Slashdot Mirror
A Bad Week for Symantec
Evan Hughes writes "NeoSmart Technologies has published a scathing editorial regarding 3 high-profile mistakes by Symantec Corp. — all in less than a week. In what seems to be a string of stupid mistakes culminating in the infection of CNN-parent Turner Broadcasting Systems by Rinbot— a virus dedicated to the eradication of Symantec from the known world."
NeoSmart Technologies has published a scathing editorial regarding 3 high-profile mistakes by Symantec Corp. -- all in less than a week
Maybe they're not mistakes... maybe it's just a form of viral marketing.
The theory of relativity doesn't work right in Arkansas.
....in my experience modern Symantec products such as Norton Internet Security is the most malicious, but successful form of malware ever. It actually gets people to pay money for the product, and in a lot of cases, pay other people to install it and keep it on their system.
I'm so glad I moved out of software maintenance and into hardware maintentance. Now I just wipe harddrives clean as a whistle and make sure the hardware works. Such a load off!
do() || do_not();
Every experience I have ever had with a Symantec product has been utterly terrible. Generally they cause more problems than they solve.
Turner apparently got hit because it had not yet updated the Symantec programs on its computers. A fix for the flaw has been available since May and security experts have repeatedly urged users to protect their computers by applying the update.
Hmm hmm hmm people are dumb.
webpage
Furthermore, doesn't Free AVG only update once a week as well?
If Murphy's Law can go wrong, it will.
a virus dedicated to the eradication of Symantec from the known world
That's not a virus. That's a feature.
Best Windows Freeware
because CNN is infected?
1. Estimates are 100-150 million machines are currently part of botnets
2. Loss estimates exceed 200 billion annually on a global basis
3. Over 80% of all spam comes from botnets
Yes, I can cite. Or you can Google. They are all easy to find.
This is a HUGE problem that is, in many ways, like spam was in 1996 or 1997. The technical community acknowledges it, the average consumer has no clue, and, left unaddressed the problem and associated looses will get much, much worse.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
How bad does it have to be for people to Stop using windows? With all these security issues and putting there eggs in 3rd party tools which are more of a hack on the the OS then actual protection.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Since we're talking about Windows machines, I can tell you for certain which comes first.
the kind that crash servers, it is not like they haven't done it before, but for most purposes I agree with you. In a large scale environment with lots of custom apps. you had better be checking these patches prior to general deployment or you WILL get bitten...*speaks from experience*
errr....umm...*whooosh* *whoosh* Is this thing on ?
A virus dedicated to the eradication of symantec? Sign me up! ...I suppose I'll have to turn off AVG first...What then?
-- David
That's funny...I've got an "always on" setup of Linux Unix, and MacOS X and I've never experienced an issue.
;)
Then again...I did once! It was when I was running Windows 2000. Someone rooted my Hotline Server and deleted all my files
JB
Maybe CNN was burned by Symantec updates before. In my time on computers I have had more problems with the various "helpful" updates than I have with malware etc.
People often don't update their software for years at a time. Hey, it costs. Which is why NAV is designed to update itself automatically. You just have to configure it correctly.
I'm no fan of Symantec. It's perfectly true that they're badly run. Hey, they used to be a lot more than a "security software" company, but all their other business (natural language databases, compilers, IDEs, desktop software, backup software) just died on them. But to blame them for the ineptitude of the CNN's IT department is idiotic.
But they(Symantec) update their signature files almost daily, that means they haven't updated their systems signatures in months. Thats just asking for problems. I mean if they were burned, why not test it offline to see? But to risk a high profile company because maybe you will get burned? I think that is a lack of responsibility on the IT dept. side.
We're chucking our desktop firewalls, spyware tools and AV scanners for one big Symantec managed client. And if any of you have ever tried to uninstall Symantec you'll know that you're chained to them for life.
Perhaps. McAfee had a problem once where they were identifying Excel as a virus, but I've never heard of Symantec having such a problem. More likely, the CNN IT staff is either incompetent or just plain stupid.
Also, if they had been burned by Symantec, they should have gone with another vendor's product. A company like CNN not having up to date AV software is inexcusable.
