Slashdot Mirror
Finns Outlaw Virus Writing
Ecyrd pointed out that the Finnish Parliment has ratified an amendment making viruses illegal. It's actually not just illegal to use them - distributing them is illegal as well. The most interesting part of the legislation is that apparently isn't just using them - writing them is also a crime.
I hope so. :) (as a finn)
> the Bill cites the offence as a catch-all "Causing danger to data processing systems"
Oh-oh. Keep that coffee cup away from your keyboard!
Sheesh, evil *and* a jerk. -- Jade
if so, then, a type such as:
:)
fork();
fork();
would make me a criminal
Stupid law, and I thought my country's politicians
had a clue.
1) Yes, distributing a virus to unknowing recipients should be illegal. But shouldn't this already be covered under civil suits, electronic sabotage, etc.? I don't know the Finnish law, but it seems as though this sort of legislation should be redundant. It certainly would be here - we didn't need a new federal law to lock up Mr. Melissa. 2) Banning the _writing_ of a virus? Come on now. I bet you that the average Finnish legislator probably couldn't give you an adequate definition of what is and what is not a virus. I wrote many MS-DOS viruses in my high school days - gave a few to a VX BBS (which I regret now - I explicitly labeled them as viruses, and naively thought they would only be in the hands of the "responsible"), but most of them were just personal creations I made for the fun of it, and never distributed to anyone. Banning the writing of any computer program is simply absurd. Of course, all (or most) of us know this. But how can we communicate it to a legislature, and to the general public which elects them?
News at 11.
Seriously why don't they make it illegal to write OS's that propogate viruses? Just because you take a few of the "Johns" off the street dosn't meet the prostitutes aren't still there.
And for the humor impaired moderators this is meant as a joke.
AC because cookies don't taste good.
it was given a 1 because all posts from non-ac's without excessive karma (either way) is scored a 1 unless moderated otherwise
Need a Catering Connection
Well, maybe not full, but I'll try to explain what the proposition is all about:
First they define the word "virus", with quite statisfactionary technical detail. They shortly explain about trojan horses, mavroviruses, worms etc., and because of the lack of a proper generic term, they decide to use the word "virus" to cover all types of "malware" (later "virus").
They specify some general "objects" (targets) of virus attacks, like healthcare systems, air- and railway-control systems etc. They mention three elemements of protection; Confidentiality (Secresy), Integrity (No corruptions or modifications) and Availability (D.O.S. attacks). With the current laws, they can't bring to justice someone who has only *tried* to "send a virus" to such a system, but the virus had been caught before any damage is done.
One of the examples is of a guy that was keeping some 2800 viruses on his website, and lots of people were complaining about it (they had been infected by some of the viruses). The guy was claiming his actions were justified by "freedom of speech". There was no direct law against it so they had to adapt a law about destoying/damaging property, and even then, all they could do was shot down his account. There were other examples as well, the "Internet Worm" of 1988 was mentioned.
Then they go on defining a proposal to the law, which really is an addition to the mentioned law about damaging property (vandalism if you will).
They want to be able to punish people for *intentionally* distributing, writing new code or modifying existing code, whose purpose is to "harm Data Processing Systems or Telecommunication Systems" that "they" are not supposed to acces or tamper with (ie. somebody else's equipment).
Here is the fun part: They specifically mention, that this law would NOT apply to anyone who wants to write a "virus" just for fun or to test h[is|er] programming skills (even if it really did spread accidentally), as long as he doesn't INTEND to distribute the virus. Some may think this is going to be a loophole with every scriptkid claiming "they didn't do it on purpose", if they find you, they propably already know you intended to distribute it. After all, the "private" virus might spread when the computer is stolen, when the virus box is cracked, or by somebodys mock-up.
They define "Data Processing Systems" and "Telecommunications systems" quite loosely, propably because they don't want to leave a loophole for some "systems" that might not even exist yet.
They also define "Doing Harm to/Damage/Destroy" as not only maliciously deleting, modyfying or corrupting other people's data, but also D.O.S. attacks and similar that "violates" the system and the accessability of legitimate users of that system, or the "Data Processing Peace|Privacy", or "Pax Computationis". This also covers the disk space occupied by the virus code.
This doesn't affect "legitimate" use of virus code (for fun, for educational purposes, for the AV industry etc.), but it gives the government a more powerful weapon against people who do harm to other people by means of "viruses", in other words it merely patches the presently existing loophole.
And, please, don't mind about the grammar/typing eerors.
How do they define virus? Sort of ambiguous isn't it? What about backdoors in computer programs? Epiries? Remote admin TOOLS... Small programs designed to reformat/recover hard drives? Monitoring tools designed for use on university computers, but that could also be implanted on unsuspecting victims? Remote installation utilities. SMS?
BackOrifice has a command to freeze your computer, which is obviously malevolent. But it's open source, so you can remove anything you don't like and use it for system management. I think the authors of BO did want to make a useful remote management tool, as well as to show the flaws in Win9x security (ie. it doesn't exist). If it was only intended to be malevolent, why would they create a 3DES encryption plugin?
Could Microsoft could be charged under this law for there release of Windows 98?
To reiterate the catch-all: "Causing danger to data processing systems." How does one define "danger"? Does it mean "causing unexpected bahavior, interruption of use, or corruption of documents"? If so, then Microsoft distributes the biggest virus on the planet - it's called WINDOWS. And you even have to pay for it!
--
Fuck the system? Nah, you might catch something.
I'll admit that calling the origional B.O. a "legit remote admin tool" would be a little bit of a streach, but BO2K is as legit as you get.
Yes, it does have certain features that go beyond just nessesity. This is because the people who built it are hackers in the true sense of the word (and probably in the other sense of the word too, but that's beside the point).
Go, download BO2K, try it out, compare it to the other remote admin tools. IMHO it's the best one out there, and it looks and acts just as professional as the others. Just because it's well designed and featurefull doesn't make it a malicous trojan.
-- The act of censorship is always worse than whatever is being censored. Always.
Yes, take a look at tchrist's explanation, What's the Plural of `Virus'?.
-- Ed Avis ed@membled.com
The authors of BO2K on the other hand have clearly stated their intention to provide a system management tool. They even point out the potential danger when not properly handled and when combined with the security hole provided by the MS-Word macro language.
The question is who decides. Maybe now big companies like Microsoft have one more weapon to crush small competitors writing power tools.
-- ESH
Isn't it viruses not virii?
