Slashdot Mirror
US Shows Interest In Zombie Quarantine Code
bennyboy64 writes "Barack Obama's cyber-security coordinator has shown interest in an e-security code of practice developed in Australia that aims to quarantine Internet users infected by malware, also known as zombie computers. He reportedly said it would be a useful role model for the US to adopt. One suggestion within the code is to put infected users into a 'walled garden,' which limits Internet access to prevent further security problems until quarantined. Another is to throttle the speed of an infected users' Internet connection until their computer fixed. The code is also being considered by other Asia-Pacific countries, ZDNet reports."
This is so NOT the story I was hoping it was going to be.
Like a baby Harp seal on the open ice, my dream has just been dashed.
In contrasting this with the president's ability to declare a cyber attack and disable internet access in the United States, I'd say this seems like a reasoned approach that would hopefully be considered an alternative to the former where applicable.
My only real concern is that of privacy. How exactly do they go about telling you're a zombie? Well written malware isn't exactly going to advertise infection, and even hosts which may be participating in a denial of service attack can't definitively be proven to be infected unless they're obvious (like sending a TCP packet with an invalid combination of flags, for instance). Scarier would be using the 'zombie' excuse to monitor net traffic on a connection for 'investigative' purposes. So it may just turn out pointless or it may be a ruse for a different kind of control. Anyone have any articles as to the effects of this or some cases where it was actually used in AU?
Currently my network looks like a single netbsd box from the perspective of my ISP. The original Australian proposal could have been interpreted to mean I would have to tell the ISP what OSs I was running and what software they had installed.
So if I had windows here they would want to know how it was firewalled, etc. So yeah I can tell them three ubuntu laptops, one mac laptop with windows running inside vmware. Two servers running netbsd and the ISP are going to get dollar signs lighting up in their eyes. They will want me to pay for a "business" connection now, because of the nodes I have running. Not good for me.
http://michaelsmith.id.au
Your Rights Online: Australian Cybercrime Enquiry Report Released
This functionality already exists. The ISP responsible for the malware-infected PC can just change the modem provisioning mode at the CMTS, thereby preventing the modem from obtaining an IP address, effectively disconnecting the endpoint. No laws needed.
I like this idea in principle, but concerned about the details. The article says it's "formalising an existing code of practice" so perhaps Australians here can let us know how it currently works?
I'm thinking mostly about false positives - I've had a Mac identified as running some Windows virus, at the time I presumed due to NAT somewhere at the ISP level. Getting that sorted out was a matter of waiting half an hour or so, but I can imagine that becoming a more serious issue if this is 'by law'.
The other thing worrying would be forced steps to remove things. I could go with an "ensure you're clean rule", but would be against a "ensure you're running this particular security measure" rule.
Cheers,
Ian
I'm not sure how they tell ordinary ISP users. I had a similar sort of experience, though.
I used to work at a university, and one of my colleagues was bringing his home laptop in. One day, he couldn't get his computer to connect with anything so he rang up helpdesk and they told him that something was up with his computer. They sent around a support guy, who found that his son was running BitTorrent on his machine. People are stupid, teenagers are cluey, etc. etc. etc.
Some sort of paper notification before disconnecting him would have been a lot better in my (and his) opinion.
Some are forgetting the obvious that this would require the monitoring of traffic.
I'm guessing that the new paradigm the government is following in regard to the internet is total information control. It started with total information awareness. The original goal was to monitor all the information on the internet to see and prevent terrorism. Most of us agreed with that idea, and now that the internet is fully monitored the next step is to gain complete control over it. This way if a powerful person doesn't like what is being said on a specific website or by a specific computer, they can quarantine it. This word "quarantine" gives an indication about how the government sees unfavorable information. They see it as a "virus", or "mind virus", which is otherwise known as a meme. The only way to stop the spread of a meme is by quarantining it.
Once again this is about information control, not security. If it's about stopping zombie infectious malware as the article claims they could use many technical solutions to do this and put the control in the hands of the user. The user could set up their system to handle it and the government has no reason to get involved. Or the government could promote corporations such as Google to develop an improved version of Linux or the Linux kernel to have a feature to allow this much in the same way the NSA developed SELinux. To make it a political issue and to use Australia of all places as the example is exactly the wrong way to go about it. We all know that Australia has a completely censored internet with a list of sites people cannot go to because the government does not like the information on these sites.