Same here, my ubuntu box is on nearly 24/7 and it is pretty amusing that my system is more secure than Turner Broadcasting even though I haven't spent a dime on software in years.
I would love to see how much money in fees and lost productivity Symantec milked out of that corporation only to let this happen.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Seconded. The only time I get reboots is when it's required for a security patch, or the occasional "application freaking the #$@%^& out" kinda thing...servers, workstations, all of 'em. And if it weren't for that, I'd be pushing 90-120 day uptimes on most of my machines. Yes, Windows machines.
In fact, I'll get you the data.
Main server has rebooted twice in the last four months for security patches, total ~19 minutes downtime.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
KEEP the LAME shit on DIGG please!
"No freeman shall ever be debarred the use of arms." -- Thomas Jefferson
if they hadn't dropped the ball in the first place and left the hole there to begin with this would not be their problem. But they did. A patch is like an apology, it helps but it doesn't undo the damage and it doesn't remove your liability for your prior actions.
I work for the Department of Redundancy Department.
Symantec has seen quite a bit of negative publicity in the past year on slashdot.
I have to wonder how much of it is simply astroturfing by disgruntled former employees? When there's a negative op/ed piece on a "software development and security research" website where none of the SQL even works, I just have to wonder if some no-talent assclown is pissed off because he lost his helpdesk or HR job.
Whenever I have to fix a screwed up PC, MsAfee or Symantec is disabled by the malicious code. So, I always uninstall whatever is on the machine and install something else like AVG or ClamWin.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Windows is pretty damn good nowadays, but my Linux web server only goes down when the ISP has a power problem. That happens about once a year. In four years, the machine rebooted 5 times and never once due to Linux.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
... Every machine that comes to me for service has one requirement: No Norton. Take norton off, and people are *amazed* at how much faster their machines run.
I substitute Free-av.com for Norton- better infection detection, less memory overhead, free (with the option of buying a license- I usually guilt them into doing it), and nightly upgrades.
Rinbot is devoted to destroying Symantec? Must have been written by an Ex-employee. The only ones you really despise a company are the disgruntled ex employees.
He's talking about how the BBC reported that building 7 of the WTC had collapsed before it actually happened, and how when asked about it they claimed to have lost all their recordings of the events of 9/11 in a 'cock up'.
For some reason this isn't newsworthy.
The problem isn't Windows. It's having an always-on connection to the internet.* This wasn't as big an issue in the dial-up days.
Ummm.... sure it was. I remember countless cases of machines shipped with win2k and xp which got infected circa 2001/2002 on dialup connections.... while attempting to install SP4 (2k) or sp2(xp). If you didn't already have the approperate service pack, one pretty much had to download it, copy to disc, re-install windows, install the service pack, then connect to the internet, and hope the service pack didn't get infected.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
Symantec typically releases new definitions once a week. You an fetch them as often as you like, though.
If you mod me down, I shall become more powerful than you could possibly imagine.
Although they may hold on to the enterprise market, why even bother with Norton AntiVirus or Internet Security when you can get Avast AntiVirus Personal edition for free! http://www.avast.com/eng/download-avast-home.html/
No, I don't work for them, or own stock. They've even updated it for Vista. The cost? Register for a free serial number every 14 months.
Comodo firewall http://www.comodo.com/ is nice free step up for those who think they need something more than Windows firewall.
In the year 2007, there is really no need for a consumer to pay for a product from Symantec/Norton, McAfee, or any other security software vendor that has been fleecing us for the last several years.
By the same token, I've never seen AVG prevent, or detect an actual virus. I've then removed avg and installed f-prot /or fsecure and watched the virus count run up. But at least avg is free, right? I'm sure it prevents some, but for my parents, it doesn't deal with their weekly virus infection. always YMMV
Well.. maybe. Or Maybe not. But Definitely not sort of.
Free AVG updates daily.
I don't respond to AC's.
While I half-heartedly agree with you, I suppose the argument you could make is: 1) Blame Symantec for making a product that doesn't make it easier to protect from newer threats. 2) Blame Symantec for not escalating the severity of the impact from this threat. 3) Blame CNN for trusting Symantec AV to protect against this, without updating. Either way, it's a class-A blunder.
