Yah, it was the "Give me a break." that made it seem like you were implying something. However, I'm fairly certain that there is some illegality to intentionally spreading trojans (and, believe it or not, this is a trojan) via any medium.
You'll go to jail for something corporations do to individuals on a daily basis.
Interestingly enough, I deal with this somewhat regularly. First, remember that all legal spyware comes with an EULA. I agree 100% that these are totally shady, however, the EULA's will always state what the application will do. It's there, and if you have an attourney or are way smarter than I am, you might be able to understand what they declare. Slipping something like this that you cook up on your own onto a corporate network (without an EULA) is different -- it becomes a trojan. If you're an employee, it violates company policy and are subject to termination and prosecution. If you are not an employee and break into the network (physically or otherwise), you've committed another crime altogether, and this is on top of stealing company resources.
If you did the same thing in someone's home, you're guilty of the same crime. However, here's where the enforcement paths tend to diverge (between personal and business). In the case of breaking into a company -- if they can show the FBI that you've caused a certain amount of damage, the FBI will get involved. It's much more difficult to prove that this is going on if you've cracked someone's home computer, since it's hard to prove that you've lost $5000 in human-hours, cash, assets, or whatever -- generally, the ISP will have to contact the authorities to prove this on a systemic network level (if you want the feds involved). It's the same crime, however...but again, spyware is different from a trojan only in that it includes an EULA.
I personally do not believe that Spyware should be treated any differently just because of an EULA (that nobody ever reads). It's just the way it is, but not the way it should be. To compare the two -- companies always report how much money was lost due to a virus/worm. Those numbers are typically bullshit, becuase they count every hour employees spent with their thumbs up their butts because they couldn't find an alternative way to get their work done, as well as IT troubleshooting hours. Where I work, my group spends more time dealing with spyware/adware removal than we ever have with viruses/worms -- even the worst outbreaks, including any mail server downtime associated with it. It's a huge problem, and I'm not discounting it -- but in the above, I'm only talking about the law as it is today.
They should have formed a corporation for this activity, then there would be no danger of imprisonment.
This is untrue, and is seems to me like it's a loaded statement. Otherwise, Elliott Spitzer has just been blowing smoke for the past few years. It also means that the FTC and SEC have no power. People are in jail right now for their part in the illegal actions of their company. While certain folks have gotten away with certain shenanigans in the past, this is simply untrue today. Haven't you been keeping up with the news? It's been creported on pretty widely ever since the Enron bankrupcy. Elliott Spitzer has been all over it since before then (since the fall of the dot-com's) for shady practices in the investment banking industry.
As it stands they may be alright because they are doing it in the name of copyright protection. No one (in power) would want to prosecute someone for such practices.
Yeah, this is indicative of the "I'm powerless against the megacorporation" mentality. Fortunately, individuals still have certain protections in the US. Illegal is still illegal -- no matter who you are...regardless of how powerless you may feel.
So because people executed a program that was mislabeled, it is now electronic trespassing?
Is this a troll? If so, I guess that I'm biting hook, line, and sinker.
It's electronic tresspassing because the authors are intentionally misrepresenting the downloaded application. This is absolutely no different from a trojan horse. It is a case of fraudulently conveying a malicous application as something benign. The application accesses system resources (hard disk, cpu, memory) as well as network resources without any authorization. It's different from typical spyware, since spyware has an EULA, which informs you of the application's intentions -- which the user must explicitly agree to.
This couldn't be a clearer case of electronic tresspassing -- there are dozens of kids spending hard time in jail for far less malicous actions than these (which have been considered "electronic trespassing". I fail to understand why you can't differentiate between this and any other trojan.
Are you suggesting that this type of vigilantism is acceptable? Do you believe that in this case, the coders' ends justify their means? IMO, it's as just as irresponsible as any other malware...in some cases, moreso.
He is somehow special because his cell phone notifies him of COMPUTER problems at home? I could see an exception for a pregnant wife, a hospiced family member, etc, but personal server issues?
I didn't read the post this way. He never says that those are home servers. Check again.
I'm convinced that a promising business venture would be a non-US ISP which would sell IPSec tunnels to anyone. The termination point would be outside the US and would preserve privacy
You took the words right out of my mouth. However, I think that HavenCo on the Principality of Sealand may have beaten you to the punch. However, I think that there is some question as to their sovereignty as a nation.
Provided that they have the proper bandwidth to handle this, I'd love to proxy most of my communications through them (or anyone offshore). It's a wrothy business idea to set up a pay proxy. Insert your Cryptonomicon parallel here.