This might fool individuals who don't understand technology. Saying it's to secure the internet while you throttle their broadband speed might make sense to the 16 year old kid downloading mp3s or using bit torrent. It might make sense to the adult who works in an unrelated industry with little to no knowledge about network neutrality or what is at stake when internet speeds and information is regulated in a centralized manner. To individuals who understand the technology and how to use the internet the idea of controlling the information flowing through the pipes defeats the purpose of the internet itself. I cannot imagine any programmer, hacker, script kiddie, gamer, or serious user supporting this idea. Most of us would rather risk being infected by malware than have our broadband speed throttled.
And let's be honest, child pornography is probably the worst kind of virus you can be infected with. And the only reason it's so horrible is because the laws related to possession of it are unreasonable. So before we go and fundamentally try to alter the code of the internet and create millions of unintended consequences we should debate what we want the internet to be and what it's purpose is. Does the internet exist as a weapon of war or is it something more fundamental? Should the government control the internet or should the market control the internet?
If the government wants to have this much control over it, maybe they should make it free. That's my opinion. But to bait and switch like this is unfair to individuals who have paid for internet access for over a decade, who have created most of the content on the WWW, who have made the internet what it is.
The threshold of irresponsibility or incompetence that is necessary for the average user's Windows box to get infected is quite low, even nil at times. A walled garden "which limits Internet access" seems to me like it would work out to be a limitation on free speech in practice, since both the structure of the Internet and the nature of malware depend on the computer's ability to upload arbitrary bytes.
Someone who knows more about network infrastructure than I do could probably explain whether and how the walled garden approach could still allow the computer's owner to communicate however they wished over the Internet. But in my opinion a government-approved whitelist of protocols or websites (if that is indeed how it would work) does not cut it for First Amendment purposes.
"This algorithm runs in constant time. Come on, 2,147,483,648 is a constant..."
In contrasting this with the president's ability to declare a cyber attack and disable internet access in the United States, I'd say this seems like a reasoned approach that would hopefully be considered an alternative to the former where applicable.
My only real concern is that of privacy. How exactly do they go about telling you're a zombie? Well written malware isn't exactly going to advertise infection, and even hosts which may be participating in a denial of service attack can't definitively be proven to be infected unless they're obvious (like sending a TCP packet with an invalid combination of flags, for instance). Scarier would be using the 'zombie' excuse to monitor net traffic on a connection for 'investigative' purposes. So it may just turn out pointless or it may be a ruse for a different kind of control. Anyone have any articles as to the effects of this or some cases where it was actually used in AU?
It's not reasonable for the government to do anything more than monitor the internet. To start telling people how to run their nodes, what websites they can and can't visit, how they can or can't surf the web and at what speeds, is authoritarianism on the web. The internet was not designed for authoritarianism, it was designed to be an anti-authoritarian technology, it was designed to be decentralized, it was designed in this way because authoritarian centralized systems usually have a single point of failure. These overly centralized systems are more likely to fall or collapse.
The internet as it is designed now is already more advanced than the design of most other systems. To centralize and control it down to the byte flowing through each wire, inspecting every package, analyzing every bit, and controlling which bits to quarantine and which bits not, is just a stealth mechanism which can be used either to destroy the internet or weaponize it. This along with the new behavioral advertising schemes allows for specific centralized entities to feed specific information to specific computers, and now they want to be able to quarantine specific computers to block them from receiving specific information from other computers.
How can this be good for the internet as a whole? How can this be good for the flow of information from a mathematics/physics point of view? How can it be ethical if the objective is to reduce ignorance and preserve freedom of speech? It can only be ethical if the objective is to control, weaponize, and win at any cost.
They want zombies to use Apple products.
This Headline wrote a check that the story couldn't cash. Bad editors, no cookie.
Poor means hoping the toothache goes away.
So if you run bit torrent and they decide it's malware, now they can throttle your internet speed and quarantine you. Or if you download legal but tasteless pornography this could be determined to be malware and your speed can be throttled.
This idea is as bad as the kill switch idea.
Obama has nothing to do with this idea. Read the article where it says cyber-security coordinator Howard Schmidt came up with this idea. If you think it's a bad idea you should direct your anger to the person who thought of it. Obama is not in charge of cyber security and we don't even know if Obama is the one behind the cyber policy to begin with. So to blame Obama is pointless. In fact Obama claimed to be for network neutrality so if hes changing his mind on an issue as critical is this, it's a shame he wont be re-elected because hes going to lose virtually all of the youth vote if he messes up on the internet.
I think this should have been done 15 years ago. At least 8 when XP became target #1.