News outlets completely screw up the facts all the time (they don't really have much of an issue reporting incorrect information, since who's gonna call them out on it, their own people?). I'm gonna guess in this case someone at the BBC either heard something along the lines of along the lines that build 7 is going to collapse and then accidentally had it reported as 'did collapse', or maybe they just mixed up which buildings were gonna collapse.
But really, why is this one media screw up an issue, when theres probably countless ones on a daily basis where the media reports 'hear say' as facts (I remember a while ago when one of the mining incidents occurred that a reporter over heard some random person asking over the phone something along the 'they're all alive?' and then the reporter and his network started broadcast that they're all alive (quickly followed by every single other network they heard one report it), eventually the rescue crews announced i think that only 1 survived and then the media tried to pretend that they never were saying they were all alive. Pretty much all of the networks want to be the first to report every single thing that they'll be willing to use sketchy (and sometimes even obviously fake) sources. Don't forget Occam's razor, since the options are "they just fucked it up again and don't want to admit it", or "its some sort of vast cospiracy that for some reason they were in on".
I only use Windows for maybe 2 hours a day to play a game, then I reboot to Ubuntu for real work.
Yeah, actually it's really annoying, because AVG is always trying to scan the hard drive when I go to play a game.
pretty much has brought all staff/faculty/student computers on campus down.
I've never seen AVG prevent, or detect an actual virus.
This is a completely ridiculous statement. Maybe you just haven't checked C:\$VAULT$.AVG, a normally hidden directory. Mine currently has 121 xxxxxxxx.FILs, going back to Feb 4, 2007. AVG is alive and well, TYVM.
I come here for the love
Wow. What's it like never having made a mistake?
You must produce the most elegant and error-free code imaginable. Can I study at your feet?
It appears that Symantec has finally begun moving to daily updates. Information about their Live Update system indicates that for their 2006 home user product daily updates were available. Users of prior versions of the product receive only weekly updates. They have been under tremendous pressure from customers to make daily updates available for several years. I'm glad to see them finally moving that direction.
If you mod me down, I shall become more powerful than you could possibly imagine.
Here's a nickel sonny - buy yourself a real computer.
Well try to install any older RedHat 6 default installation off of the CD (especially ones with an unpatched RPC service) and watch how secure and problem free the system be. Of course your machine will still be up 24/7, but only because the kid who installed the rootkit needs to connect to it.
The reality is that every operating system needs to be maintained, no matter how "secure" the reputation. Even if they would have been running something like Linux, MacOS or Solaris, if left unpatched they would get taken down just the same.
The clash of honour calls, to stand when others fall.
So your Linux box was without kernel update... for how long?
You don't know what you don't know.
for some reason people never seem to understand the concept that memory recall is imperfect at best. in fact most people remember events out of order and justify the events based on that.
ie you decided to have an orange, but in reality you grabbed the orange and justified it later by recalling that you desired it prior to deciding...
why do you think eye witness testimony is the absolute worst evidence to have in a trial
The phrase "more better" is acceptable English. suck it grammar Nazis
One of my clients has a relatively large Symantec AntiVirus deployment (something like 35,000 Windows PCs). I was, among many other things, directly and soley responsible for their Symantec AntiVirus architecture for several years. I assure you that there are many issues which can be easily overcome at the scale of 300 machines which are pretty close to show stoppers at the 30,000 node scale. I agree that Symantec Enterprise Edition is a reasonable AntiVirus product, but its weakest link, ironically enough, are the issues that arise when trying to deploy, operate, and maintain it at the scale of a real enterprise.
If you mod me down, I shall become more powerful than you could possibly imagine.
Mostly tweaking people who have no sense of humor.
Not it.
We had a Cisco router wigging out once.
Our Network Admin decided to reset it, and it offered this up:
Kodiak_Rtr uptime is 6 years, 9 weeks, 3 days, 10 hours, 43 minutes
Go Cisco!
Like the parent said YMMV - Just today I found 6 viruses using sophos that AVG chose to ignore. One of them hosed every word document across several computers.
The philosophy under which these OSes are built is completely different and ensure better security.
