No. I am not "convinced the FBI is doing nasty things", nor did I say so. What I said is that there's no evidence but what the FBI says happened. In similar recent cases, including abusing "National Security Letters", the FBI lied until it was forced to admit it had violated the law and its own procedures, even though either its victims didn't know they'd been damaged, or the entire operation was secret and punishable for violating secrecy. So there is no longer reason to take the FBI's word for it.
One other story that could make sense was that the FBI got a warrant for a narrow search, told the ISP to give it the wider, warrantless search, and then later decided that it shouldn't do that anymore. Maybe because someone finally decided the risk of getting caught was too great. So they managed the story by stopping it "voluntarily" and then "made progress" to fix the problem, expecting that the bureaucracy would let it slide. Which depends on the FBI's own Department of Justice deciding whether to get tough or to let it slide, and this DoJ is proven to be inclined to let it slide.
But that's just one other story. Yet another possible story is that the FBI did get caught, and so went down that path. Another is that it didn't get caught until the EFF forced it to reveal its records, which the FBI is claiming went down the way we read in the NY Times, but actually had substantial differences.
And then of course there's multitudes of other possible stories, which I can't even just speculate in any detail, and won't bother.
Because the point is that there's no evidence of anything, except that the FBI admits it got a lot more email than it was entitled to, and the FBI's story doesn't admit any fault by the FBI (or anyone else, exactly, though it does admit there was some kind of fault by someone). So I'm saying we need to see actual evidence of this violation of the warrant, to decide just who is to blame. Not just blame the FBI either, though that's what you are inventing as a strawman out of my pointing out that the FBI is a plausible bad actor here, though I never said there's any proof.
The FBI hasn't been "forthcoming". Nothing was forthcoming from anyone until the EFF sued the FBI and got this story to come out. We don't know whether the FBI actually told the ISP there was too much email coming in, or anything else for sure. The FBI, like many agencies in the Bush administration, especially in the DoJ, has abused FOIA requests and even subpoenas, lied to downplay what did get released, and changed its story whenever it might get away with it.
No evidence is not evidence of nothing. This is a basic principle of logic and law. I'm not going to explain it anymore, because if you can't get that, then you must be as committed to letting the FBI off without good reason as you are accusing me without good reason of damning the FBI in this case. I'm not, but maybe you are. If so, that's your problem, and not mine to help with anymore than I already have.
The future of news is when we've got clickable video with overlays of commentary from people among our social networks, and from people selected by weightings from our social networks. Centralized TV news "anchors" will be replaced by pros who are the most popular, who we subscribe to.
The "open news content" will come first, but it will suck until our social networks make our filter as easy as flipping to "Cronkite" used to be.
So what if you voted for Clinton? Like I said, you just want to be on the side that's winning. Voting for Bush/04 means you not only voted for Clinton for all the wrong reasons, but that you owe the rest of us who, tried to stop Bush every step of the way, a big apology. But the least you could do would be getting honest with yourself. At least in time for the November elections, because you really owe us not voting for another 4 years of Bush called "McCain".
What you're calling "tact and class" is just denial. I don't have you "completely figured out", or I'd have you apologizing to us already. But it's not so hard to spot a Bush person, after years living with the fallout from you people winning power and wielding it against America - not least by the FBI. So I'm not surprised that you're going to quit now that I've faced your denial with the facts you wear on your sleeve. But if you're lucky, you've still got enough sense of self-preservation to think twice about voting for McCain, and compounding everything you'd have to apologize for.
I didn't say "the tubes", I said over and again "the user's LAN".
And I said that the user doesn't need any knowledge of anything. The "good virus" vendor knows what virus wrapper it's inoculating against, and what patches to put in the wrapper.
And if these devices are patched against the original bad version of a virus, clicking an infected email with it isn't going to do any harm.
And I pointed out that the devices these are primarily designed to fix, like digital picture frames, are not the kind where you click on them, so they need an external system for testing and patching them.
And I didn't mention any popups.
And I didn't mention spam at all.
Really, I don't know what you're talking about. Do you?