I used to work for an Australian ISP, and I was aware of a practice where we [the ISP] would periodically receive reports of "infected" computers, and would need to proactively contact customers and advise them / encourage them to resolve the issue, with the disclaimer that if they do nothing, we may eventually need to kick them off the connection. If something wasn't done about the problem for a while, Port 25 was blocked on their account until that had advised us that, and that we felt confident that they had resolved the problem. The block would be re-instated if any further reports arose. Further down the track, if nothing was down and they were totally negligent, we would cancel their account (although AFAIK this rarely happened). (FYI: I never did this job, although I was aware of it and did fill in once).
How does that solve the problem of windows being on the net...
Without reading the article the first thing that comes to mind is to "walled garden" the zombie PC's, eg cut off all ports but port 80 (and break https) and redirect DNS so that all requests go through a proxy so that the malware can be identified.
The end user then gets warned that their system is compromised, BY THE ISP. This unfortunately will be ignored as people have been trained to ignore such stupidity if it doesn't look legitimate. Nothing stopping the malware from filtering this out either.
Good idea walling off bad ISP's BAD customers, eg those machines in a data center that are just forwarding traffic from somewhere else, but otherwise without a legal mandate to do so, those bad customers will just never realize those machines are compromised, or deny any wrongdoing if they full damn well know what is going on.
They call this icode?
I mean, sure, I know the fad, but? ... but ... but ...
Well, we used to call intermediate or interpreted codes i-codes in school. I guess I was living in a different branch of reality or something. I mean byte code is so, well, architecture specific.
BASIC09. Wow. Blast from the past. First loves. Things that might/should have been.
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
This product: http://www.quarantainenet.nl/?language=en;page=main-home has been in commercial use for several years at educational institutions in the Netherlands. It basically does just that -- infected computers get isolated and get referred to a self-help page. Interesting stuff. (disclaimer: I know people who work there)
It's not reasonable for the government to do anything more than monitor the internet. To start telling people how to run their nodes
In a competitive world, businesses WILL NOT prepare for disaster unless the executives see that it affects the stock price. Preparing for disaster is expensive, and it seldom pays off. (see also: car industry, banking industry, airlines, BP, failure to protect against natural disasters...)
If we want the internet to keep running, without collapsing during a cyberwar, then we do need to insist on some things. It's like requiring that banks keep some reserve, requiring that oil companies have a means to stop a leak, or requiring that an airline not skimp on maintenance when the competition gets fierce.
I'm talking the under 35 vote. And yes they do vote. Not only do they vote but they donated a massive amount of money to the election of the first Black President because he was promising change and promising that he wouldn't follow along with the old ways of doing things. If the youth had expected the government to be run like this they'd have voted for McCain.
Obama promised transparency. Obama promised open government. Obama promised an end to corruption. Obama promised network neutrality. Obama promised to take a harm reduction policy on drugs. Obama promised to fight to protect the environment. Obama promised to help fix the economy and help young people get jobs.
Now hes President and all we see are the criminalization of virtually everything that young people do. Whether it's smoking marijuana or using file sharing clients. The economy is in a terrible state and all the government can think to do is put us young people in prison? I guess thats one way to pay off the national debt.
And if it's not putting people in prison through bad laws, it's putting people in debt where they have to work for 10+ years working it off. So once again Obama owes younger generations something. If everything we do is to benefit the babyboomers why expect young people to vote in the next election? The young people demanded network neutrality and for many this is the only reason they voted for Obama. They believed Obama would promote freedom of speech, promote the internet.
But so far how has Obama's policies differed from the policies of Bush? The only difference is Bush said what he wanted to do and did it while Obama said the exact opposite and hasn't changed anything in regard to the internet. And when things have changed it's clearly for the worst.
Is it just me, or is the first onslaught of posts unusually full of people who seem to want to judge government first and read/think later? I mean, beyond the usual level here.
I mean, something has to be done. We are well over 50% of the internet's capacity being used to send people junk mail, most of it both offensive and fraudulent, far too much of it containing executable payloads that harm the internet itself, etc.
If the ISPs don't take voluntary action at a level of minimum intrusion, some excited parents' group is going to hold a referendum and hand their government the right to intrude in every living room.
Sure, this proposal goes too far in places, misses the boat technically in others. It's not perfect. But it's better than legalizing deep inspection to be adminitered and performed by the agency of the UN/international courts.
If we want better than this, we need to come up with counter-proposals of our own, get out, educate people. (And get ourselves off the OS that is the primary medium of abuse.)
