then, Microsoft discovered the internet and wrote an email client, and now the old-fashioned method of spreading viruses by infecting a file and uploading it for public consumption is completely defunct. All viruses that make the news are spread by email attachments.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
A virus could alter Microsoft Word so that opening any Word document at all would erase every file on your hard drive, making every single Word document in existence a deadly threat -- to you, and to you alone.
:/
This is an excellent example of why you shouldn't do actual work and day to day tasks while logged in with the super user/administrator account. If you're not using an OS that allows user specific file access, change to NT (or it's derivitive MS Windows X Professional series), or Linux.
When you need super user access to install new software globally, or to change system settings, quickly log in, do your work, log out. This way any potentially dangerous software you execute can only access the files that you have read/write/change/delete access to. This is EXACTLY why I maintain a few different logins with my Linux box. Depending on what I'm doing on the system, I log in as a different user, who can only access the specific files associated with the task at hand. (examples; Browsing, Authoring, Coding, and Work)
This is one of those classic lessons you either learn when you first start using computers, or it seems ridiculous.. right up until one of your pals decides it'd be real funny to hop in front of your machine and do an rm -rf (Comp Sci majors are funny when their drunk and bored.. no.. REALLY!)
-GiH
No thanks, I don't smoke.
What's worse, on every computer I've seen with McAfee virus scan installed when they buy it has a 3 month trial subscription to virus def. updates. So after they've owned their computer for a year, they get the excessive boot delay (and it slows their computer down all the time too, because of "real time scanning"), but they don't get any protection from recent trojans/worms/viruses.
How can you expect them to fund their research efforts without some sort of recurring income? If they are public, they are also doing the 12 month license thing so they can give some sort of future projections so their stock price doesn't ride a roller coaster. I agree that releasing FUD press releases is sleazy, but the recurring license thing lets them employ good people in stable jobs. Unfortunately, life in commercial software is not as simple as it is for open source software. Sure, you can get paid writing OS software, but some people don't like the idea of living with 5 other roomates and eating cold pizza for breakfast every day. If they are actively updating their virus definitions, then the cost should be worth it.
Now if MSFT made a virus cleaner, you would probably have to wait 3 months for a patch. From what I've seen, the AV companies tend to come out with fixes fairly quickly. Having people available to do that type of work on short notice takes some money.
Back a decade or so, there was a similar "scare" involving the possibility of putting executable code in the generally-unused comment field of GIF files.
While it was demonstrated to be doable, it never occurred in the wild.
The hitch being that GIFs aren't self-executing files. To be executed, the virus code would need to be extracted and run by whatever program is viewing the GIF. Relying on the chance of some 3rd party app doing just what you need it to do is a lousy way to propagate viruses. So while it was an interesting concept, it never went anywhere because it simply wasn't practical.
~REZ~ #43301. Who'd fake being me anyway?
"Researching" is a joke. It's merely a tech support thing of "Hey, you found a new virus. Neat...give it to us and will put it in the definition file." Nevermind CLEANING the virus; the only solution for every virus problem nowadays is deleting the file. Virus cleaning used to be sort of an artform, but now they are too lazy for their own high-paying jobs.
Zodiac Survey
I have always maintained that the Anti Virus would create the need for their product if there wasn't already an inherent need.
But I've never had a virus infect my system and do any damage. Sure I've had a few viruses get 'detected' back when I ran binary newsgroup attachment grabbers for amusement awhile back.
And I've been online, for many years as a sysop, since before I bought my first DOS machine (I got PC-DOS 3.1 used at a swapmeet for my first XT clone)
Viruses only infest clueless people. Vendors have a way of extracting money from said clueless people.
Reading email recently I had a good laugh. There was a .sig at the bottom that said
"Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system http://www.grisoft.com)."
But there wasn't a message digest, a pgp signature, or anything. What's to stop me from taking that signature and appending it to my email, especially just before I send out an infected file? Or if I were a virus writer, having my virus include this in some of its email payloads?
AVG's message is training people to trust a message (and all attachments) based on a simple text sig. What could be more easily faked?
Seems like a backwards step in security, to me.
Sorry, but I'm tired of hearing this piece of crap "solution".
Anyone who works in an ourward-facing business capacity (read: not most IT people, but most everyone else at the company) generally receives email from people they don't know, and they don't have the luxury of simply trashing it. If you work in customer service, marketing, accounting, sales, you have to check out these emails and see if they are for real. Fine, not the ones that are obviously spam, but the spammers are getting smarter and disguising their spam as legitimate email. Just because the address is unfamiliar doesn't mean that it can be trashed.