When I saw the name Vanguard, it sounded really famaliar. When I googled for it, I realized that it was my all-time favorite arcade scroller. No wonder I was excited at first.
Yeah -- in my haste to hide my opinions about clean air regs, I failed to mention them. You're right...and in this case, the law, however well intentioned, is bullshit.
Additionally, if you look at lots of these aftermarket mods, they're marked for track use only. Installing them means your car is no longer street legal.
That's not necessarily true. That's usually just a disclaimer. Some aftermarket parts that are for "off road use only" are perfectly fine for street use (as far as safety goes). I have a very hard time believing that most parts (actually, not claimed) meant for the track are any less safe than their street counterpart. (This falls back on my ideal that track cars are generally safer than street cars -- they're usually built with crashing, rolling, etc in mind...unlike a street car, which is built for convinence). My feeling is that the manufacturer doesn't want to deal with the liability of some dumbass crashing his car and suing Garrett, KKK, or Greddy because their turbo (or turbo kit) made their car too fast for them to drive. Some parts, like stainless steel brake lines make the brake feel better (arguably, adding a margin of safety to a skilled driver) -- but usually aren't recommended for street because they require more maintenance (replacement). OTOH, some products, like great big driving lights aren't street legal period....now emmissions are a different story, although many will guarantee that you'll be able to meet CA's emmissions. For example, see Flyin' Miata's page. Anyway, what it really comes down to is your common sense for example -- don't use a pure track brake pad on the street: unlike a street pad, they need to be warmed up to work, are grabby, and don't work in the rain (unless they're special application). OTOH, a turbo or supercharger kit may be find for your needs and safe/legal on the street (unless it requires 103 octane race fuel)...or a fuel cell which is for "track use only".
But how are they going to know what's in your car? Its not like they open the hood and check compression ratios, etc on cars that do inspections.
Actually, they do check these things (this tends to vary wildly from state to state). Under the hood, there is a description of all of the original emmissions equipment. It's also in print. It's pretty easy to see what's been done, especially when there's a big-ass carburatur sitting on top of your intake header. I'm not quite sure what the details are -- but one way or the other, it's gotta pass emmissions (including a rolling dyno in an an increasing number of states). It's getting difficult to get old cars (or new cars with old equipment) to meet new-car standards.
If you've got an old car that you like to drive as you restore -- stay out of VA. They check everything. For example, if you have foglights, they have to work or the wiring needs to be cut all the way back to the harness. Lame.
I was under the impression that CA bought the licenses under a sealed settlement under completely unrelated suit. Unless I'm mistaken, CA bought licenses for UnixWare (or some other Old-SCO product), for which each automatically included a binary Linux license.
It sounds like SCO quitely tacked on the "free Linux binary license" in order to give the illusion of legitamacy within the indrustry to their Linux claims. It's a sneaky, bullshit move. I hope that the courts see this the same way I do. OTOH, the EV1 move was not trickery on SCO's part. That was just EV1 being stupid.
That's part of the problem. Most of the people who use Windows use it because it came bundled/pre-installed on their computer, i.e. they didn't install it themselves.
This is the crux of the problem. I don't see how value-adds should be illegal or considered monopolistic. I do understand how the Netscape story was different, but hey, they challenged Microsoft directly and publicly -- they sorta deserved what they got. The deal with the video player is completely different. Real build a crappy product, Microsoft realized that they only had to be marginally better to own the marketplace. There's nothing wrong with Microsoft entering that marketplace -- and it's not Microsoft's fault that Real couldn't pull it off properly. Had Real done it right the first time, we would not have two crappy PC streaming standards. What's next? MSFT has to pull it's builtin CD burning software because Roxio can't compete? Does this mean that RH Linux can't be installed with all of that GNU software (including browsers, cd burning software, and media players) because other commercial software can't compete? (I know, this is a stretch)
What (IMO) the real (no pun intended) problem is, is that Microsoft enters their OEM's/retailers into exclusive agreements in order to get OEM licensing/pricing. This way, each customer gets the full Windows package with their Dell, like it or not. It seems to me that the exclusive arrangements supercede all of the other monopolistic issues. This is a tool that Microsoft uses (leveraging their monopoly) to maintain their monopoly. If this would go away, I believe that most of these other arguments would be moot -- the OS playing field would be far more level, and their OS monopoly could not be leveraged as easily.