Computer memory is just fancy paper, CPUs just fancy pens with fancy erasers; the 'net is just a fancy backyard fence.
I suddenly realized that I live in a world where a headline like this makes perfect sense. Is it just me, or does anyone else find this scary?
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.
This "voluntary" icode just happens to discussed under the backdrop of the government trying to build an internet kill switch. I'm supposed to believe it's going to remain "voluntary" when the US Government is involved?
When it's voluntary then all the government influenced ISP's or ISP's with big government contracts will be pressured behind the scenes to adopt it. I'm not convinced that it will be voluntary if its not in the ISP's economic best interest.
If corporations want to do this they already can. So to make it "voluntary" when it already is an option, it looks more like an agenda.
I've enjoyed your comments in the past, so really expected better from you, Mr Khyber.
Well i think its a a perfect step to remove all those zombie from the internet and due to this their so many junk mail received by everyone daily i like this .
I think HObama should stick to what hes good at like fixing the health care system, fixing the unemployment, and fixing the deficit, oh and getting us out of Afghanistan.... what a loser
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
It's not reasonable for the government to do anything more than monitor the internet. To start telling people how to run their nodes
In a competitive world, businesses WILL NOT prepare for disaster unless the executives see that it affects the stock price. Preparing for disaster is expensive, and it seldom pays off. (see also: car industry, banking industry, airlines, BP, failure to protect against natural disasters...)
If we want the internet to keep running, without collapsing during a cyberwar, then we do need to insist on some things. It's like requiring that banks keep some reserve, requiring that oil companies have a means to stop a leak, or requiring that an airline not skimp on maintenance when the competition gets fierce.
The internet is never going to collapse. That is a strawman. Industries could lose profits however and this is a legit argument. If American industries lose profit this endangers national security. Endangering national security reduces US military might and overall power. This endangers US superpower status. So all policies are designed to maintain government power and superpower status.
The problem with these policies is they make the civilian population miserable. We can't find a job. The laws all seem to be telling us what we can't do so we can't pursue happiness. This creates collateral damage on the civilian side as many civilian lives are ruined in some cases beyond repair to "win."
Why can't the military establishment find a way to win without making the entire world miserable? After a certain point the people fighting to protect these laws and Constitution wont have morale. We claim the USA is worth fighting for because it has liberty and freedom, and people can get rich and be happy. But that perception is rapidly fading and lying to the public is not going to change the fact that the American dream is harder to reach for individuals. Individuals primarily feel we are winning or losing the war based on situations they see in their own lives and sphere of influence. We might be winning the war on paper but for most people in practice it feels like we are losing.
This is the primary disconnect.
Is it just me, or is the first onslaught of posts unusually full of people who seem to want to judge government first and read/think later? I mean, beyond the usual level here.
I mean, something has to be done. We are well over 50% of the internet's capacity being used to send people junk mail, most of it both offensive and fraudulent, far too much of it containing executable payloads that harm the internet itself, etc.
If the ISPs don't take voluntary action at a level of minimum intrusion, some excited parents' group is going to hold a referendum and hand their government the right to intrude in every living room.
So we have to accept a stupid law else a group of ignorant parents will want to cram an even more stupid law down our throats? I don't accept those options. Maybe instead we should just choose the smartest least exploitable law possible and not have to deal with either situation.
Sure, this proposal goes too far in places, misses the boat technically in others. It's not perfect. But it's better than legalizing deep inspection to be adminitered and performed by the agency of the UN/international courts.
If we want better than this, we need to come up with counter-proposals of our own, get out, educate people. (And get ourselves off the OS that is the primary medium of abuse.)
Not only does it go too far but it wont stop worms or DDOS attacks. The programmers will just find a way to make their malware undetectable. Then the ISP's will have to analyze everything we do online. Also how is it a bad thing if the UN handles it? That might actually be a better solution. That being said that option is not on the table either and is just a strawman.
a representative for microsoft responded with a 404
You make the laws according to the constitution. If it is important enough then people can break the rules and take the legal consequences. If you need to torture a terrorist, spy on someone, then break the law and do so. If you get the information you need great. You probably won't get a jury to convict. If you don't then you do the time. If you are not prepared to do that then what you did probably was not necessary. This only works when there is transparency and accountability. I think that once upon a time in England the hangman faced a court the next day but this may be just a legend. But that is the way it needs to work.