And now with virtualization made easy (unlike with WIndows, where all kind of asinine licensing restrictions discourage virutalization) one is able to isolate even more logical instance of machines. This enhances security and reliability.
IANAL but write like a drunk one.
Malware is firmly constrained to the priviledges of the user doing dumb things. Many things remain off limits.
And if you install any of the rule based security applications in Linux, the constraints are even stronger, this without sacrificing the versatility or the user's experience.
Linux is not attacked for lack of popularity, it is not attacked because it is more of a bitch to do an attack.
IANAL but write like a drunk one.
It is not anymore the little box out there hidden under a desk.
Most (all?) companies offering web hosting or collocations support Linux. Actually being able to 0wn a Linux server gives you much better malware posibilities since a system can have hundreds or thousends of users.
But black hats don't attack Linux not out of popularity, but simply because Linux has a better design when it comes to security (UNIX, and Linux, which takes its inspiration from it, were designed in the understanding that you may have different people working in the same computer at the same time. That has mae immensely easier to make these OSes cracker unfriendly. In the meantime MS has been hacking a multiuser systems in top of their offerings, the amount of holes left behind and the constant form over function ensure the systems will be easier to crack).
Security has nothing to do with popularity, it has to do with proper or improper security policies and their implementation.
IANAL but write like a drunk one.
Another interesting fact you should keep in mind is that buildings can not be "pulled" or
demolished by explosive within mere hours. It can't be done in one sunny afternoon, it takes
at least a week of careful planning and preparation.
Great post! Very interesting.
Personally I find it fascinating to see the lengths that some Americans will go to in order to explain away one simple fact - that a bunch of Arabs put together a terrorist outrage right under your noses. And weren't even very clever about hiding it. But it didn't matter due to the incredible ineptitude and complacency of your security services.
And I'm sorry to nitpick such a great post, but have you realised that you forgot to blame the Jews? What sort of conspiracy theorist are you?
Wow, where do you people surf? :)
Or is this just what happens when you have kids?
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Symantec AV is useless. I got it bundled in my laptop and after 60 days I uninstalled and installed eTrust. It is far better and cheaper.
Oh boy they're really "upset". The parent post got swatted down to 0 within two minutes of me putting it up,
five minutes later when I checked back again it was down to -1. Now in a thread that _already has_ a parent at -1
which means few people will actually ever read this I get all my follow up posts modded down.
Re:Not nearly as bad as the week was for the BBC: Friday March 02, @12:06AM 0, Offtopic
Re:Not nearly as bad as the week was for the BBC: Thursday March 01, @11:10PM 0, Troll
Re:Not nearly as bad as the week was for the BBC: Thursday March 01, @08:57PM 0, Offtopic
Not nearly as bad as the week was for the BBC: Thursday March 01, @08:40PM -1, Troll
Actually they're doing me a favor here, because their over the top reaction and ultramoronic denial
is just going to draw more attention to this.
I make mistakes, but I take responsibility for and ownershio of them. I don't just issue an opology and then expect the world to forget it ever happened.
I work for the Department of Redundancy Department.
News outlets completely screw up the facts all the time
They screw up details, sure, but they don't accidentally predict unforeseeable events.
Don't forget Occam's razor, since the options are "they just fucked it up again and don't want to admit it", or "its some sort of vast cospiracy that for some reason they were in on".
The options are "they just fucked it up again and also managed to lose all the multiple tapes of their entire output for the biggest news day in recent history", or "they received a press report and reported on it". There's no need to suggest that the BBC were in on it - they were just reporting the information they were given.
Your parents get weekly virus infections? Are they doing warez trading from back in 1999?
Procrastination -- because good things come to those who wait.
a virus dedicated to the eradication of Symantec from the known world
We can only hope.
If I wrote viruses and wanted to make a living from it, subscription-model anti-virus software would do me very nicely, thankyou very much.
America, Home of the Brave.
6 to 8 years ago I gave out code to people that allowed them to query my site's data. The code (with a bit of javascript) needed to be embedded on their existing (poorly coded) pages so I knew it would stop working at times -- so I put an "if this is not working" link with my email address and exposed it...on about 750 pages at last count. I used to average about 100 viruses per day. Oh well, no big deal and I've never been infected.