No. You are indulging in the false dilemma fallacy. I am saying that the FBI's story cannot be just taken as the facts.
Like when I said "Until there's proof whose "glitch" this was, there's absolutely no sense "trusting the FBI" on this." Or when I said
Whose "glitch"? What was the "apparent miscommunication, exactly? Did the FBI tell the ISP to give them the total access that the court hadn't authorized, or did the ISP make the mistake and give them total access when asked for only limited access? Maybe the FBI is citing that totally ambiguous blame, but what is the real story?
If the ISP screwed up, then it should get sued by the extra people whose mailboxes it turned over without authorization. If the FBI "screwed up", then it's just another example of why these courts cannot be secret if the government is to do its job protecting our rights - including protecting us from the government.
which is what you started disputing.
I am putting down the idea that the FBI's assertion, without any evidence or even the story from the ISP, can excuse the FBI. Now you are saying that I am saying the FBI must be guilty, which I am not: a strawman created from a false dilemma that I didn't propose: you did.
You're clearly biased in favor of the FBI. I am biased in favor of looking at the evidence. So I want to know: who did you vote for in 2004?
You don't know what the FBI asked for, but you're insisting they asked for less than they got. That's unreasonable.
It's not true that "every single little thing the goverment does is some kind of conspiracy or abuse", but it's also true that there have been many abuses and coverups. Very specifically at the FBI while spying on domestic communications. This would be just one more example of something already proven. And the way you know that this is not an example of that is... the NY Times was told by the FBI. And didn't even get the ISP to agree or disagree with that story - because the ISP's identity is "secret". Which fits the exact pattern of abuse this government has repeated time and again.
You "don't agree with everything this presidency has done", OK. Just say it: you voted for Bush. You voted for Bush in 2004, even after seeing what he did 2000-2004, and you wanted more. Now that it's obvious Bush is a criminal, everyone's saying it, you've got one foot on the bandwagon when you're admit it. But still you think that you can just take the FBI's word for it.
You don't value your rights. You value being on the side that's "winning", and value whatever greedy profit you expected from Bush, or whatever fear he stoked in you. Because if you valued your rights, you'd wake up already, after at least three quarters of your fellow Americans have awakened, to see that you can't just give Bush and his FBI the benefit of the doubt. That's a big deal. And if you were honest with yourself, you'd see that your part in making it a big deal is a big deal indeed.
How do you know that the FBI didn't give the ISP a different scope to tap than the FISA Court authorized? There's no evidence of either the court order or the instructions to the ISP.
You're just another coincidence theorist. Haven't you noticed what the FBI has been caught doing in this area already, despite the most secretive presidency in history? Don't you value your rights more than you value reading nerd tech porn?
No, I'm just being reasonable. I am debunking what was offered as certainty that the FBI was operating clean, which is far from certain, since we have only the FBI's assertion.
I have an open mind to evidence. My head just doesn't have the kinds of holes that allows it to speculate that the current FBI will tell the truth when it's caught violating people's privacy rights. With the mountain of evidence against that in so many other cases, a mind that open is really just a spy's dream.
That is exactly why the 4th Amendment says "and particularly describing the place to be searched, and the persons or things to be seized." If the FBI got the scope wrong, the question is when. If it got it wrong after getting it right in the FISA warrant, then the FBI just violated the warrant, too. If the warrant asked for the larger scope, then the FISA Court that granted it violated the rights of the rest of those people (put up to it by the FBI). Which is why a secret court that's entitled to violate the 4th Amendment, that grants 99% of all warrants asked for, is unacceptable. If the ISP gave more than the warrant asked for, then the ISP is facing a rather steep liability.
We need to see the evidence of who did the "glitch". I bet it was the FBI.
You're right - if you just take the FBI at it's word. Why on Earth would you do that? As far as I can tell from that article, the reporter didn't even ask the ISP what happened, "because the FBI won't identify it". How convenient.
You can chant "tinfoil hat" all you want. The FBI is the one which the evidence shows actually had a lot of spying that it wasn't entitled to. Let's see its evidence that it was the ISP before giving that agency any benefit of the doubt.