With the previous disclaimer aside -- I can feel free to really wear my heart on my sleeve and have a fine, offtopic discussion of different ideals.:)
People attack this as being a socialist idea. While in reality it is not. It is a conservative idea, one that should really have it's time.
IMO, your message sounds a whole lot socialist than conservative...but I could be totally wrong. A typical American conservative (forgive me if you're not American) believes less in the equal distribution of wealth (as you suggest...but in an much easier-to-swallow way) and more in a smaller, more streamlined government where citizens are able to take home a greater percentage of their dollar rather than paying high taxes. Let people attack an idea for being socialist -- that's just a word...and there's nothing wrong with socialism per se. However, I'm not sure that your idea is compatible with American business ideals. See below for a few ideas.
Think in terms of what would happen if corporations were not allowed to have a pay differential factor of greater than 5 (ie, the highest paid person in a corp can only make 5 times the lowest paid person). It would be much more robust because it would have a greater number of people feeding it.
Here's where I think I fundamentally disagree...and my disagreement depends on a number of factors. Are you talking about total compensation packages? (Like base salary + value of stock options + stock options excercised + benefits + bonuses)? Or just base salary? I guess it doesn't really matter -- say my company is an LLC -- I invested in the company, and I own a partner stake. The shares I own are preferred and pay out dividens depending on the performance. Are you suggesting that I should not be allowed to make $1 mil a year from those dividends if my 20-year-old mail clerk is only making $32K annually? Better yet, what if, as a majority stakeholder and CEO, I decide that since I've busted my ass extra hard this year to steer the company in the right direction -- I deserve a fat bonus based on the profits that I was able to help my company generate. Especially since I put my hard-earned capital on the line to get this company off the ground -- maybe I should get a $200K bonus this year. Shouldn't I be allowed to if the company can sustain it? Can't the mail clerk can go work for someone else if it's not fair.
Think in terms of small businesses...I'll pull another example -- like a small medical practice where a doctor (who sold their soul to the devil in order to pay for a large number of years in medical school, a residency, etc) makes $220K/yr. Keep in mind that she has to spend a percentage of her free time keeping current with all of the latest medical technology. She invested her own money in the practice, and provides an excellent service to her patients -- she worked extra-hard to do better than the next guy and earned a name for herseld as the best in town (in her field). The recptionist didn't go to school, and makes $40K/yr. This is not a mega-corporation here, this is a 1-doctor family practice.
Here's another idea (then I'll STFU): Maybe the market is more likely to buy widgets (and at a greater price) from a company if the salary differential factor is less than 5. If so -- go nuts. Prove that you're the better, more honest business. This has tended to work with some of the American businesses that run sweat-shops in 3rd world companies. (Sadly, it hasn't trickled down to all of them yet).
Anyway, here are just a few examples of why I don't necessaily believe that your idea wouldn't be fair for everyone. Not that our current system is fair...but that's part of why I appreciate it. If you work hard enough and do the right things, there's a possibility to really create alot of wealth. Not everyone gets in on it, but not everyone takes on a huge risk. Which brings me to one last quick example -- accodring to
Is this a troll? If so I guess I'm biting. Socialism can work along side capitalism.
Nope -- it wasn't a troll...but I think you may have missed my point. Maybe I misstated it. The point was that the most vocal Slashdot posters, as well as the editors seem to have Socialist (as well as anti-corporate) leanings. The point I was trying to make was that rather than the parent poster complaining about it, he should make a stand for what he believes in...and that he's not alone. Furthermore, much (but not all) of the company-bashing that goes on here is without basis -- and assumes that we're all members of a community that just "gets it" like they do...which is just not the case here. If he's educated and knows a thing or two -- maybe he can shed some light on discussions having to do with finance. That's all. Perhaps I was wearing my heart on my sleeve a little too much. It wasn't my intention. My bad.
Then you'll fail or, at best, be marginalized due to competition from those companies who are willing to lie, cheat, and steal, and so won't make much of an impact on public perceptions.
Are you being sarcastic?
I'll assume that you weren't -- but if you were...well, ignore this. I disagree that "nice guys finish last". Especially dishonest businesses always tend to lose in the long run. Case in point -- who is going to ever buy SCO products anymore? (Other than they 1 in 1000 companies they threatened with litigation) They've sued their userbase. Sure, you can say that they're a IP/lawsuit company now, but it remains to be seen whether or not they will succeed. Most Slashdot readers seem to feel that the lawsuit(s) will fail...and I don't think that there's any way that SCO will be able to be a profitable company selling software.