Yikes. How do you manage to run windoze? ;)
:)
Or maybe Italy will be the next source of all the geeks (on knowlegable grounds)... strategic move to take over the world.. I dunno
~Tim
--
Rushing on down to the circle of the turn
is dangerous because it creates a government of men, not of laws. If you are good friends with the judge he might just interpret the law loosely. But if you wrote an op-ed piece that criticized one of his old rulings, he might harbor a grudge and throw the book at you. Is that civilized?
In fact, I've read that in some countries everybody is an unconvicted felon, because the laws are so dense you have to have broken some of them, it's just a matter of determining which ones. Convenient, if you say something bad about the government, or if you become unpopular.
Legislators are too fast and loose these days; they should write laws as if they would be totally, totally enforced by an infinite police force, and by judges that always prescribed the maximum applicable penalty. Any law that would be unjust under such a system is unjust now, because the government gets to pick and choose who to enforce it against...
(There are some laws that would be very just under such a system, e.g., the law against murder. It would be great if all murderers got caught. It would be great if all those who have actually sabotaged computers, got caught, and had to make reparations. But should all people who write programs with surprising effects go to jail? No! Q.E.D.)
-- Blah blah blah
Since Finnish is not yet one of the major languages of the world, here's my translation of the relevant section of the new law. I'm not a lawyer or a professional translator, and I'm especially ignorant of English legalese--my apologies for the inevitable errors here. Also, this is only the version proposed by the Government, and the law that was actually approved may be different.
Malicious intent is the most important point; the program can be anything harmful, not just a virus in the technical sense. Also, a guide to writing viruses will qualify.Depending on how they defined virus this law comes awfully close to saying that certain ideas are illegal. Remember that a source for an encryption program was ruled protected speech here in the US, so this law would fall under prior restraint here.
Once again, legislators try to prohibit ideas and information, instead of making their irresponsible or malicious use illegal.
This assumes that no beneficial use for viruses will ever be found -- e.g. security patches that automatically spread and install themselves, or techniques similar to vaccinations where benign viruses are spread to train computer immune systems to attack damaging ones. Not a real issue today, but do we want to assume that it will *never* be an issue?
"trojan virii"?
Er, trojans and viruses are two different things. Also, most viruses aren't harmless programs as you seem to think.
It's a case of someone thinking they were clever.
If virus were a Latin word (which I'm not sure it is), then the plural would most likely be 'viri'
However, it sounds a lot more clever and exotic if you put an extra i at the end. I mean there's few enough words that end in one i, but two makes it truly exotic, so whoever came up with the word must be the cleverest person ever.
There's a lot of this kind of crap in language. Sometimes it works in reverse. How often have you heard of 3 things being back-to-back? That's just plain stupid. 3 things can be consecutive, ie. one after another, but they can't really be back-to-back.
What they are saying is that whether you knowingly or unknowingly distribute a file with a virus you are liable for the damage that it causes.
Through college I worked my way out of the MIS department of a large company (and into research with another). Most of the people there were computer capable, but not literate. They didn't understand scanning drives, they didn't understand what infected files were and ultimately, they didn't care - until it affected them. It took us almost a year in one case to clean the entire system (child companies in the SW and overseas provided additional problems). We would clean the Servers, and then boom, once again the same files would appear as infected as before. We had to go to over 400 PCs at our location 600 about a 30 miles away, and create simplistic documentation for several other plants, offices and hundreds of field reps to follow. Old virus software detected the problem, informed people of the potential hazzards, but because these things were deemed "mission critical," people stupidly continued to distribute them, download them, work with them, etc...
Blatantly ignoring a problem nearly crippled our company. Even though the people were uneducated about viruses, they made no effort to report problems, viewing this problem as one that would just "go away," like a cold or the flu...
It is vitally important (especially the way the internet is expanding) that people make an effort to take responsibility in cleaning their files, machines and so on.
You say you want a revolution?
"The law states that any program that causes danger to data processing systems and is freely available for download by visitors is a virus," In many software packages, a warnings are included, "ie, we are not responsible for the loss of your data blah blah blah". A good example is a beta version of drive partitioning software. The distrutores may even have a known bug list, thus are knowingly distributing software that may damage a system. If someone is now damaged by this software, is this clause of their license now void, because it was not actually software to begin with, it is a virus? can they be sued? Also note, windows is not affected, although it does do damage, it is not available for free download.
People in other countries watch American TV? Must be some new kind of torture..
Besides, neither of the two examples you listed had anything to do with the media. I'm sure a few people outside of the States consider that awful show with Chuck Norris to be some kind of documentary but I, for one, am not buying it.
~ Kish
Think about it. If it's illegal to distribute virii, then it'll be much more difficult for anti-virus software producers to get copies of the virus in order to write an antidote.
Werd.
yes, true, ulterior motives indeed. Like experimentation: alife, mobile agents, data mining. Many, many new apps are arising soonly from the virus base. Too bad none from the finns?
Wow! I hope they mean INTENTIONALLY transmitting them is illegal...
Otherwise, over 50% of my company will be arrested...! (not me, of course...)
-- You can't idiot-proof anything, because they're always coming out with better idiots.
AC said: And I'm interested in nitro-glycerin and fertilizer bombs. Does that mean I shoudl be able to play with them?
Yes, it does. If everybody who wants to play with explosives, weapons, and other dangerous things do, then they won't live to reproduce and spread their idiocy through the gene pool. That's why I'm against gun control, but don't wish to own a gun.
Isn't this something for YRO? While I despise virus writers as much as the next guy, I find the idea of being forbidden to code something in the privacy of your own system very chilling, in the order of surpressing knowledge/censorship/dystopia.
Much as I enjoy both your work and the classical tounges, I have to disagree. English may have descended from the Indo-European family, and much of its vocabulary may have evolved from the Latin, but it has also aquired many characteristics of the trade languages insofar as terms in the English language are indiscrimanently purloined, mangled, and reapplied at a recent rate which makes semantic drift inversely analogous to continental. The same thought can be applied to the grammar. I think the word for for this is, unfortunatly, "postmodern". I will call the multiple virus virii. Those who create them do so and at this time I cannot think of a higher authority.
scogan@(for the moment)gmx.de
How will they enforce this law? How will they track down the virus writer?
Some questions for thought.
So according to the Finns if you happen to be a crappy programmer and your program accidently destroys data, you can land in jail... So when are we gonna see an indictment passed down to Microsoft?
How can people be allowed to make laws regarding something they know nothing about. Are politicians being advised by professional programmers or sys admins or anyone else who might understand what's going on? It seems like politicians are not tech heads.
...That come from Microsoft? Would those be illegal also? ;)
Geeky modern art T-shirts
[asb@pingviini asb]$ cat > c.c ./a.out
#include
int main() {
fork();
fork();
return 0;
}
[asb@pingviini asb]$ gcc c.c
[asb@pingviini asb]$
[asb@pingviini asb]$
Hmm. Are you sure this counts as a DOS attack?