Any IT person who thinks they can issue the "Don't open emails from people you don't know" edict and then just crawl back into their cubicle with a smug little CYA attitude is living in a fantasy world. Stop making such an unrealistic demand of your "lusers" (who, BTW generate the business needed to pay your paycheck, process the invoices needed to get you your latest gadgets and do all those things you hate so that you can stay happily employed.)
Instead; treat with them with either a) respect or b) a grade school mentality. In either case, please assume that they are really not sitting at their cubicles trying to think up the best way to make your life hell. Assume that they just want to do their job, and the computer is one of the tools they need to do it. Just as most of them don't know how to program their speed dial or change the copier's toner, they don't know or care about the inner workings of the computer. That's YOUR job. Make it fool proof if needed. Explain as necessary. Give them a reason to trust that you are not simply trying to make THEIR job more difficult. That distrust works both ways; if a "luser" thinks you are just making unrealistic demands that make them unble to do their job, they're going to ignore you and do what they need to do to get their job done, and you're left with cleanup duty when something goes wrong.
And above all, work with them. Understand what their needs are (do they receive unsolicited business mail? does it have attachments that they have to read? so what are they supposed to do?) and then help them understand the consequences that viruses can have and minimize their risk of catching and spreading one. Yeah, sure, that means actually pulling yourself away from Slashdot and Doom tournaments for a while, but that's the way it goes when the company pays you money to do your job.
Now, I won't disagree that it is possible, but then this wouldn't really be a virus, would it? From my understanding, if you imagine each data block as looking like this:
...
10 01 01 01 01 44 44 44 44 88 88 88 88 CC CC CC CC 00
Where that first byte is the length (hex 10, or 16 bytes) and then there are 16 bytes following it, followed by '00' to signal the next header is coming up. The specially-constructed one might look like
10 01 01 01 01 44 44 44 44 88 88 88 88 CC CC CC CC 15 24 5A C8
And those last four bytes overrun the buffer, and are executed as code. Yes I know it's extremely simplified, but this (AFAIK) is the basic premise of the buffer overflow. A proper JPG viewer should crap out at this point, but the MS product starts executing it as code. It sounds more like there is a vulnerability in the MS (surprise surprise) fax and image viewer, and a specially formed JPEG file could exploit that vulnerability. That's a problem with the viewer, not the input file.
Calling the vulnerability-exploiting JPEG a virus will lead to some interesting conclusions. What if, for example, a similar vulnerability existed in a Linux viewer application? I might make my specially-constructed jpeg (named hole.jpg) but leave off the executable code. Then, I'd make a simple program in C (called yes_oncrack) that fills /dev/hda with the character 'y'. Last but not least, I'd pipe the output of `cat hole.jpg yes_oncrack` to the viewing program.
If the jpeg is the virus in your example, then what is the virus in my example: hole.jpg, yes_oncrack, cat, "|", or stdin?
I'm not trying to be a jerk about it because I see where you're coming from, but calling the jpeg a virus is inaccurate since it is merely the exploit for a vulnerability.
I really hate signatures, but go to my website.
I'm not an expert on exactly how and when a file's MIME information gets parsed, but I know enough that I don't totally discounted the possibility of a trojan or virus masquerading as a JPG.
.exe, I'll know something is amiss. And I DO think the major AV vendors are some of the worst FUD mongers out there. But I also think it pays to be cautious, and not shrug off the possibility of a threat entirely just because it is couched in a lot of overblown hype.
For instance, if I take an animated GIF, rename it to image.jpg, and link it on my website, the server (or browser) is still smart enough to know it's really a GIF and display it as intended.
I've seen people use similar tactics on free web hosts which don't allow external image linking. They link the file as "image.txt" (the web hosts do allow external linking of text files), but it shows up as an image just fine.
If tactics like this could be used maliciously, I don't think it'd be a trivial task -- after all, if I click on link.jpg and the browser tells me it wants to fire off an
That has urban legend written all over it.
It's simpler than that, don't use Outlook. Try Balsa, Pine, Mutt, Mozilla or exim. They all do the job.
I resent your presumption and the way you blame the user. At work I've had several Outlook viruses autoexecute with NO ACTION ON MY PART. Would you call me a stupid user? In fact, you should never call any user stupid because their software screwed them. It's the program's fault that it can be broken not the users. The programer should consider all possible user actions and have well defined error code responses to them, especially when they are going to sell the silly code as a non modifiable binary.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.