Here's another case that helps this point...Microsoft knows that Windows dominance will not last forever. They're trying not to look scared shitless because they want to put on a good face for their shareholders, however, they know that their current business model cannot last forever...Microsoft's aggressive and predatory business practices are 100% clear and very well publicized. If you believe that computer geeks are the only people who realize this, you're dead wrong. Business geeks read business journals, which tend to document this kind of thing very thoroughly. Microsoft knows that they need to diversify, but most industries are very reluctant to let Microsoft in -- they don't want to get screwed like Microsoft screwed everyone else. This was the same story with IBM and even Lotus back in the day. Look at these companies now...Lotus is owned by Microsoft, and IBM isn't half of what they were back in the antitrust-accusation days.
In general, the market tends to take care of itself. This is one of the ideals that I believe that the country was founded upon...and I think (this part of) it still (tends to) work(s).
This pisses me off. Why do most slashdotters assume that just b/c you have an MBA you must be some evil hell bent individual?
AFAIK, most slashdotters don't feel this way. There is a very vocal group in the/. "community" who have some anti-corporate (and in many cases) socialist leanings. This is compounded by editors who appear to have similar feelings. If this was not the case, your post never would have been modded up like it was.
By all means -- get pissed. Tell the anti-capitalists (or however you want to describe them) that you think they're full of it. Ask for proof. Slashdot is a "news for nerds" site. It doesn't specify "news for computer nerds". Business nerds exist, and just because you do business doesn't make you an automatic asshole. Business is what drives our economy. Those who think that businesses need heavy regulation and huge taxes don't usually understand how it all works (well, I don't either -- but I still think that those folks are full of it)...it's sort of a "tax the other guy who seems to have deeper pockets" mentality. Maybe you can use what you've learned to show the "community" a thing or two -- because it's clear that many (not all) of the naysayers are victims of making assumptions based on data that they fail to understand.
But just because a virus isn't new doesn't mean that it's not still spreading.
Correct...but if you read my post again, you'll notice that I said that "the most important stuff to protect against are the recent outbreaks". I never said anything about completely overlooking old viruses. If you analyze a logfile from a mail server's quarantine logs, you'll find that the vast majority (~99.5%) of the worms/viruses that are picked off are from the latest outbreak. Furthermore, "latest outbreak" doesn't necessarily suggest a new virus/worm -- it's just a new outbreak.
Based on what I've written above, when it comes to protecting my users, where should my main priorities be...the.5%, or the 99.5%? I tend to worry about the common stuff first, then the way-out-of-the-ordinary stuff.
I've had reasonably good luck with ClamAV. I've found that effectiveness tends to depend on configuration (which I'll get back to).
Some people say that the ironclad test of an A/V app is the number of virus definitions listed. In ClamAV's case (per FreshClam's log output), there are 20372 signatures in the DB. IMO, the number of definitions doesn't really mean much. In my experience, the most important stuff to protect against are the recent outbreaks -- where mail servers are inundated with worm-laiden email. In this case, it's really a matter of how soon the definitions are updated. Generally, I tend to see definitions updated within 12-48 hours of a reported outbreak. Combine this with your update frequency to figure out your expopsure period.
There will be an exposure period regardless of which A/V software you run. Some will have greater average periods than others. Don't rely on marketing information to figure this out. It's a bunch of crap. Real world experience is what counts here -- if you've got lots of experience with these, great. If not, try to find someone who knows their stuff who can give you a good idea for what's what with different apps. I haven't used a ton of these, so I can't give you any ironclad data.
Your configuration will tend to be your greatest asset/worst enemy in terms of finding the best A/V setup for your particular needs. For example -- I automatically block certain types of attachments via qmail-scanner. There's no reason for them -- and they're not worth the risk. I block any attachment with the following extensions (I'm sure that this is not perfect, but whatever):.vbs, lnk, scr, wsh, hta, pif, exe, bat, com, sct, chm, cmd, crt, hlp, hta, isp, pcd, reg, shs, and js. These attachments are all allowed inside of an archive (which ClamAV scan), but I'm willing to roll the dice on exposure to those, since screwing up and opening the attachment is no longer as simple as a single mouseclick.
Finally, I also run client-side A/V. These just aren't as reliable as server-side protection -- users always find wonky things to do with/to their computers...but I like to think of this is a last line of defense. Furthermore, users also tend to check their personal email from work. If you have the hardware to handle it, it might be worth your while to have your users forward their personal email through your service to cover your butt (or enact a policy forbidding users from checking personal email at work)...just be careful about discoverability of their personal email if it comes through your work email (IANAL).