Antti S. Brax - Old school - http://www.iki.fi/asb/
Ok, so i'm a finn and I can't put my viruses on a finn website. Boohoo, I'll just put them on a geocities website. My plan for a new goverment, is that everyone in a disicion making department must take a test on what they are trying to regulate. Uf they don't pass the test, they don't get to vote.
Hmmh, does this mean that I was wrong moving from Finland to Netherlands?
I knew this guy who had >5000 bagged specimens on a public website (until they shut him down.)
I guess this is just one more example of how the lawmakers act out of fear generated by their ignorance. A scared politician is a very scary thing(tm).
"Who the hell is General Failure and why's he trying to read my hard disk?"
"The decisive second reading of the Bill cites the offence as a catch-all "Causing danger to data processing systems". Under the terms of the new law this will be punishable by fines or by prison terms of up to two years. It is hoped to get the amendment into law as quickly as possible."
Maybe Linus moved to the U.S. because he peered into the future and knew this was coming.. Or, ah, maybe not.. Soo! Is it just me, or could just about any program "cause danger to data processing systems"? Does this thing have a provision for whether or not it was even intentional!? I mean, what if what you have is a program with a bug in it? Even if you didn't mean for the program to have a bug, before you even get it through the debugger you've committed a crime! At least, that's how it appears from that article. If I were Finnish, I'd be moving out of the country or giving up the idea of becoming a programmer. Ha!
~ Kish
In Germany writing virii is illegal for YEARS now. Any activity damaging a computer or data medium is punishable with up to 5 years of jail time.
So, is playing core wars now illegal? Sometimes writing malignant programs attempting evolution on one's computer (or network!) is a great way to learn about logic, memory protection, and security. If one cannot experiment in their own room on their computer legally, there will be either secrecy or a bunch of mouse pushers come next decade.
First, I think that has already been said, but is worthy of mention again, it will make hurt anti-virus companies trying to get copies of the latest virii.
Second, many people just write virii for fun to to test their programming skills. This would be hurtful to the Programming community.
Third, I know the first amendment dosen't apply outside of the US, but, this is still a violation of freedom of speech.
Fourth, how about the source code to a virus? It in and of itself isn't harmful, you have to compile it and execute it for t to do anything. I guess they actually outlawed the compilation of virii, not writing them.
Fifth, define `Data Processing Systems'?
That's my 1/50 of $1.00 US
JM
--Justin Mitchell
"2nd Place is a fancy word for losing" --Bender (Futurama)
Think about it with this handy comparision guide...
Virus:
Spreads itself across your hard disk, and tries to make itself impossible to remove.
Micro$lop
Internet Destroyer 4.0
Virus:
Appropriates HDD space unnecessarily
Micro$lop
Turd '97
Virus:
Causes system crashes
Micro$lop
Win *
Virus:
Causes loss of data
Micro$lop
M$ Orifice 2000
Virus:
Can be a security risk
Micro$lop
SAM files
So Linus was the first; now the Finnish government is giving Bill a hard time :)
Strong data typing is for those with weak minds.
The AV community WILL NOT BE HARMED by this. They may be put out of business, but even that seems unlikely. "The intention to bring harm is the primary criteria[sic] for bringing charges". Please folks, what Finland is doing isn't really bad for anyone except those Finns who want to do bad bad things with virii!
This needent go under YRO, since it is just another way to help slow "cyber crime" in Finland. Note also that downloadable code is just as bad, so don't put links to files. As long as you're an innocent, you're fine. Pleeeaaase read the article...it clears everything up.
Regards,
-efisher
---
this
HELSINKI (Reuters).
In a surprise move, an arrest warrant was issued by the Finnish police to capture Linus Torvalds under the nation's new "anti virus" law.
"The law states that any program that causes danger to data processing systems and is freely available for download by visitors is a virus," said Lt. Hakk Daeta. "The linux kernel poses a danger to Windows, which is a widely used data processing system. Many legal scholars have testified to this. And after Torvalds blatantly put out this virus, millions of PCs have been affected. He must be stopped."
Meanwhile, rumors persisted that Torvalds was seen on the Jerry Springer show, on an episode titled "My PC is too sexy". A man who appeared on the show wearing a paper bag over his head made the suspicious statement that "I am innocent. I just showed how it must be pronounced. It is lin-nucks, not line-ux."
Police are still searching.
Core wars is about writing programs in redcode that attack each other. This is different from a virus which straps onto another program and replicates, often killing the host in the process, much like a virus that would attack a human. Okay, perhaps there is a fine line between these two, but here are some major differences between redcode programs and real programs:
1) redcode isn't a real machine language (or at least I don't know of any chips that understand redcode), so a virus-like program in redcode can't damage anything.
2) most real computers don't have 10000 or so bytes of circular memory.
3) if a redcode program could be ported to a real computer, it would simply crash the machine or be halted by the OS for violating memory protection.
4) most modern computers don't have instruction sets that include "mov 0 1" and the like -- making it difficult to port even the simplest of recode programs, the imp.
What is wrong with computer virii? They are completely valid, and even subjects for scientific study. They are a learning mechanism also. They are intriguing and pose interesting questions. Will they outlaw genetic algorithms next? Maybe they'll outlaw sex because it is used in porn.
It's 10 PM. Do you know if you're un-American?
But, in medicine, the plural is always viruses, never viri. Perhaps this would be good way to distinguish between binary coded viri and nucleotide encoded viruses?
My plan for a new goverment, is that everyone in a disicion making department must take a test on what they are trying to regulate. Uf they don't pass the test, they don't get to vote.
I want something similiar. I want the "enlightened democracy" where everyone that wants to vote (for parliament, etc.) need to go through a test - to show that they know what they're voting at. 50 or so questions about what diffrent parties want. If you get more than 75% correct, you may vote. If not, you may go home and rehurse, and come back and take the test again.
The point is - nobody is going to be *excluded*. There should not be "right" and "wrong" meanings. The point is that people should know what they're voting at.
--
"Rune Kristian Viken" - http://www.nwo.no - arca
And will I be arrested if I have Communist literature on my website? How about descriptions of nuclear reactions? What if I only keep SOURCE to the virii on my site...is THAT illegal? This is ridiculous. I have downloaded virii binaries and source because they are excellent assembly programming tutorials! Banning them outright is stupid. This is a thought crime as somebody else mentioned...1984ish.
It's 10 PM. Do you know if you're un-American?