I didn't say this would virus would originate from no fixed host, or that it would use the infected machine to infect others on the LAN. I said it would be installed by a user, who should trust themself, and who of course trusts their antivirus vendor (they install it on their machines to execute locally with full control, including deleting/modifying arbitrary files etc).
It is centrally administered.
It's interesting how so many people replying in this thread have projected their own fears onto my proposition that it doesn't include by itself.
No, not if they were afraid they'd get caught some other way. Which they weren't, not publicly, until the EFF filed its lawsuit, which could have found them out anyway. Telling the ISP, then managing the story, is standard CYA.
Until there's proof whose "glitch" this was, there's absolutely no sense "trusting the FBI" on this. Especially not this FBI, especially not in FISA matters, after their track record.
And especially not in America, which was built on not trusting the government.
Like I quoted myself in my post, the FBI implies it was the ISP, not the FBI. Especially with the current horrendous state of the FBI and the DoJ over it, especially in these domestic spying cases, the burden of proof is on the FBI to prove it was the ISP's mistake, not merely imply it to yet another credulous NY Times reporter.
So what happens when the simple antivirus SW detects the new "good virus" attack? It will just stop the attack, and report that the attack failed (unless it doesn't, because the new attack is successful, in which case it was necessary). No harm done, except some "false alarm" messages. But the other hosts that don't defend from the good virus attack will just get patched like I described.
This doesn't seem to do any harm, but can do a lot of good. Especially when it sometimes succeeds in attacking hosts which have "reliable" antivirus SW.
F.B.I. officials blamed an "apparent miscommunication" with the unnamed Internet provider, which mistakenly turned over all the e-mail from a small e-mail domain for which it served as host. The records were ultimately destroyed, officials said.
Whose "glitch"? What was the "apparent miscommunication, exactly? Did the FBI tell the ISP to give them the total access that the court hadn't authorized, or did the ISP make the mistake and give them total access when asked for only limited access? Maybe the FBI is citing that totally ambiguous blame, but what is the real story?
If the ISP screwed up, then it should get sued by the extra people whose mailboxes it turned over without authorization. If the FBI "screwed up", then it's just another example of why these courts cannot be secret if the government is to do its job protecting our rights - including protecting us from the government.
Does your digital picture frame already have what I described?
Also, why wouldn't the "good virus" payload operate gracefully, rather than just restart your device without warning?
Automation like I described (external) doesn't take over the role of all software updates. But it does augment existing support, in a way that existing support doesn't offer.
Well, I think you can't discount the PS3, as it's clearly Sony's flagship BDP. It was the first delivered, and still one of the cheapest. Samsung and Pioneer are along for the ride, "Blu-Ray" is very much equivalent to "Sony".
And Toshiba will surely quickly offer BDPs, just as Sony switched to selling VHS once Beta was clearly an also-ran (though Sony never stopped selling Beta entirely, which is very Sony).
Microsoft will probably switch, but since its format strategy is so highly interconnected, it's probably got more to lose from betting on the wrong horse. MS probably made later moves that make switching to Sony's format harder for its competition with Sony. But OTOH MS might just have had a backup plan if HD-DVD failed (though that's fairly out of character).
I'm talking about devices which don't run any antivirus systems, like the digital picture frames we're discussing in this story. And even the ones that do already run antivirus, if they get compromised by this system, then they need its augmentation. It's not the only way, exclusive of scanning content, but it is more comprehensive whether it's complementing onboard antivirus or compensating for its absence.
As for its resource intensity, that's required only from the separate LAN server that operates its updates and distribution. Compare that resource consumption with the effects on the LAN from viruses that manage to infect these devices. The external resources required are cheap, especially considering the benefit, and in fact are much cheaper than installing them on each host (especially small ones like digital picture frames), even if those hosts can accept them.
Nature dynamically develops reactions to infection. The reactions that are "healing" are stabilized in a species by natural selection of those individuals that more often survive to reproduce, for which healing can be an advantage. But natural selection requires the ones that aren't as fit to survive to die off. That seems like a waste of computers, even if we accept it in nature.