Overall, I'm satisfied with ClamAV/Qmail-Scanner. I'm running it on a system designed for 1000 users (in its current hardware/software configuration) -- scalable to up to about 3000 users. Currently, we're running with around 150 users...in about 2 months, we'll have our new HR/payroll system up which will allow us to add accounts for the rest of our 750 employees (long story). We'll see how good it is once I have a larger userbase to work with. However, my favorite part about ClamAV (and this is the real selling point) is the lack of per-seat fees associated with most commercial AV products. This is the same reason we chose not to use Exchange...those fees are hefty!
Even with these changes, you still have the problem of extortion. If I buy software from the store, open it, read the EULA, and don't like it, it is very hard to get my money back. Also, there is the lost time and potential lost business and missed deadlines from having to find another program. Store bought software can also have malware.
As long as retailers accept the software returns, I don't see a problem. As far as lost time and potential lost business -- caveat emptor. That's never been a reason for a creating law (AFAIK). Besides, due diligence has always been a customer's responsibility. I'm not sure that the argument is really relevant because the problem as I see it is definitely not with shrinkwrapped software. It's with software distributed over the Internet. Finally, how in the world is malware extortion? I believe that malware is alot of things (all bad) -- but extortion has never come to mind.
And then you have the unequal position of the two parties (unless you're a very big business).
Was this a response in regards to my comment or just your sig?
One important thing to remember in this discussion is that many companies spend far more time keeping their networks spyware-free than they do worrying about viruses/worms. I know mine does.
I don't really view spyware/adware/etc as anything other than a virus/worm with an EULA. If mydoom had an EULA attached to it which specifically states how it will work, and what it will do (in perfect legalese) -- should this be legal to write and spread in the wild? I say hell no. Anyway, since EULA's are not signed (in any way), and don't even have to be read -- they're not really an "agreement". They're more of a proclimation. Not only are their names misleading, but certain fundamental rights cannot be taken away by an EULA (and these are). Why not call one of those rights "control over your computer and personal information"? Maybe even redefine how EULAs are written. If you're giving up control over certain functions and information, maybe it should be in BIG BOLD LETTERS in plain English at the top of the agreement (rather than somewhere in the middle, small print, and in legalese so ambigous, most lawyers would read it and say "WTF?").
It's about time that someone did something (not that this is the best thing to do). I'm all about freedom -- let people do what they want as long as nobody gets hurt. However, when software depends on mass trickery in order to propigate, then there is a problem. When it comes to spyware/adware, it's important to let people know what they're getting into -- this is where we should start.
Not really a good analogy... the Dukes of Hazard was based on a story about people doing something that was actually illegal -- running moonshine.
Wait a minute -- I used to watch that show all the time. I thought it was Jesse and Boss Hogg who used to be Rum Runners (or was it Ridge Runners) together. Jesse swore to never run booze again. IIRC, Bo and Luke weren't running any booze.
So you're saying that if I claimed to own the Brooklyn Bridge and tried to collect tolls from the public for using it, that would be legal?
Legal or not, I can see EV1 eating that up:
To whom it may concern:
I am writing concerning the announcement of your ownership and subsequent tolls on the Brooklyn Bridge. We here at EV1 take property claims seriously and would like to make your collection from us as easy as possible. Are there any back-tolls that we can pay you for over past years? Any penalties, fees, interest, etc?
Also, please let me know if you know anyone who is selling any prime beachfront property in Arizona.
By attempting to get users of Linux to cough up fees for SCO's extra license for Linux, GNU, and Fyodor's NMAP program as one of many other GPL'd program distributed with Linux and SCO's own product offerings, SCO is in violation of the GPL. Fyodor is well within his rights to terminate SCO's license to use the software.
I know that this is going to be incredibly unpopular, and it's more of a contingency than my belief, so I'll choose my words carefully. Let's assume, just for a second, that SCO is legally correct -- that their code is in Linux. And let's assume (again, just for a second) that IBM's enterprise contributions (Read Copy Update, SMP, etc) to the Linux kernel really does violate their IP. Then SCO has not violated the GPL, because there is non-GPL'ed code in the kernel. All McBride has done is publicly stated that he doesn't think that the GPL is even legal. If a Linux advocate said that they weren't sure that the GPL would hold up in court -- would that invalidate their use of the GPL?