Actually, it's just like making a bomb. In most places, even building a large fertilizer bomb is illegal because of the damage it can do. Computer viruses should be handled the same way.
BO is considered a virus by many but isn't. It's a program. But the question is, would a Finnish Court see BO as a virus?
The "many" includes certain producers of anti-virus software.
More intertesting is that the produces of NetBus (in the neighbouring country of Sweden) are considering legal action against anti-virus producers. For blacklisting their product for reasons which appear to have more to do with anti-competative behaviour.
NetBus does not use the kind of inuendo which would give BO an image problem regardless of anything else.
Whether they can run in a stealthy fashion, and wether they were specificially designed to run as such, as a primary design objective, makes a lot of difference.
Is there a way to create a process which is visible in the Windows task manager, but cannot be killed by the user. Including in a "low resources" situation?
I'll admit that calling the origional B.O. a "legit remote admin tool" would be a little bit of a streach, but BO2K is as legit as you get.
The only real problems are some of the names and terms associated with the product
Yes, it does have certain features that go beyond just nessesity.
Though one admins "unnecessary" is another admins "essential". Though there are some apparent omissions in the bundled client. e.g. sending commands to a group of clients, scheduling of commands, etc, etc.
it looks and acts just as professional as the others
IMHO professionalism is lacking in the client slash screen, the product name, the legacy plugin name. None of this makes any difference to the programs functionality, just that they make it difficult to avoid upsetting managment types.
Back the the first point - we see the government trying to protect its people by banning "something" - specifically, in this case, viral code. Why this, and not many of the other "things" that are (primarly) harmful? The obvious selection - firearms. Why not ban guns? Or biological weapons facilities (most industrialized "1st world" companies have them, in some capacity)?
Nearly 80 years ago a "First World" country came up with the idea of banning alcoholic beverages. The results were
a) More alcoholics.
b) Organised crime.
As for banning firearms only one country AFAIK ever tried this, Japan. They reversed this policy when it became obvious that not having them was a poor protection against another countries (the USA) military which had them.
Learning from history does not appear to be something polticians do well.
Vandal: "I wasn't vandalizing his car, your Honor, I spray-painted it as an expression of my artistic individuality."
The problem comes when the law regards someone customising their own car (or an organisation putting their logo on their fleet vehicles) as being exactly the same as the "vandal".
Which is the kind of possibility. e.g. "This software update uses methods like a virus to spread, you can't use it", "You can't use this remote admin program on your LAN, `cos your users can't see that it's running" which are cropping up here.
The problem with outlawing, say, the writing of books on making bombs is that it's entirely too close to outlawing THINKING about making bombs. And as we continue to outlaw more and more kinds of thought..
As if this will actually stop any terroist making a bomb.
I remember reading somewhere that in the order of 1 million people know the supposed secrets in constructing a fusion bomb...
Hmm...I guess nobody can post info on encryption or decryption algorithms because they can be used to avoid or break the law. Also I guess bugtraq lists cannot be on the web because they can be used to break the law. Whoops...there goes Packet Storm (well, it's not on a Finnish server luckily).
This is so stupid. Thought crime. Really stupid. How about banning the manufacture and dispersal knowledge in general? Knowledge is very dangerous. Led to guns and bombs and such. We should ban all knowledge. In fact, the ISPs are a party to this evil activity. We should shut down the net and live in caves.
It's 10 PM. Do you know if you're un-American?
This new law raises intersting topic for debate. Here, we see that the government has banned the production and distribution of "something" that has, traditionally, been used for malicious and/or damaging purposes. Fairly straightforward.
However, upon closer inspection, we find an inherant flaw - what constitues the now "illegal" viral code? A somewhat sesible definition of a virus, can be found at "whatis.com/virus.htm". The key point in any defintition seems to be : "A virus is a piece of programming code inserted into other programming to cause some unexpected and, for the victim, usually undesirable event.". Again, decent enough.
However, what about "software patches" ? Upgrade packs, the (in)famous Microsoft "Service Packs", and the like? Generally speaking, the user doesn't really have any clue how, or what, these are doing - beyond "fixing broken things". These patches insert their code into the parent program, usually modify the behaviour of the program in some way, and sometimes result unexpected results (option removed, feature added, etc..). That's all the criteria of a virus, right there. Should these be illegal also?
Back the the first point - we see the government trying to protect its people by banning "something" - specifically, in this case, viral code. Why this, and not many of the other "things" that are (primarly) harmful? The obvious selection - firearms. Why not ban guns? Or biological weapons facilities (most industrialized "1st world" companies have them, in some capacity)?
If we'd like to get a little paranoid/"Evil Future Governement" about it, we could go as far as to speculate that the government can (and will) start to ban all manner of things it considers "bad for you". Meat? Cow Milk? Free Speech? Ah, the wonders of Totalitarian government.
By now, many of you might be thinking "man, this isn't the x-files, our government won't go THAT far". Yes, you're probably right.. of course, you don't code viruses...
.------------ - - -
| big bad mr. frosty
`------------ - - -
Actually, Windows can crash your computer a whole lot faster, Melissa wasn't a virus, it was a worm. It didn't harm anybody/anything (s/e-mail servers). OTOH, Windows can crash 85% of all computer. So while Melissa was clogging e-mail servers, Windows was crashing those same servers.
That's my 1/50 of $1.00 US
JM
--Justin Mitchell
"2nd Place is a fancy word for losing" --Bender (Futurama)
______________
______________
OTTERS RULE.
If distributing virii is illegal, people will eventually have to stop using Windoze... ;) After all, by copying anything from a Windoze box, you run the risk of distributing an unknown virus... ;) Come to think of it - it's coming from Finland, where Linus comes from... A conspiracy??? ;)
AC said: And I'm interested in nitro-glycerin and fertilizer bombs. Does that mean I shoudl be able to play with them?
Yes, it does. If everybody who wants to play with explosives, weapons, and other dangerous things do, then they won't live to reproduce and spread their idiocy through the gene pool.
Or they might get very rich and establish a prize fund for people making notable acomplishments.
Like a certain Mr Nobel did...
Leaving most of the crud out, I have to comment on the differences of the Finnish and the American judicial systems.
The USA system has much better safeguards against being used as a political weapon; the law really is applied rather honestly. Take the recent Finnish 'criminal' case where an environmentalist got an 6 month sentence for letting out some foxes. The next case the court made a decision on was State vs. the farmer whose foxes were stolen and who actually shot these young environmentalists with a shotgun. He was fined.
I'll say, cases like these make a person like me, a rather cynical liberal technocrat sick in the stomach. Had those environmentalists been caught but not fired at, I wouldn't have cared less if they were sentenced by the strickest but actually for the lower AND higher court to _reward_ the armed assault on the environmentalists in the name of furthering lawfulness in the nation...