For my idea to work, the treated devices don't need anything they don't have now. The point is that the healing viruses attack exactly like the viruses they patch against, so any old device that's vulnerable will get attacked and infected just like if the harmful virus were attacking, but the payload is a patch against exactly those attacks, not harm. It's a more sophisticated "inoculation" than immune systems in nature (as far as we've discovered so far), to compensate for the less sophisticated "immune" systems in our synthetic devices. In nature we just have to introduce a weakened virus, which existing immune systems can recognize without being overwhelmed, and then the natural immune system takes over by "patching itself" (creating a larger/quicker reserve of counteragents that won't be overwhelmed by a nonweakened virus if it arrives). Our synthetic devices often have no such immune system, nor the resources to host one (like digital picture frames, and even smaller devices that will be increasingly popular in increasingly essential systems, like eg. networked lightswitches). So we have to deliver not just a weakened virus, with its harmful payload removed, but a weakened virus that can still infect (just as the harmful virus would without this intervention), but which also carries the patch and patching SW that the device itself does not carry.
This approach lets a network include lots of devices that can't defend themselves against the general case of an arbitrary virus. Either because they don't have the resources, or because they just don't have the immune system installed for any other reason. It avoids needing a standard "antivirus API" for all devices, which would have constrained their design, and which requires trusting the device maker to do it right - and which standard API would itself become a target for harmful viruses. Instead it just acts like something the harmful viruses can't exploit any more than they already do: their own operation.
This approach learns from nature, but adapts it to the different ecosystem that our (synthetically and guided) evolving devices actually live in.
For one, malware authors can already do that, regardless of whether the antivirus makers do this.
For another, that's the cat/mouse game they're already playing. So the antivirus I'm describing has to be able to protect from that attack, too. Again, regardless of whether the antivirus is deployed as I describe, or not.
The only change I make is that the software the user is already installing now will also cruise their network patching their own hosts without an admin UI or admin user (probably eventually all hosts, for the mass market, since their users won't be qualified to do any admin at all other than installing the antivirus, if it doesn't come bundled with their home server). So there's no actual change to the security protocol, except now the security SW can also do what the attackers can do. And users are paying some attention to the results, then escalating if something shows up (or something good fails to show up).
Since there are now so many network devices in the wild without an admin user interface, and without even an admin user (except maybe some $5 an hour warranty phone tech support dweeb), the wild needs an easy way to innoculate entire network domains against viruses. We should learn from nature how to keep viruses under control. In 5-10 years, practically every human will have 1-100 infectable devices, many of them in the critical path for their convenience, work, and even human health, so we've got to get this under wraps with that deployment explosion on the horizon.
I should be able to subscribe to an antivirus site that distributes inoculation viruses, just like in nature. Install it on my home/office server, and it gets updates which attack my own hosts the same way as the enemy virus does in the wild. But its attack payload is removed, replaced with a payload that patches the infected host against the attack virus. The home server should also scan the network's devices for other signs that they're already infected, including emailing me with instructions how to inspect each device for UI signs that it's infected with the attack vir And periodic (daily/weekly/etc) reports of "health status". When it detects a host, like a networked picture frame, that seems to be already infected but can't be autopatched, it can recommend further manual steps if possible, including wiping the host's storage if that will work. Or just recommend unplugging and throwing away a doomed host, perhaps with a mail-in "thorough treatment" by the antivirus vendor experts, if there's a chance to recover data and the device. Or just throw away a hopeless device.
There's a lot of talk lately about "good worms" which would cruise the Net just like "bad worms", but patch instead of infect. Since "patch vs infect" is in the eye of the human operator, that unsupervised release into the wild can easily go wrong. But this kind of managed release in each LAN, rather than just over the entire WAN (Internet), leaves the "doctor virus" compartmentalized - don't let it route between LAN segments. And more importantly, it leaves the vendor and the home user who started it each responsible, and accountable, for using it right. If it's made extremely simple to operate, with the most minimal user intervention required, this kind of product could really improve security without a lot of hassle. And make antivirus vendors a new ton of money.