I am an Australian on Exetel. I have had the quarantine kick in twice due to my house mates getting infected. Both times it was a spam relay, so it was presumably easy to detect the massive jump in port 25 traffic. Once you are quarantined all ports but 80 are blocked and port 80 only serves up a page telling you that you are quarantined, what you need to do to remove the quarantine (clean your system then click a link to tell the automated system to check your outgoing traffic), and links to ISP mirrors of malware removal tools. Both times it took about 15-30 minutes to clean the infections and get the quarantine removed.
I think schemes like this are best practice and the only way the Internet is going to be usable with the rise in online crime. Even if you have a secure local OS nothing stops users downloading trojans.
I like most of what you said but then you use an incredibly broad general statement like it lowers online "crime." Which crimes? Be specific.
That being said trojans, viruses and child pornography are a problem.
I don't mind if traffic is monitored. I mind if the contents of the traffic is monitored.
For example they could scan all incoming mail being sent to the ISPs mail-servers for viruses (my ISP does this and all I see is a little "we blocked x viruses" notice in my inbox periodically)
Also they can block outgoing port 25 (i.e. prevent spam zombies from sending their spam outside of the ISPs network directly) and limit the amount of mail going out of the ISPs mail server (better yet mandate one of the "secure SMTP" options so that the spam zombie cant relay through the ISPs mail server at all)
And ISPs can use well-maintained blacklists of hosts to refuse to accept mail from (for example there is no reason to accept mail comming from the dynamic home customer IP ranges from ISPs like AT&T, Comcast etc. Most ISPs terms-of-service block running mail servers on home accounts anyway so its not like anyone should be running a legitimate mail server on such IP ranges.
Blacklists are not perfect and yes may contain IP addresses that once sent spam but no longer do so but if the blacklist is well-maintained there should be a simple way to get your IP removed.
ISPs also need to stop the practice of redirecting non-existent domains to an ISP error server as such practices make it harder to detect certain kinds of forged email headers AFAIK.
The bottom line is that these oligarchs want total control over information, they're threatened by the openness of the internet, the ability for people to bypass mainstream media outlets, the ability for people to share news and information worldwide without censorship or government/corporations (almost the same thing now in the US) putting everything into their own context, the dislike the ability for people to organize.....One way or they other they are going to try to destroy all that is good about the internet.
Malware is a problem, and people who don't patch or have proper security are stupid, but he model we have, where everyone takes responsibility for their own systems works fine, despite the rhetoric, and giving the corporate/government empire more control for any reason is a bad, bad idea.
The actual power of the Internet has been far from realised. We will go from cloud to something even more dispersed. Imagine for example a protocol where programmed objects can exist on different servers and services so the meme of the net being the machine is actualised. The Internet is far more than TCP/IP port 80 (the Web) and has hardly been developed since the invention of the Web. It could very well be said that the Web has almost fatally distracted the development of the Internet.
the university here have a similar policy, you MUST use the AV software they provide, and keep your system up to date otherwise you get disconnected. They appear to monitor your connection to ensure you're downloading updates, and do monthly inspections.
You're _not allowed_ to run any form Linux, or any other OS older than XP. Consoles are OK, as long as you clearly state to them that's what you're using the connection for.
Putting infected users in a walled garden - redirect all web browser access to FREE antispyware, rootkit detector, antivirus and help them clean up the infection - and offer an automated way to get out of the garden if the machine is deemed "clean" again.
Of course once computer is infected with malware who knows WHAT could have been done to the base OS? Better to reload from a known good trusted source..offer free Ubuntu? ;)
I though that zombie systems violated FCC rules for attaching telecom equipment to public lines anyway.
...and it actually works pretty well. I'm a student at a prominent and high ranking university where we have such a policy.
Basically if they find that your computer's infected with any type of malware, which is based on traffic analysis and the results of scans that run just a tad bit too often, they send you an e-mail and give you 24 hours to deal with the problem. After that they do exactly what is described here: you are quarantined to a whitelist of Internet hosts and kicked into a subnet that is firewalled from other student and academic IP address space. I think your bandwidth might get a nice cap on it too. Not sure as I've never been kicked into the quarantine.
It's a great practice, because it cuts down on malware and isn't very intrusive. My webserver got hit by a bot last year due to an outdated installation of a certain web app which I had forgotten about, and shortly thereafter began participating in a DDoS against a website. I got an e-mail from IT's security department, and they did a pretty damned good job confirming the source and nature of the attack. They seemed to know their shit, and if you clearly know your shit, they are good at working with you to get the problem really fixed as opposed to just kicking you into quarantine.