However, on the civil side of the business, the Finnish system beats the American hands up! Pun intended. The judicial system can actually sanction the actions of corporations and personal responsibility is the norm. Unless of course you happen to be politically connected.
Otherwise, Finland is a great place to live!
Hey, guess who'll vote for the Green Party in the next elections.
True.
False. The proposed law I read (I didn't go looking for the passed law, but I'm assuming it didn't change for worse) specifically and strongly emphasizes malicious intent. Writing and distributing exploit software is allowed as long as you haven't got malicious intent. Even writing and distributing viruses could be considered legal, if the prosecution cannot prove that you had malicious intent (or IRL: if you cannot prove that you didn't have malicious intent when spreading that virus you are considered a criminal you probably are).
So, let me summarize: you are allowed to do pretty much everything you were allowed to do before this law passed (even write viruses to find out if you can), but as soon as you distribute something that is clearly a virus or malicious program or instructions to write those things, you can pretty much bet on it that unless you can clearly state to the investigating police or the court that you didn't have malicious intent when doing so, you are a criminal as far as the Finnish justice system goes. This may sound harsh, but the truth is that the police won't investigate a thing until something bad happens, so you don't have to worry about the police even if you develop and distribute software that searches for vulnerabilities, as long as you clearly state that the software is for enhancing security, not for compromising it.
I believe that to find out how this law works in practice, we need a case or two going all the way up to the supreme court. I trust that if/when that happens that Slashdot will be there to tell you stupid Americans how we handle things here in Finland (we handle things the right way, Slashdot just reports them the wrong way (I'm serious)).
Oh, just to let you know, I think that the passed law is A Good Thing, even though it doesn't allow us to sue a certain William Henry G. for distributing software that obviously is harmful to computers, unless we can prove that he had malicious intent.
- HoppQ - Now where's that Babelfish for legalese?
PS. I don't think that all Americans are stupid. Neither are all Finns. Those Americans who name their kids William Henry even though they know for certain that he will end up called Bill are idiots. Bill isn't even a proper name if you ask my opinion (so better not ask).
My sig will be released in 2015 third quarter. Rating pending.
IANAL but unless I am way off, you would have nothing to worry about. The law is directed against the intent to do damage by way of virus, trojan, etc. rather than the mechanism itself. Trojanning to get around a balky OS seems completely acceptable IMHO.
can still play with itself anyway it wants to and smoke all the dope it wants in the privacy of its own protectect memory space.
This summer I was approached by my project leader and told that in order to do the neat little things on our embedded system that we need to do, we have to write a virus (really more like a trojan horse, the details of which I can't discuss, sorry [NDA]). Now, we're the makers of the embedded hardware and the software that runs it. Acording to this article, I would have been arrested just for doing my job! This also means that Finland cannot purchase any new versions of our product because it intentionally contains a non-destructive trojan horse! How rediculous is that? Somebody needs to get slap happy with the clue stick. I'm getting tired of beaurocrats making decissions based on a common wealth of ignorance. Just because some program is masqueraiding as another program does NOT mean that it is malicious in nature. In this case, the trojan horse approach is a saving grace! There would have been no feasable way of doing the same process without tricking the embedded OS into thinking that our program (trojan-horse) was something that it was not. The OS just wasn't designed that way.
Any hammer can crash your computer as well. I am sure semantic cleverness isn't going to subvert this law.
A screwdriver can be used to break the law.
But a screwdriver's primary use is not to break the law, nor is that it's only purpose in being created.
Clever word games don't obscure the fact that viruses are written solely with ulterior motives in mind. No matter whose brat is claiming to the contrary.
You don't think the law will be well defined?
Surely you've been around long enough to know that laws can be clearly written and administered.
Just because people think Back Orifice = Virus, or Back Orifice = trojan, or even that Back Orifice = rootkit, I thought I should explain that it is none of the three. It posseses none of the characteristics of a virus, trojan or rootkit. (It can be PART of a trojan, it can be used to implement a rootkit) In reality it's only a remote control system, not unlike PCAnywhere. It just happens to be stealthy.
----------------- "I have a bone to pick, and a few to break." - Refused -------------------
It's even possible that virus pertained not to the second but to the fourth declension, which would change the matter as well.
The word becomes invariant in most modern languages, but for some reason, English elected these viruses rather than *these virus as one might otherwise expect from the modern Romance tongues.
You can read Far More Than Everything You Ever Wanted to Know about The Plural of Viruses if you'd like.
Calm down.
The article very clearly says:
"The intention to harm becomes the primary criteria for bringing charges". The primary criteria. I also verified this from the finnish (paper) version.
It is not enough to bring up charges if you just distribute a virus, there must be proof of intention to harm. Before this law, you could've spread a nasty virus to every single PC in Finland, but if the authorities found it a couple of days before the activation date and all the viruses were killed, you could have walked out with no charges.
Kinda like if someone's threatening to kill you, and the police tells you to call back when you're dead, because there is no law making anything else than murder illegal.
Actually, this has been the subject of learned debate on comp.virus and alt.comp.virus at times.
Good! I've always thought that if you give children something else to do, they won't spend all their time breaking the other children's toys.
Any suggestions for other ways to encourage topic drift on those newsgroups?
the latin word "virus"(which translates to venom) has a plural case of "viri." the English word "virus" (derived from the latin but not the same word) has a plural case "viruses" BTW the latin word for man is "vir" whose plural is also "viri"
MoatBuilder
Don't get too cocky just because you run linux. Ever downloaded a binary (perhaps an rpm) and installed it? or maybe run someone else's binary as a user, then done an "su"?
unless you're really damn cautious, you are vulnerable.
and since a good rule of thumb is that anyone with an account on a 'nix-ish box can probably get root some way or another, you have to be more careful than you'd think...
Whether they can run in a stealthy fashion, and wether they were specificially designed to run as such, as a primary design objective, makes a lot of difference.
As you point out, masqueradeing as an explorer.exe thread. Don't use weasel-phrases like Neat Trick to describe a design 'feature' that clearly identifies that BackOrifice is a criminal hacking tool, not a SysAdmin tool.
Please don't be so smarmy.
Why not just outlaw computers entirely? (since you're proposing outlawing 95% of them)
Slight exaggeration doesn't even -begin- to cover what you said in the first paragraph if you are talking about the U.S. heh. More like some things blown wildly out of proportion and others total fabrications. :) Makes me wonder what sort of things most people -really- think about the U.S., since I know a lot of total -fools- who think we still ride horses to school/work in Texas. Gaahh! The idiocy.