I'm not saying that I that SCO is right, but the point is that from an objective perspective, Fyodor's reponse may be a bit premature. SCO has not won their court case yet -- it's not like anyone (with any sense) is buying Linux licenses from SCO yet. If SCO loses their court case (likely) then (unless they continue to try to charge for other people's IP) I don't think they've violated the GPL. Before anyone freaks out and calls me a troll, I'll admit that I could be way off-base here...IANAL -- and I don't know what the hell I'm talking about besides my own (poor) intrepretation of the GPL and what I'm able to get from Groklaw, etc. Just the same, I'd be interested in hearing opinions about this.
Slashdot Mirror
Yah, it was the "Give me a break." that made it seem like you were implying something. However, I'm fairly certain that there is some illegality to intentionally spreading trojans (and, believe it or not, this is a trojan) via any medium.
Interestingly enough, I deal with this somewhat regularly. First, remember that all legal spyware comes with an EULA. I agree 100% that these are totally shady, however, the EULA's will always state what the application will do. It's there, and if you have an attourney or are way smarter than I am, you might be able to understand what they declare. Slipping something like this that you cook up on your own onto a corporate network (without an EULA) is different -- it becomes a trojan. If you're an employee, it violates company policy and are subject to termination and prosecution. If you are not an employee and break into the network (physically or otherwise), you've committed another crime altogether, and this is on top of stealing company resources.
If you did the same thing in someone's home, you're guilty of the same crime. However, here's where the enforcement paths tend to diverge (between personal and business). In the case of breaking into a company -- if they can show the FBI that you've caused a certain amount of damage, the FBI will get involved. It's much more difficult to prove that this is going on if you've cracked someone's home computer, since it's hard to prove that you've lost $5000 in human-hours, cash, assets, or whatever -- generally, the ISP will have to contact the authorities to prove this on a systemic network level (if you want the feds involved). It's the same crime, however...but again, spyware is different from a trojan only in that it includes an EULA.
I personally do not believe that Spyware should be treated any differently just because of an EULA (that nobody ever reads). It's just the way it is, but not the way it should be. To compare the two -- companies always report how much money was lost due to a virus/worm. Those numbers are typically bullshit, becuase they count every hour employees spent with their thumbs up their butts because they couldn't find an alternative way to get their work done, as well as IT troubleshooting hours. Where I work, my group spends more time dealing with spyware/adware removal than we ever have with viruses/worms -- even the worst outbreaks, including any mail server downtime associated with it. It's a huge problem, and I'm not discounting it -- but in the above, I'm only talking about the law as it is today.
This is untrue, and is seems to me like it's a loaded statement. Otherwise, Elliott Spitzer has just been blowing smoke for the past few years. It also means that the FTC and SEC have no power. People are in jail right now for their part in the illegal actions of their company. While certain folks have gotten away with certain shenanigans in the past, this is simply untrue today. Haven't you been keeping up with the news? It's been creported on pretty widely ever since the Enron bankrupcy. Elliott Spitzer has been all over it since before then (since the fall of the dot-com's) for shady practices in the investment banking industry.
Yeah, this is indicative of the "I'm powerless against the megacorporation" mentality. Fortunately, individuals still have certain protections in the US. Illegal is still illegal -- no matter who you are...regardless of how powerless you may feel.
Is this a troll? If so, I guess that I'm biting hook, line, and sinker.
It's electronic tresspassing because the authors are intentionally misrepresenting the downloaded application. This is absolutely no different from a trojan horse. It is a case of fraudulently conveying a malicous application as something benign. The application accesses system resources (hard disk, cpu, memory) as well as network resources without any authorization. It's different from typical spyware, since spyware has an EULA, which informs you of the application's intentions -- which the user must explicitly agree to.
This couldn't be a clearer case of electronic tresspassing -- there are dozens of kids spending hard time in jail for far less malicous actions than these (which have been considered "electronic trespassing". I fail to understand why you can't differentiate between this and any other trojan.
Are you suggesting that this type of vigilantism is acceptable? Do you believe that in this case, the coders' ends justify their means? IMO, it's as just as irresponsible as any other malware...in some cases, moreso.
I didn't read the post this way. He never says that those are home servers. Check again.
You took the words right out of my mouth. However, I think that HavenCo on the Principality of Sealand may have beaten you to the punch. However, I think that there is some question as to their sovereignty as a nation.
Provided that they have the proper bandwidth to handle this, I'd love to proxy most of my communications through them (or anyone offshore). It's a wrothy business idea to set up a pay proxy. Insert your Cryptonomicon parallel here.