I customize my TrollMod accusations to whatever they're obviously targeting in what they TrollMod'ed. If some anonymous attack without explanation gets slammed, it's their problem if they can't argue back from their cowardly weak position.
Just like you, Anonymous Republican Coward. Now tell me you're really a "libertarian".
No. I am not "convinced the FBI is doing nasty things", nor did I say so. What I said is that there's no evidence but what the FBI says happened. In similar recent cases, including abusing "National Security Letters", the FBI lied until it was forced to admit it had violated the law and its own procedures, even though either its victims didn't know they'd been damaged, or the entire operation was secret and punishable for violating secrecy. So there is no longer reason to take the FBI's word for it.
One other story that could make sense was that the FBI got a warrant for a narrow search, told the ISP to give it the wider, warrantless search, and then later decided that it shouldn't do that anymore. Maybe because someone finally decided the risk of getting caught was too great. So they managed the story by stopping it "voluntarily" and then "made progress" to fix the problem, expecting that the bureaucracy would let it slide. Which depends on the FBI's own Department of Justice deciding whether to get tough or to let it slide, and this DoJ is proven to be inclined to let it slide.
But that's just one other story. Yet another possible story is that the FBI did get caught, and so went down that path. Another is that it didn't get caught until the EFF forced it to reveal its records, which the FBI is claiming went down the way we read in the NY Times, but actually had substantial differences.
And then of course there's multitudes of other possible stories, which I can't even just speculate in any detail, and won't bother.
Because the point is that there's no evidence of anything, except that the FBI admits it got a lot more email than it was entitled to, and the FBI's story doesn't admit any fault by the FBI (or anyone else, exactly, though it does admit there was some kind of fault by someone). So I'm saying we need to see actual evidence of this violation of the warrant, to decide just who is to blame. Not just blame the FBI either, though that's what you are inventing as a strawman out of my pointing out that the FBI is a plausible bad actor here, though I never said there's any proof.
The FBI hasn't been "forthcoming". Nothing was forthcoming from anyone until the EFF sued the FBI and got this story to come out. We don't know whether the FBI actually told the ISP there was too much email coming in, or anything else for sure. The FBI, like many agencies in the Bush administration, especially in the DoJ, has abused FOIA requests and even subpoenas, lied to downplay what did get released, and changed its story whenever it might get away with it.
No evidence is not evidence of nothing. This is a basic principle of logic and law. I'm not going to explain it anymore, because if you can't get that, then you must be as committed to letting the FBI off without good reason as you are accusing me without good reason of damning the FBI in this case. I'm not, but maybe you are. If so, that's your problem, and not mine to help with anymore than I already have.
The future of news is when we've got clickable video with overlays of commentary from people among our social networks, and from people selected by weightings from our social networks. Centralized TV news "anchors" will be replaced by pros who are the most popular, who we subscribe to.
The "open news content" will come first, but it will suck until our social networks make our filter as easy as flipping to "Cronkite" used to be.
So what if you voted for Clinton? Like I said, you just want to be on the side that's winning. Voting for Bush/04 means you not only voted for Clinton for all the wrong reasons, but that you owe the rest of us who, tried to stop Bush every step of the way, a big apology. But the least you could do would be getting honest with yourself. At least in time for the November elections, because you really owe us not voting for another 4 years of Bush called "McCain".
What you're calling "tact and class" is just denial. I don't have you "completely figured out", or I'd have you apologizing to us already. But it's not so hard to spot a Bush person, after years living with the fallout from you people winning power and wielding it against America - not least by the FBI. So I'm not surprised that you're going to quit now that I've faced your denial with the facts you wear on your sleeve. But if you're lucky, you've still got enough sense of self-preservation to think twice about voting for McCain, and compounding everything you'd have to apologize for.
I didn't say "the tubes", I said over and again "the user's LAN".
And I said that the user doesn't need any knowledge of anything. The "good virus" vendor knows what virus wrapper it's inoculating against, and what patches to put in the wrapper.
And if these devices are patched against the original bad version of a virus, clicking an infected email with it isn't going to do any harm.