My making light (that is, making humorous [!?] comments) about the subject is my usual style of reaction with regards to something so patently ridiculous as that law seems to be from what that article suggested. To be honest, I wouldn't move or give up programming, I'd try to get the law changed. At any rate, if that article is indeed accurate as far as that goes, "suck" doesn't even -begin- to describe that law.
And yeah, even though your comments in your first paragraph were a little "off", every country has a good number of incredibly stupid laws, past and present (ugh.. CDA.. blah!).
~ Kish
Vandal: "I wasn't vandalizing his car, your Honor, I spray-painted it as an expression of my artistic individuality."
Judge: "Case dismissed."
Every human endeavor can be justified by someone. Yes, there might be some legitimate reason to write a program which formats the hard drives of complete strangers, but I'm sure the Unibomber felt justified, too. I know, it is very popular to bleat about any percieved limitation of human rights, but can't you resist the temptation once in a while and use your brain instead?
Remember that to the Iraqi government, one of their nationals who wrote a program which attacked all *.gov addresses would be a freedom fighter. To us, he would be a terrorist. No, I really don't care that someone sits in the privacy of their own home and write virii with incredibly destructive potential. I guess it is good intellectual exercise. However, if that virii gets distributed, intentionally or otherwise, then the author should face the consequences.
'But your Honor, I didn't mean for the super-toxin I formulated in my kitchen to escape into the outside world and poison millions of children. I designed it to kill rats in my cellar. Honest!"
"Case dismissed."
And do you know what? Even if the Finnish law does criminalize the mere writing of virii or trojan horses, I don't care, either. It is against the law to build bombs in your basement, as well. "But I need the intellectual exercise! My cerebral cortex was getting flabby!" Read a fucking book. The library is full of 'em.
Lastly, no one will KNOW that you are secretly concocting virii or trojan horses in your basement if you don't distribute them. If you are breaking the law and are such a dork that you are publicizing the offense, you deserve what happens to you. "But it is my RIGHT to distribute the fruits of my intellectual endeavors!" Or: "It is for educational purposes only!" Yeah, right. And the links to cracks on www.astalavista.box.sk aren't really intended to be used by anyone. How about putting a bowl of poisoned Snickers in a busy shopping mall. Put a big sign above it that says "DO NOT EAT - DEATH WILL RESULT IMMEDIATELY." Put it in multiple languages. I'm sure the judge will be lenient when you explain that it wasn't YOUR fault that anybody died. You were merely the distributor, and you DID put a disclaimer!
Neopets - the best free game on the Int
The programming of viruses is what got me into programming in the first place. I simply would not be interested in it, if it weren't for virii. It's a fascinating area of programming, and its startling as to how similiar the mechanisms of a computer virus, and a biological virus are. I think virii fascinate me, because they're essentially very primitive, but effective AI programs. I've never intentionally release one "into the wild" (one did escape once, however. Ah, the Amiga days!) Virus writing is to programming, what Tic Tac Toe is to games. Of course, if you just want to destroy stuff, you can go to hell ;)
What about a potentially valuable tool like Back Orifice or even Microsoft's remote registry editor?
BO is considered a virus by many but isn't. It's a program. But the question is, would a Finnish Court see BO as a virus?
What the world doesn't need is knee-jerk reactions from people who aren't knowledgable enough about the topic.
I conclude that the Finnish Gov't doesn't understand the problem and has crafted a typical, beaurocratically inept response to a problem.
The protect of a computer system is the responsibility of the sysadmin/user.
some karma... and kinda lukewarm about it.
And most of the other "remote administration tools" for Windows can hide using similar meathods (well, mabie not acting as an explorer.exe thread, but then that's just a Neat Trick(TM))
-- The act of censorship is always worse than whatever is being censored. Always.
Don't be childish.
Didn't your mom teach you not to use profanities when engaged in an adult conversation?
Helsinki News Service: "Man yells fire in crowded theatre, dozens trampled. Government responds by banning use of word 'fire'."
Seriously, my first introduction to virus protections came at a PCUG meeting. The speaker was explaining how to protect yourself against virii. He proceeded to write a virus in ten lines of DOS batch file code. Then he tried to infect the demo computer with it. It failed of course, but seeing exactly how a virus worked was very helpful.
Question is, what possibly criminal act was he committing?
A Government Is a Body of People, Usually Notably Ungoverned
You've completely missed my point. My point is that in the mainstream the term "virus" has been used for trojan horse "programs" or whatever you want to call it. How are these terms defined, and how can this definition keep coders clear if they have a nasty bug in their code.
Don't bother responding, I already have the answer.
It's always an excellent experience to root a Unix box. Because the simplistic 1980's security model of "all power is given to root" grants a cracker such power once they've breached security.
Certain other OSes (shall I say, MOST other OSes that have robust security models) have more granular security mechanisms. With Windows 2000 Microsoft is promoting Kerberos as the default security mechanism, for instance.
Ten years ago it was common knowledge that security was a joke on Unix systems. Times have changed, to be certain, and additional clowns have wandered onto the stage, but Unix security based on a monolithic ROOT superuser is still rather pathetic.
This is great actually. Now, when I move to cyber-Helsinki I won't have to worry about cyber-STDs and what not!
~Caliban
I have a classical citation that shows virus being invariant in the genitive. I challenge you to produce any classical instance of virus in the plural.
Good points you make.
I was going to point out that Knuth doesn't appear to have written very much on computer viruses. (though I do have an interesting book "A Pathology of Computer Viruses" that Springer-Verlaag published.)
Ha! At least I qualify my statements. I never claimed to be some "big expert" in Finnish law.. not like you apparently are in American law.
"In Finland, judges are allowed and _expected_ to use common sense; not a common thing in the States."
That's the ignorant thing I've ever heard in my life (well, not really, but it has some ranking there).. The Judicial Branch of the U.S. government is actually one of the best places to look for intelligent decisions. Can you even begin to /imagine/ all of the idiotic laws the U.S. would have if the Judicial Branch didn't rule against them? Ha! Of course, it seems interesting that the people with the most "well-researched" opinions on American law (or the U.S. in general) can't even speak proper English.
The stuff in between is even less worthy of remark..
"But you're american, and there this kind of thing would surely happen. - USA created Bill, Finland created Linus -"
How in the hell does that register in someone's brain? Is Linus the leader of the Finns? heh. Besides, Linus isn't all that remarkable if you don't consider his programming ability. If not for Richard Stallman (or is he Finnish too? yeah right) Linus wouldn't have had a GCC to play with, would never have thought of something like the GPL (if you disagree on /that/ point, perhaps you should do more research on how their political viewpoints differ as far as software is concerned), and it's really doubtful he'd have put together an entire OS by himself without the help of the FSF. By then we'd all be using some flavor of BSD, anyway. heh! As much as I love Linus, all he is is a really good hacker. We have Stallman to thank for the current state of affairs in the software community, for it was his philosophy, whether you agree with it or not, that set it all into motion. And he's.. oh no! American! He's even an atheist. Scary.