When I saw the name Vanguard, it sounded really famaliar. When I googled for it, I realized that it was my all-time favorite arcade scroller. No wonder I was excited at first.
Yeah -- in my haste to hide my opinions about clean air regs, I failed to mention them. You're right...and in this case, the law, however well intentioned, is bullshit.
That's not necessarily true. That's usually just a disclaimer. Some aftermarket parts that are for "off road use only" are perfectly fine for street use (as far as safety goes). I have a very hard time believing that most parts (actually, not claimed) meant for the track are any less safe than their street counterpart. (This falls back on my ideal that track cars are generally safer than street cars -- they're usually built with crashing, rolling, etc in mind...unlike a street car, which is built for convinence). My feeling is that the manufacturer doesn't want to deal with the liability of some dumbass crashing his car and suing Garrett, KKK, or Greddy because their turbo (or turbo kit) made their car too fast for them to drive. Some parts, like stainless steel brake lines make the brake feel better (arguably, adding a margin of safety to a skilled driver) -- but usually aren't recommended for street because they require more maintenance (replacement). OTOH, some products, like great big driving lights aren't street legal period. ...now emmissions are a different story, although many will guarantee that you'll be able to meet CA's emmissions. For example, see Flyin' Miata's page. Anyway, what it really comes down to is your common sense for example -- don't use a pure track brake pad on the street: unlike a street pad, they need to be warmed up to work, are grabby, and don't work in the rain (unless they're special application). OTOH, a turbo or supercharger kit may be find for your needs and safe/legal on the street (unless it requires 103 octane race fuel)...or a fuel cell which is for "track use only".
Actually, they do check these things (this tends to vary wildly from state to state). Under the hood, there is a description of all of the original emmissions equipment. It's also in print. It's pretty easy to see what's been done, especially when there's a big-ass carburatur sitting on top of your intake header. I'm not quite sure what the details are -- but one way or the other, it's gotta pass emmissions (including a rolling dyno in an an increasing number of states). It's getting difficult to get old cars (or new cars with old equipment) to meet new-car standards.
If you've got an old car that you like to drive as you restore -- stay out of VA. They check everything. For example, if you have foglights, they have to work or the wiring needs to be cut all the way back to the harness. Lame.
I was under the impression that CA bought the licenses under a sealed settlement under completely unrelated suit. Unless I'm mistaken, CA bought licenses for UnixWare (or some other Old-SCO product), for which each automatically included a binary Linux license.
It sounds like SCO quitely tacked on the "free Linux binary license" in order to give the illusion of legitamacy within the indrustry to their Linux claims. It's a sneaky, bullshit move. I hope that the courts see this the same way I do. OTOH, the EV1 move was not trickery on SCO's part. That was just EV1 being stupid.
This is the crux of the problem. I don't see how value-adds should be illegal or considered monopolistic. I do understand how the Netscape story was different, but hey, they challenged Microsoft directly and publicly -- they sorta deserved what they got. The deal with the video player is completely different. Real build a crappy product, Microsoft realized that they only had to be marginally better to own the marketplace. There's nothing wrong with Microsoft entering that marketplace -- and it's not Microsoft's fault that Real couldn't pull it off properly. Had Real done it right the first time, we would not have two crappy PC streaming standards. What's next? MSFT has to pull it's builtin CD burning software because Roxio can't compete? Does this mean that RH Linux can't be installed with all of that GNU software (including browsers, cd burning software, and media players) because other commercial software can't compete? (I know, this is a stretch)
What (IMO) the real (no pun intended) problem is, is that Microsoft enters their OEM's/retailers into exclusive agreements in order to get OEM licensing/pricing. This way, each customer gets the full Windows package with their Dell, like it or not. It seems to me that the exclusive arrangements supercede all of the other monopolistic issues. This is a tool that Microsoft uses (leveraging their monopoly) to maintain their monopoly. If this would go away, I believe that most of these other arguments would be moot -- the OS playing field would be far more level, and their OS monopoly could not be leveraged as easily.
With the previous disclaimer aside -- I can feel free to really wear my heart on my sleeve and have a fine, offtopic discussion of different ideals. :)
IMO, your message sounds a whole lot socialist than conservative...but I could be totally wrong. A typical American conservative (forgive me if you're not American) believes less in the equal distribution of wealth (as you suggest...but in an much easier-to-swallow way) and more in a smaller, more streamlined government where citizens are able to take home a greater percentage of their dollar rather than paying high taxes. Let people attack an idea for being socialist -- that's just a word...and there's nothing wrong with socialism per se. However, I'm not sure that your idea is compatible with American business ideals. See below for a few ideas.
