Slashdot Mirror
Using Spyware to Report Pirates?
An anonymous reader asks: "I have visibility to AUP complaints we receive at work, and we receive messages from a software vendor that make it obvious that their product is phoning home when it discovers it is running a cracked copy of itself." Apparently the software phones home, and then the publisher's legal department sends the administrator an e-mail. "The message goes on to detail the users IP, a timestamp, the product in question, the users PC name, username, and MAC address.
This falls under -my- definition of 'spyware.' What are your thoughts?" Software has been making surreptitious checks for "piracy" for over a decade, yet these checks are usually limited to the software itself, and not data on the user's machine. Do you feel software publishers should have the right to peer into users data, if their software suspects foul play on the machine, or should it do the easy and intelligent thing and just stop working?
You're joking, but SCO OpenServer does actually scout your network for other unlicensed copies of OpenServer and other SCO products. As far as I know, it just causes an output to console every few minutes warning you of the unlicensed software.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
Beware, Nugget is watching... See?
Given that you undoubtedly agreed to allow the proprietary software to do a full body cavity search on you when you clicked through the EULA, the publisher has the right to do just that. Even if you're using a "legal" copy.
YOU have the right to refuse to use binary-only, spyware infected, jump-through-hoops licenced programs. Use Free Software instead.
"But I depend on the proprietary software to do my job." Then support the Free Software movement so someday you won't need to depend on proprietary software anymore.
Personal Firewall is the best approach to keep software from "phoning home".
You need to use your best judgement - when and why an application connects to the internet. Deny all connections by default.
Yes, it is. Funny you should say that and then follow it with:
Stealing is stealing. Infringing upon someone's copyright is NOT stealing, it's infringing upon their copyright. Stealing is stealing, and using cracked software is something else entirely. That's why each is prohibited by a different law. You can't ``steal'' software unless you grab a boxed set and run out of the store.
That may sound like a trivial distinction, but it's not: it is the heart of the matter. It's this sort of sloppy thinking that makes it so easy for Disney to get copyrights extended another 40 years every time Mickey has a birthday.
It's important to remember that property rights are natural rights, which pre-exist our constitution (that's what our constitution says). Copyrights, patents, and the like are privileges which the constitution allows but does not require Congress to grant. When we equate copyright violation to theft, we blur that distinction, and play into the hands of those who would like to enclose the commons of our cultural heritage.
See what I've been reading.
Yep, and then they started making the manuals with dark blue text on burgandy paper (well, the code number sections, anyway) so that you couldn't photocopy it. By the time you can actually read the code number to enter to play the game, you've completely screwed up your vision. :)
:)
I had two Konami games on the C64 that used this method. After about five times of going through this pain, I cracked the damn games. What was great was that the copy protection code in both games was the same, and they even ever so nicely made it easy to find the protection (the border color changed after the code was correctly validated). Three byte patch (JMP $XXXX) and hacked game.
Ahhh, the days of 8-bit computing.
-- Joe
iptables CAN create rules based on the application.
--cmd-owner name is the option to do so.
you can also make a rule based on uid.
Of course you can mix things up, for example you can allow an app to connect to some ports rather than to some others.
And of course an application cannot use port 80 (server socket) if it's not uid 0 or suid.
For example
iptables -A OUTPUT -p tcp --dport 80 -m owner --cmd-owner mozilla-bin -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -j DROP
would let only mozilla connect to port 80 of a remote server.
I can tell you: you have got no idea how powerfull is iptables!
I don't want to start any blasphemous rumors but I think that God's got a sick sense of humor. DM
You're wrong, for several reasons.
"if they choose to contact the individual or institution and there was just a flaw in the code that made it think that it was cracked when it was infact legit, all the acused would have to do to clear their name is prove that they have a legaly purchased copy"
In the US, we have a "innocent until proven guilty" court system, where the burden of proof is not on the accused to prove they are innocent, but on the accuser to prove that they are not. Secondly, it might not be that easy for a user to prove they have a legit copy. A few examples of this would be if the user's machine was compromised, and the key stolen and distributed, or if the user was part of a large corporation and had no idea of anything to do with the installation of the software, or if the user had bought a used computer with the software already on it.
"it's not like it gives out top secret information"
Again, wrong. RTFA, "The message goes on to detail the users IP, a timestamp, the product in question, the users PC name, username, and MAC address. " This information could be VERY harmful in the wrong hands. With a known IP, timestamp, PC name, username, and even MAC it is now very easy to locate a user's physical location within an organization. With some social engineering and a bit of luck, you can now do all sorts of nasty things (sneak a keystroke logger and BOOM, they're 0wn3d!) to someone. Also dangerous, since MACs are bound to the hardware, if someone could reverse lookup a certain piece of hardware bound to a MAC and then find a vulnerability in the hardware, they're in. And since I doubt this information is encrypted, and since it is obviously sent over the public internet, the right person sniffing the right packets can now grab all of it.
More importantly, I doubt that this "feature", if you can call it that, is well publicized. This is very important because without knowledge of such practices it could be hard for a sys/netadmin to account for the grossly insecure transmissions.
Let's get one thing perfectly clear, I did not vote for George W Bush, and I do not endorse what he does or says.
"