At any rate, the U.S. has many people living in it. Rating an entire country by one person is biggotry of the highest order. I'm moving to Canada.. permanently.. as soon as possible. Why? Because I don't think Canada sucks just because I hate Alanis Morisette. heh!
~ Kish
Intresting, but how will they "Decide" what a Virii is.. Like Windows Can Crash Your computer just as easily as the Melissa Virus can... Does that Mean Finns can't use Microsoft Windows?
-GRiM
Alot of the lame trojan virii out there are just regular programs that do funky-ass stuff when you execute them. Does that classify as a virus? They're technically just programs where the does not know the effects of it. When the user is stupid enough to execute something he/she doesn't know the effects of, does that still make it a virus? Most of this I've been assuming is media misrepresentation of the term 'virus'.
I guess it's illegal to sell Windows there now!!
Ha ha ha!
Please define a virus. I guarantee that this law
can outlaw many "legitimate" pieces of software.
--Michael Bacarella
Hmm, what worries me is the "no actual damage need be done" part. I think that regualtion of behavior was based on _impact_ to society.
I think all governments would do better to strike laws that regulate non-harmful behavior than to make up laws against behavior that is potentially harmful. Intent is difficult to judge at times. Damage is pretty clear.
That said, my remaining question is: Was it actually legal there to cause harm not _danger_ to data processing systems. Why did they feel the need to pass this law?
--- If you don't want to know the answer, don't ask the question.
Shouldn't the plural of "virus" be "viruses"?
"Virii" may be the plural of "*virius".
This sounds too far reaching. If distribution is illegal then what happens to valid research? Somebody needs to write anti-virus software. What about accidental distribution? If I accidently infect some computers in my workplace and have a troglodyte for a boss could he accuse me of breaking the law and have me carted away? Sure, when it comes to court I'd probably be exonerated but in the mean time my reputation will have been damaged.
Virus distribution should be illegal in the same way vandalism is. You can carry around rocks and bricks without breaking the law, use those rocks and bricks for vandalism and you do break the law.
I really feel a bit strange about this. I think anybody who writes a virus for the purposes of infecting anybody should be locked up, but from an intellectual point of view they're very interesting.
Isn't this partially why we (well, most of us) run an alternative OS, so that virii are not a worry?
.fi, you don't have to really outlaw virii, just outlaw Windows and the virus problem disapears, afterall, only root can truly screw a linux system over...
So you see
Seeing as any code fragment could be incorporated into a virus will this effectively outlaw coding?
To quote from the article
Now call me paranoyed but this seemes a little too general... Will this also be extended to bugs in opperating systems that cause 'danger to data processing systems'?LES..
Executive Summary: No-one will be behind your door to examine your hard disk without some other evidence against you.
--
Pirkka
Simple explaination for simple mind:
Are wanting "good guys" to be able to see virus sorce code so they can defend self against "bad guys" more easily, yes?
Getting kind of touchy, because your hobby might become illegal?
Serial killers have a hobby that's been made illegal too.
There are some areas of the USA where sex is verry nearly illegal anyway...
You make a statement with no evidence. You are full of bullshit.
The concept is admirable, but as with so many worthy concepts when the parliamentarians get a hold of things, the end result isn't normally worth a jot.
/.ers I imagine) the BUGTRAQ mailing list, while it doesn't distribute virii it does tell you how to replicate potentially damaging security flaws, does having those mails on my system count?
The phrase quoted in the article, "Causing danger to data processing systems" - is that too vague to be meaningful or too ill-defined to be useful?
The trouble with clauses like that is that they have to be very loosely defined otherwise loopholes will appear all over the shop, but by defining things loosely you'll make charges tough to stick. QED.
When is a virus not a virus? As has been pointed out, anti-virus software might be a little tricky to write. More though, obviously there's an element of intent to this, but we've all written silly mistakes which have had unfortunate repercussions - do they count?
I'm on (like many other
Nice idea, though, we shouldn't necessarily chastise them too much for trying!
--
"I do not speak for my employers, though they are controlled from my Teddy's huge pulsating brain."
I just live here, but all the texts I've seen have been in Finnish. Admittedly in Finnish that sometimes is almost as hard to understand as Latin, legalese being the same everywhere. :-)
Can anyone confirm or deny: One time I heard that the official language of the Finnish parliament was Latin. (I haven't a clue why)
quid quid latine dictum sit, altum viditur
I accept the fact that all laws are selectively enforced. Indeed, many states and munipalities in the US still have sodomy laws on the books (which usually ban oral and anal sex, in case you thought they didn't apply to you...) It's nice that these laws are not enforced, athough it would be nicer if they were not enacted. Even when created they were not intended to stop what went on behind closed doors, just to keep those activities behind closed doors.
I feel that laws should be enacted, as much as possible, to punish actual harms created by actual behavior. All laws like this do is to remove the hard problem of actually catching somebody that committed a crime.
After all, if we are so concerned about viruses, maybe we should make compilers and assemblers illegal as well. Heck, ban computers.
--
"L'IT c'est moi!"
And I'm interested in nitro-glycerin and fertilizer bombs. Does that mean I shoudl be able to play with them?
That definition is lame and unworkable.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
But in Italy we don't bother much about such laws, as we have learned to not interpret the laws so strictly.
Our motto is: take it easy!
Markus Senoner
--
So much for CS at Finnish Universities.
First, make it work, then make it right, then make it fast, then, make it bloated!
i hope one cannot be held responsible for "distributing" a virus such as melissa that does so on its own... just my $.02
Perhaps now we can get rid of that dreaded microsoft virus (the one that destroys data and crashes computers all over the world).
Or perhaps even better, completly outlaw this new gnu virus. A virus not only affecting computers but also a one that seems to bee able to transform normal placid geeks into rabid free software fundamentalists.
At least according to the above, someone who got a virus, and sent it to a anti-virus vendor would not be prosecuted. It seems to be more of a blanket method for going after the authors themselves, the various sites that post viruses for "educational" purposes, etc.
---
"Go Metallica. Die RIAA." -- Linus Torvalds
I don't have any comments on the subject at hand, i just want to comment their news value.