I come here for the love
No shit. It's like reading about a strain of flu that cures/prevents AIDS. Where can I get it?
A polar bear is a cartesian bear after a coordinate transform.
So issuing a patch doesn't constitute "taking ownership?"
If not, then what does? What else are you looking for from a vendor?
Who moderated this guy insightful? His facts are wrong and he doesn't even make a sincere attempt to use logic! AVG Updates daily and virus definition updates should always be updated. That's why you use an anti-virus because you don't have the time to research every threat out there yourself and create a way to catch it and fix it.
I never count getting a virus in an email as "getting a virus" because I'm not stupid enough to click on one :)
Actually, I don't even run virus scan on email or web browsing anymore - it was slowing the machine down too much for my taste. I try to mitigate my susceptibility by running non-MS tools where possible... even my wife uses Firefox and Thunderbird for web and email, with the Palm organizer software for addresses and calendar. Security through obscurity... don't knock it!
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Well, a virus in an email is a virus received. This discussion started with AVG's behavior. Someone said AVG never detected one that some other AV did -- but AVG detects and deals with them without a permanent dialog box -- it times out and man I wish other program dialogs would, for non essential messages.
I agree about not MS tools. I think I first thought of it when MS tried to include Central Point's anti virus in DOS 6. Everyone proceeded to target CPAV, that we had been using for years prior to that.
Personally, I use Eudora (that happens to have auto dismissing dialogs as an option) rather than Outlook (has MS ever made a good email program?). I switched to Opera for browsing about a year back (thanks to osnews discussions) and quite like it. My address book is a flat text file -- why would I want more than that (I don't need it on the street, on the road I take a laptop with that file).
I come here for the love
I'm not tense. I'm just terribly, terribly, alert.
Heh, I guess I never considered that I "got" a virus if it was just emailed to me :) Especially on my Mac.
A flat text file is perfect for an address book - it's also easier to sync even if you did take it on the road via laptop. However, if you have a PDA or cell phone that can sync to your PC, it is handy to have the address book in some format that is machine-friendly. My wife has a Palm and so she uses that software. I use the Mac address book application, which syncs up with my cell phone, as well as Outlook on the PC for work.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
daily updates have been available to years. just not to certain classes of customer.
I'd comment but i can't figure out if that virus is a bad thing or not ;(
Ahh, feel the love here.........
Ok, I guess I don't know much about the internals of AVG. The other antivirus programs tell you with big warning dialogs whenever a virus is found. I don't really want to have to know the internals of any AV, to be honest. In any case it has missed several virus that others, with much older definition files have found.
I don't trust it.
I don't like it.
It doesn't get a second chance from me.
Well.. maybe. Or Maybe not. But Definitely not sort of.
Although other AntiVirus vendors provided daily udpates for years, Symantec released updates via Live Update once a week for many many years, and apparantly began more frequent, almost daily updates in 2006. I know (from experience) that as recently as the fall of 2005 Symantec updates were delivered weekly. I used to *beg* on behalf of my client (and via Symantec's expensive enterprise support contract of questionable value) for Symantec to produce more frequent updates. I still have scars on my knees and lips from the chaffing. I'm here as a survivor to tell you they did *not* deliver daily updates via Live Update until relatively recently.
During major outbreaks a mid-week update or two would sometimes become available. Those were sometimes delivered at the request of their enterprise customers (e.g. "We're seeing a rise in foo infections, could you please consider releasing the definition update for that ASAP?") but were made available through all their distribution channels to all their customers.
On occasion Symantec would release a particular definition via consumer channels on an ad-hoc basis (e.g. between the regular weekly udpates) but only via the enterprise-focused "Live Update" system several days later during the regular update. When I asked them about this (each time we noticed) the reason given was that the definition "needed additional testing" before it could be certified for enterprise use. Presumably this was to reduce the number of false positives which when they occur in an enterprise environment can be almost as costly as an actual virus outbreak.
If you mod me down, I shall become more powerful than you could possibly imagine.