And I pointed out that the devices these are primarily designed to fix, like digital picture frames, are not the kind where you click on them, so they need an external system for testing and patching them.
And I didn't mention any popups.
And I didn't mention spam at all.
Really, I don't know what you're talking about. Do you?
Like when I said "Until there's proof whose "glitch" this was, there's absolutely no sense "trusting the FBI" on this."
Or when I said
which is what you started disputing.
I am putting down the idea that the FBI's assertion, without any evidence or even the story from the ISP, can excuse the FBI. Now you are saying that I am saying the FBI must be guilty, which I am not: a strawman created from a false dilemma that I didn't propose: you did.
You're clearly biased in favor of the FBI. I am biased in favor of looking at the evidence. So I want to know: who did you vote for in 2004?
You don't know what the FBI asked for, but you're insisting they asked for less than they got. That's unreasonable.
It's not true that "every single little thing the goverment does is some kind of conspiracy or abuse", but it's also true that there have been many abuses and coverups. Very specifically at the FBI while spying on domestic communications. This would be just one more example of something already proven. And the way you know that this is not an example of that is... the NY Times was told by the FBI. And didn't even get the ISP to agree or disagree with that story - because the ISP's identity is "secret". Which fits the exact pattern of abuse this government has repeated time and again.
You "don't agree with everything this presidency has done", OK. Just say it: you voted for Bush. You voted for Bush in 2004, even after seeing what he did 2000-2004, and you wanted more. Now that it's obvious Bush is a criminal, everyone's saying it, you've got one foot on the bandwagon when you're admit it. But still you think that you can just take the FBI's word for it.
You don't value your rights. You value being on the side that's "winning", and value whatever greedy profit you expected from Bush, or whatever fear he stoked in you. Because if you valued your rights, you'd wake up already, after at least three quarters of your fellow Americans have awakened, to see that you can't just give Bush and his FBI the benefit of the doubt. That's a big deal. And if you were honest with yourself, you'd see that your part in making it a big deal is a big deal indeed.
How do you know that the FBI didn't give the ISP a different scope to tap than the FISA Court authorized? There's no evidence of either the court order or the instructions to the ISP.
You're just another coincidence theorist. Haven't you noticed what the FBI has been caught doing in this area already, despite the most secretive presidency in history? Don't you value your rights more than you value reading nerd tech porn?
No, I'm just being reasonable. I am debunking what was offered as certainty that the FBI was operating clean, which is far from certain, since we have only the FBI's assertion.
I have an open mind to evidence. My head just doesn't have the kinds of holes that allows it to speculate that the current FBI will tell the truth when it's caught violating people's privacy rights. With the mountain of evidence against that in so many other cases, a mind that open is really just a spy's dream.
That is exactly why the 4th Amendment says "and particularly describing the place to be searched, and the persons or things to be seized." If the FBI got the scope wrong, the question is when. If it got it wrong after getting it right in the FISA warrant, then the FBI just violated the warrant, too. If the warrant asked for the larger scope, then the FISA Court that granted it violated the rights of the rest of those people (put up to it by the FBI). Which is why a secret court that's entitled to violate the 4th Amendment, that grants 99% of all warrants asked for, is unacceptable. If the ISP gave more than the warrant asked for, then the ISP is facing a rather steep liability.
We need to see the evidence of who did the "glitch". I bet it was the FBI.
You're right - if you just take the FBI at it's word. Why on Earth would you do that? As far as I can tell from that article, the reporter didn't even ask the ISP what happened, "because the FBI won't identify it". How convenient.
You can chant "tinfoil hat" all you want. The FBI is the one which the evidence shows actually had a lot of spying that it wasn't entitled to. Let's see its evidence that it was the ISP before giving that agency any benefit of the doubt.
I didn't say this would virus would originate from no fixed host, or that it would use the infected machine to infect others on the LAN. I said it would be installed by a user, who should trust themself, and who of course trusts their antivirus vendor (they install it on their machines to execute locally with full control, including deleting/modifying arbitrary files etc).
It is centrally administered.
It's interesting how so many people replying in this thread have projected their own fears onto my proposition that it doesn't include by itself.