I happen to live in Finland at the moment and well, im a regular slashdotter. And yes, im a bit amazed to see 2 news headlines about Finland. Well, im not amazed because of the amount of headlines but because of the topics! Man, who reports this stuff ? HPY has been creating this virtual Helsinki for years and making virus distribution & writing them has been a headline aint so new thing at all. IT Media has been talking about this for quite some time now.
Btw, Nokia has prototypes of those 'cellphone-digitv-browser' thingies allready. Someone with a good scanner should post those pics. (Check out last Tietoviikko!)
I understand the standard way of handling security problems at, say, international bugtraq lists, is to publish source for a test program that exploits said problem. So an important method of security development would be illegal in Finland.
Isn't this exactly the same point as with efficient encryption? If you prohibit it, only criminals will use it, leaving everyone else more vulnerable. Hey, software is not totally alike guns.
Gotta contact someone at the govt.
I think, therefore thoughts exist. Ego is just an impression.
Nobody seems to have posted the actual law (RL 34:9a, HE 4/1999). Here it is (errors and stupidites in the translation are solely my fault, except for too long sentences):
The important point is that the virus code or instructions to make it must be distributed "to cause harm".
According to the background material of the new law it will still be legal to make a virus program if there is no intention to distribute it. By virus program the law means a program specificially and knowingly designed to be a computer virus. It does apply e.g. to programs designed for other purposes and that could have similar properties as virus programs (e.g. when misused). By instructions (point 2) one means "so detailed instructions that also a person with minimal knowledge of data processing can manufacture a virus". Unlike the old legislation, the new law does not require the virus to cause actual harm as a condition for punishment.
Forbidding to distribute instructions is a bit worrisome, IMHO. It will be for courts to decide wheter a detailed story on computer viruses by some computer magazine was written "to cause harm"... I hope, if it is ever going to happen, the courts will understand the phrase "to cause harm" strictly in favour of constitutionally proteced freedom of expression.
Is anything you get from Microsoft a virus?
"Don't touch the bunny!"
While I agree that the unix security model has flaws, and there are in fact other models that work better, I don't know that Win2K will be any better. The Unix security model is based on the fact than any user that has full access to one or more of memory, disk, or priviledged ports can control the system fully. It is easiest to call that user root, or Administrator, and protect that user as well as possible. Alternatives include partitioning the Disk/OS along several capabilities sets but that requires hardware support to be really secure.
In practice, relatively few things actually need to run as root and they only need to be root for a short period of time (to open a port below 1024 for instance). The problem is that you are at the mercy of the daemon that you are running to open that port, especially badly written ones that don't give up root when they no longer need it. Capabilities sets can help this problem, by putting more of the responsibility in the OS's security rather than the application, but a clever cracker can get full control of your box using only the power to open priviledged ports.
Please tell me how WinNT is more granular than Unix. I fail to see the granularity in Administrator. Don't tell me about your Backup or Power User or I'll tell you about my news, www, ftp, backup, sysadm, wheel etc. That's still not granularity. It looks and feels like granularity but if I get Adminsitrator privs on your box or you get root privs on my box, we each have complete control. And while I don't know for sure I imagine that there are more casual users that give themselves Administrator privs on
NT machines ("to get work done") than run unix as root.
I am not aware of any major changes in Win2K which would make it any better. Kerberos, which you ignorantly champion as a panacea will not help in this regard. Kerberos is secure authentication protocol, not an OS cababilites set. It will makes remote connections more secure than say, telnet or SMB, but not significantly more secure than SSH. It will not get rid of that pesky, monolithic, Administrator.
--
"L'IT c'est moi!"
This is a very unfortunate precedent. I do not know anything about Finnish law, so I don't know if there is a way for this law to be overturned by an equivalent of the US Supreme Court, but if this law stays in place this is a very bad precedent indeed.
What defines a computer virus? Is ANY self-replicating code to be considered a virus? If so, a lot of legitimate research into Genetic Programming would be covered by such laws.
If, to be a virus, it is decided that the program must be "malicious" (as is the case with this Finnish law), what defines malice in a computer program? The article states "intent to harm"... These grey area laws are always dangerous (posession with intent to sell in the US is a good example). Also, what if the intent was to harm, but in a controlled setting, such as research or at an Anti-Virus development firm, and the virus got out accidentally?
o/~ we are pissed, we are pissed, we have to resist... o/~ - ec8or
You know enforcing this law is nearly impossible, unless they track you down as unleashing the virus. (I can't think of many instances where authors of viruses have been prosecuted--Its just to passive of an attack, you have to find the first infection).
It isn't prosecutable because any prosecuter would have to argue that they were in fact, writing a virus, and not something else. Very challenging indeed. All that reproduces is not a virus.
-- Moondog
The problem I see with this law is that it was obviously not well researched, or thought out. If it had, it would not have been passed. I can only see this law holding up in courts if it can be absolutely proved that a virus was created with evil intent by John Doe. This is very difficult to do, and therefore I can't see this law having much power. Don't be worried until there is a EU directive this broad...
-----
Do you even know anything about perl? -- AC Replying to Tom Christiansen post.
Maybe I am missing something, but if the virii are illegal to distribute (theoretically meaning that they will not be distributed), why would the anti-virus software need to protect against it? The virus would not be there. . .
----
----
If we're not supposed to eat cows, why are they made out of steak?
So where can we get the t-shirts with the code for the Internet Worm on them?
(I always loved those "This Shirt is a Munition" shirts...)
MSK
This is not new in Europe. The Netherlands has some quite tough laws on even possessing virii since the early ninety's.
-- Spelling and grammar errors tend to be a sign of erroneous thinking.
Who exactly defines what is and what isn't a virus?
What about non harm full programs that "appear" to have virii traits?
An AI program that forks and multipies and spreads it's self around a close network with premission to do so from the oweners, is that illegal.
What about research?
Who says what is an isn't?
Good luck enforcing it - Oh no, someone must have sent me this virus, I swear I didn't know I was passing it around! says the guilty virus writer.
If we *HAVE* to move into a fascist state I'd rather they handle someone's complaint on getting a virus by administering a ruthless beating for not using decent virus protection on their windoze machine. Heil!
While I'm not opposed to the distribution of virus for non-benign purposes, the phrase 'causing danger to data-processing systems' is incredibly broad. If I'm doing database development, and I somehow manage to bonehead the SQL so it says "DELETE * FROM users WHERE username LIKE '%'" under a rare condition, I just wrote a program which causes danger to data-processing systems which is actually just a bug.
I think it'll be a long time until anybody knows if this law was an intelligent move or not. It's certainly well-intentioned, but the possibilities for abuse of enforcement do exist.
Here's to hoping that Finnish judges are saner than their counterparts in America.