The question is whether or not this will be extended to include cases of copyright infringement. The school would see their students drop like flies if they reported all the file sharers. Rather, they just provide information when subpoenaed, meaning only the stupid kids that download pop music/movies through Limewire/unencrypted BitTorrent/etc. really get caught. They still keep the logs, they just use them for clearing your name ("We have no indication that X accessed service Y or downloaded item Z") rather than grepping through them and reporting everyone they find. Again... if they did, their enrollment would go off a cliff.
I never claimed it was designed as a weapon.
Perhaps you'd struggle less if you knew what the word meant?
1. Characterized by or favoring absolute obedience to authority, as against individual freedom: an authoritarian regime.
2. Of, relating to, or expecting unquestioning obedience.
Do you understand what absolute obedience means? When a general tells a captain to do it, the captain better do it or else. Likewise when a captain gives orders to a private?
Yes, there are times when it's permitted to disobey an order, but they're edge cases. They don't sit down and debate everything so that, you know, like everybody's viewpoint is respected and then sing Kumbaya.
Total non sequitur.
What the hell has the constitution got to do with the competence of miltary communication technicians (as compared to dizzy teens and grannies), or the internal organization of the army?
My original point was that virtual inanimate objects don't have political opinions. If you can show how they do, then I'm all ears. Saying the internet is anti-authoritarian is like saying usenet is a communist.
P.S. I think you need to up your comprehension skills. It seems to me you see a word or two and just go on a rambling and largely offtopic rant.
The problem isn't the military. If you are fighting a war and in the military you agree to accept the authoritarianism to win the war and survive. This is not the same as the expectations of civilians. Authoritarianism in a military is necessary to maintain a chain of command. Nobody is disagreeing with the need to have a chain of command.
Where we disagree is on whether authoritarianism is a means to an end, or an end in itself. Some individuals and entities seek power for the sake of becoming powerful without serving any higher purpose. Thats not a warrior. Warriors fight for a higher purpose, whether it's the Constitution or something else. The individuals who fight for corporate interests or money are mercenaries, this is totally different from a warrior in that for the mercenary it's just about making money and gaining power. There are no ideals, no Constitution to obey, just get money and stay alive.
We already do that in Australia and have been for years.
I've worked at 2 ISPs with this policy.
One initially just denied authentication without notice, but both currently use a captive portal.
It's already happening. It is already a defacto industry practice.
So what exactly is making it law going to do?
It's mind boggling.
"Ohhh!!!! Look!!! People are solving problems!!!! Lets make it illegal for them not to!!11117"
ISP's do this currently with the most noble of motivations: To prevent their email servers being blacklisted.
Making it a law for them to do something that they're already doing is like what my mother used to do.
She'd see me pick up some plates, knives, put them in the sink and turn the tap on and then ask me to wash the dishes.
Stealing initiative and turning it into obedience somehow.
We need less control freaks in government.
It was "voluntary" for BP to set up a $20billion fund. And every vote for Healthcare reform was "voluntary" too.
Shall I go on?
That is very nice, how long before computer running bitorrent, ftp, ssh are classified as zombies?
What's more, there are no punitive actions required in the event of a false [OCILLA] claim.
The notice under 17 USC 512(c) and counter-notice under 17 USC 512(g) are made under penalty of perjury. Are you claiming that the DOJ is not required to prosecute allegations of perjury?
If you are running zone alarm, and a calculator program asks for internet access that is mal-ware.
A more sophisticated "calculator program" might have legit reasons for connecting to the Internet:
if you take "bashes" to include writing malware for - then if no one is able to write malware, windows is safe.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Once they get the get the infrastructure all in place, then they can start using for dissidents! Great plan.
and it will NEVER be used against dissidents.
But I was thinking about a lower level model.
There are only a few providers of core Internet switches. The situation is rapidly getting worse, with Huawei (a Chinese company) taking over the market.
Suppose an enemy knows of an exploit, possibly a back door. Suppose they flash the firmware with something bad, possibly just nonsense to make the routers fail to boot.
Suddenly we lack an internet. Most people can't connect to the next town over. The hardware needs replacement, but from what vendor? With several vendors eliminated, you have no choice capable of handling high-speed backbone traffic.
Yes! Punish users who choose not to defend themselves. If they can't take the time to read up on some basic security practices, then they shouldn't be using something as powerful as a computer in the first place. Maybe this will help cut back DDoS attacks.. If only we had a better way to find the controller of the botnet!