No, not if they were afraid they'd get caught some other way. Which they weren't, not publicly, until the EFF filed its lawsuit, which could have found them out anyway. Telling the ISP, then managing the story, is standard CYA.
Until there's proof whose "glitch" this was, there's absolutely no sense "trusting the FBI" on this. Especially not this FBI, especially not in FISA matters, after their track record.
And especially not in America, which was built on not trusting the government.
Like I quoted myself in my post, the FBI implies it was the ISP, not the FBI. Especially with the current horrendous state of the FBI and the DoJ over it, especially in these domestic spying cases, the burden of proof is on the FBI to prove it was the ISP's mistake, not merely imply it to yet another credulous NY Times reporter.
So what happens when the simple antivirus SW detects the new "good virus" attack? It will just stop the attack, and report that the attack failed (unless it doesn't, because the new attack is successful, in which case it was necessary). No harm done, except some "false alarm" messages. But the other hosts that don't defend from the good virus attack will just get patched like I described.
This doesn't seem to do any harm, but can do a lot of good. Especially when it sometimes succeeds in attacking hosts which have "reliable" antivirus SW.
Whose "glitch"? What was the "apparent miscommunication, exactly? Did the FBI tell the ISP to give them the total access that the court hadn't authorized, or did the ISP make the mistake and give them total access when asked for only limited access? Maybe the FBI is citing that totally ambiguous blame, but what is the real story?
If the ISP screwed up, then it should get sued by the extra people whose mailboxes it turned over without authorization. If the FBI "screwed up", then it's just another example of why these courts cannot be secret if the government is to do its job protecting our rights - including protecting us from the government.
Does your digital picture frame already have what I described?
Also, why wouldn't the "good virus" payload operate gracefully, rather than just restart your device without warning?
Automation like I described (external) doesn't take over the role of all software updates. But it does augment existing support, in a way that existing support doesn't offer.
Well, I think you can't discount the PS3, as it's clearly Sony's flagship BDP. It was the first delivered, and still one of the cheapest. Samsung and Pioneer are along for the ride, "Blu-Ray" is very much equivalent to "Sony".
And Toshiba will surely quickly offer BDPs, just as Sony switched to selling VHS once Beta was clearly an also-ran (though Sony never stopped selling Beta entirely, which is very Sony).
Microsoft will probably switch, but since its format strategy is so highly interconnected, it's probably got more to lose from betting on the wrong horse. MS probably made later moves that make switching to Sony's format harder for its competition with Sony. But OTOH MS might just have had a backup plan if HD-DVD failed (though that's fairly out of character).
I'm talking about devices which don't run any antivirus systems, like the digital picture frames we're discussing in this story. And even the ones that do already run antivirus, if they get compromised by this system, then they need its augmentation. It's not the only way, exclusive of scanning content, but it is more comprehensive whether it's complementing onboard antivirus or compensating for its absence.
As for its resource intensity, that's required only from the separate LAN server that operates its updates and distribution. Compare that resource consumption with the effects on the LAN from viruses that manage to infect these devices. The external resources required are cheap, especially considering the benefit, and in fact are much cheaper than installing them on each host (especially small ones like digital picture frames), even if those hosts can accept them.
Anonymous fool Coward, of course they're "obviously targeting" me: they're replying specifically to my posts.
You're a Republican. And every complaint you make against it is just more proof that you're lying about it. Just like a Republican. QED.
Nature dynamically develops reactions to infection. The reactions that are "healing" are stabilized in a species by natural selection of those individuals that more often survive to reproduce, for which healing can be an advantage. But natural selection requires the ones that aren't as fit to survive to die off. That seems like a waste of computers, even if we accept it in nature.