Pining for the fjords, eh? Serious security professsionals realized this argument was stone cold (in fact I took the liberty of examinging this here argument and discovered that the only reason it was still standing on its perch at all was that it had been nailed there) dead when the Witty Worm smacked all the vulnerable systems for a given defect within an hour. The particular realization perhaps didn't sink in until a day or so later when the number of said vulnerable systems was shown to be something quite small, quite possibly as few as 12,000 total vulnerable systems. Exploiting niche platforms became no more difficult than exploting any other platform given a remote root vulnerability.
Elsewhere in this discussion it's claimed that worms are irrelevant because modern attacks are directed at browsers and the like. The continual emergence of new worms suggests that malware authors do not agree with that assessment. Even if it were true, recent surveys suggest that over 4% of web surfers are using Safari. That's millions of potential victims. A botnet master needs only a few thousand systems to spam the bejeezus out of the entire world.
The niche platform argument is bogus and should be consigned to the dustbin of history.
If you mod me down, I shall become more powerful than you could possibly imagine.
I consider "taking ownership" to mean
- admitting fault
- taking actions to correct or at least mitigate the problem
- accepting responsibility for other problems that arise as a result
- understanding that you have lost a degree of trust due to your neglegence, and not assuming you will just get that trust back immediately after taking action
- making changes necessary to lessen the odds of a reocurrance
Issuing a patch covers the first three, but Symantec seems to have a problem with the other two. Just how many times do you have to see the fourth one before you find someone else to work with? It's naive to expect a customer to just keep forgiving you for your neglegence.
Imagine the public's reaction if ford trucks started spontaneously catching on fire? OK they found a problem with the fuel tank, ok that's fixed now. Next month two more trucks catch fire, oops guess there are issues with the gas line, ok that's fixed. Whoops, three weeks later we see a pattern of fuel pumps being defective and causing a fire under the hood. At that point, don't you just lose trust in their ability to produce a quality product? How many times do you turn the other cheek? Symantec is making my face sore.
I work for the Department of Redundancy Department.
sorry gary, just not so. i've been an enterprise customer for more than seven years. daily updates for enterprise customers started at least before 2004.
It comes down to what you believe is necessary. I get EZ Armor Firewall and A/V as a gimmee from Roadrunner. My Internet experience is fast, and there is never any slowdown while safe programs get massaged over and over to no purpose.
Goddamned kids! Get off my lawn!
You received daily updates only if you were able to use the "Symantec enterprise console" system to obtain and distribute the updates. Symantec had 3 different update paths at that time, LiveUpdate was the original "enterprise" update system which used FTP as a transport and a special "Live Update Administrator" software to fetch from Symantec. The "enterprise console" system used a different mechanism and a "push" transport from the console server to the clients. (Incidentally, I think it is this built in distribution and control system which provided the hole for the worm which spawned this article. The "unmanaged" client configuration didn't have a listener on the client and thus couldn't be exploited that way.) The third mechanism were downloadable update bundles available from the web. Those were updated weekly in concert with Live Update, and occasionally on an ad-hoc basis. There are many, many more details that I could provide, but really, you can't possibly care this much. It was a cluster fsck, the Symantec update situation, for years, and was still a cluster fsck as of the fall of 2005.
If you mod me down, I shall become more powerful than you could possibly imagine.
I'm sure it's been said here already - and that many people have already said that they consider Symantec's AV as deeply flawed product.
Still, just in case:
Symantec's AV is, IMHO, a terrible product. I have a parttime job working on a university heldesk in their central computing facility. We see this AV appear on user's machine regularly, and the first thing we do is get the user to uninstall it [if they can!], and to then install AVG Free Edition. I've never know a user to *not* come back and thanks us, and to report that their machine is running better after they've done this.
@peetm
AVGFree updates daily, and is my recommendation for antivirus for regular home users with ordinary security needs.
I turn off the scheduled morning scan (a bit overkillish, and also still slows things down too much, even in low impact mode). I set the Window Task Schedular to launch the Test Center once a week to remind folks to scan their computers and that's it.
It works just fine, and if there is a problem, it's extremely easy to uninstall it and reinstall it, whichs fixes practically everything.
I swore by Norton Antivirus until the 2004 version came out. Then I started swearing at it. Currently, I regard it as worse than nothing.
Fundamentalism is a crime against humanity