For my idea to work, the treated devices don't need anything they don't have now. The point is that the healing viruses attack exactly like the viruses they patch against, so any old device that's vulnerable will get attacked and infected just like if the harmful virus were attacking, but the payload is a patch against exactly those attacks, not harm. It's a more sophisticated "inoculation" than immune systems in nature (as far as we've discovered so far), to compensate for the less sophisticated "immune" systems in our synthetic devices. In nature we just have to introduce a weakened virus, which existing immune systems can recognize without being overwhelmed, and then the natural immune system takes over by "patching itself" (creating a larger/quicker reserve of counteragents that won't be overwhelmed by a nonweakened virus if it arrives). Our synthetic devices often have no such immune system, nor the resources to host one (like digital picture frames, and even smaller devices that will be increasingly popular in increasingly essential systems, like eg. networked lightswitches). So we have to deliver not just a weakened virus, with its harmful payload removed, but a weakened virus that can still infect (just as the harmful virus would without this intervention), but which also carries the patch and patching SW that the device itself does not carry.
This approach lets a network include lots of devices that can't defend themselves against the general case of an arbitrary virus. Either because they don't have the resources, or because they just don't have the immune system installed for any other reason. It avoids needing a standard "antivirus API" for all devices, which would have constrained their design, and which requires trusting the device maker to do it right - and which standard API would itself become a target for harmful viruses. Instead it just acts like something the harmful viruses can't exploit any more than they already do: their own operation.
This approach learns from nature, but adapts it to the different ecosystem that our (synthetically and guided) evolving devices actually live in.
What is resource intensive?
For one, malware authors can already do that, regardless of whether the antivirus makers do this.
For another, that's the cat/mouse game they're already playing. So the antivirus I'm describing has to be able to protect from that attack, too. Again, regardless of whether the antivirus is deployed as I describe, or not.
The only change I make is that the software the user is already installing now will also cruise their network patching their own hosts without an admin UI or admin user (probably eventually all hosts, for the mass market, since their users won't be qualified to do any admin at all other than installing the antivirus, if it doesn't come bundled with their home server). So there's no actual change to the security protocol, except now the security SW can also do what the attackers can do. And users are paying some attention to the results, then escalating if something shows up (or something good fails to show up).
Since there are now so many network devices in the wild without an admin user interface, and without even an admin user (except maybe some $5 an hour warranty phone tech support dweeb), the wild needs an easy way to innoculate entire network domains against viruses. We should learn from nature how to keep viruses under control. In 5-10 years, practically every human will have 1-100 infectable devices, many of them in the critical path for their convenience, work, and even human health, so we've got to get this under wraps with that deployment explosion on the horizon.
I should be able to subscribe to an antivirus site that distributes inoculation viruses, just like in nature. Install it on my home/office server, and it gets updates which attack my own hosts the same way as the enemy virus does in the wild. But its attack payload is removed, replaced with a payload that patches the infected host against the attack virus. The home server should also scan the network's devices for other signs that they're already infected, including emailing me with instructions how to inspect each device for UI signs that it's infected with the attack vir And periodic (daily/weekly/etc) reports of "health status". When it detects a host, like a networked picture frame, that seems to be already infected but can't be autopatched, it can recommend further manual steps if possible, including wiping the host's storage if that will work. Or just recommend unplugging and throwing away a doomed host, perhaps with a mail-in "thorough treatment" by the antivirus vendor experts, if there's a chance to recover data and the device. Or just throw away a hopeless device.
There's a lot of talk lately about "good worms" which would cruise the Net just like "bad worms", but patch instead of infect. Since "patch vs infect" is in the eye of the human operator, that unsupervised release into the wild can easily go wrong. But this kind of managed release in each LAN, rather than just over the entire WAN (Internet), leaves the "doctor virus" compartmentalized - don't let it route between LAN segments. And more importantly, it leaves the vendor and the home user who started it each responsible, and accountable, for using it right. If it's made extremely simple to operate, with the most minimal user intervention required, this kind of product could really improve security without a lot of hassle. And make antivirus vendors a new ton of money.
I customize my TrollMod accusations to whatever they're obviously targeting in what they TrollMod'ed. If some anonymous attack without explanation gets slammed, it's their problem if they can't argue back from their cowardly weak position.
Just like you, Anonymous Republican Coward. Now tell me you're really a "libertarian".
Moderation +3
60% Insightful
20% Troll
20% Informative
TrollMods are exactly the lying Republicans I'm talking about.