Here's where I think I fundamentally disagree...and my disagreement depends on a number of factors. Are you talking about total compensation packages? (Like base salary + value of stock options + stock options excercised + benefits + bonuses)? Or just base salary? I guess it doesn't really matter -- say my company is an LLC -- I invested in the company, and I own a partner stake. The shares I own are preferred and pay out dividens depending on the performance. Are you suggesting that I should not be allowed to make $1 mil a year from those dividends if my 20-year-old mail clerk is only making $32K annually? Better yet, what if, as a majority stakeholder and CEO, I decide that since I've busted my ass extra hard this year to steer the company in the right direction -- I deserve a fat bonus based on the profits that I was able to help my company generate. Especially since I put my hard-earned capital on the line to get this company off the ground -- maybe I should get a $200K bonus this year. Shouldn't I be allowed to if the company can sustain it? Can't the mail clerk can go work for someone else if it's not fair.
Think in terms of small businesses...I'll pull another example -- like a small medical practice where a doctor (who sold their soul to the devil in order to pay for a large number of years in medical school, a residency, etc) makes $220K/yr. Keep in mind that she has to spend a percentage of her free time keeping current with all of the latest medical technology. She invested her own money in the practice, and provides an excellent service to her patients -- she worked extra-hard to do better than the next guy and earned a name for herseld as the best in town (in her field). The recptionist didn't go to school, and makes $40K/yr. This is not a mega-corporation here, this is a 1-doctor family practice.
Here's another idea (then I'll STFU): Maybe the market is more likely to buy widgets (and at a greater price) from a company if the salary differential factor is less than 5. If so -- go nuts. Prove that you're the better, more honest business. This has tended to work with some of the American businesses that run sweat-shops in 3rd world companies. (Sadly, it hasn't trickled down to all of them yet).
Anyway, here are just a few examples of why I don't necessaily believe that your idea wouldn't be fair for everyone. Not that our current system is fair...but that's part of why I appreciate it. If you work hard enough and do the right things, there's a possibility to really create alot of wealth. Not everyone gets in on it, but not everyone takes on a huge risk. Which brings me to one last quick example -- accodring to
Nope -- it wasn't a troll...but I think you may have missed my point. Maybe I misstated it. The point was that the most vocal Slashdot posters, as well as the editors seem to have Socialist (as well as anti-corporate) leanings. The point I was trying to make was that rather than the parent poster complaining about it, he should make a stand for what he believes in...and that he's not alone. Furthermore, much (but not all) of the company-bashing that goes on here is without basis -- and assumes that we're all members of a community that just "gets it" like they do...which is just not the case here. If he's educated and knows a thing or two -- maybe he can shed some light on discussions having to do with finance. That's all. Perhaps I was wearing my heart on my sleeve a little too much. It wasn't my intention. My bad.
Are you being sarcastic?
I'll assume that you weren't -- but if you were...well, ignore this. I disagree that "nice guys finish last". Especially dishonest businesses always tend to lose in the long run. Case in point -- who is going to ever buy SCO products anymore? (Other than they 1 in 1000 companies they threatened with litigation) They've sued their userbase. Sure, you can say that they're a IP/lawsuit company now, but it remains to be seen whether or not they will succeed. Most Slashdot readers seem to feel that the lawsuit(s) will fail...and I don't think that there's any way that SCO will be able to be a profitable company selling software.
Here's another case that helps this point...Microsoft knows that Windows dominance will not last forever. They're trying not to look scared shitless because they want to put on a good face for their shareholders, however, they know that their current business model cannot last forever...Microsoft's aggressive and predatory business practices are 100% clear and very well publicized. If you believe that computer geeks are the only people who realize this, you're dead wrong. Business geeks read business journals, which tend to document this kind of thing very thoroughly. Microsoft knows that they need to diversify, but most industries are very reluctant to let Microsoft in -- they don't want to get screwed like Microsoft screwed everyone else. This was the same story with IBM and even Lotus back in the day. Look at these companies now...Lotus is owned by Microsoft, and IBM isn't half of what they were back in the antitrust-accusation days.
In general, the market tends to take care of itself. This is one of the ideals that I believe that the country was founded upon...and I think (this part of) it still (tends to) work(s).
AFAIK, most slashdotters don't feel this way. There is a very vocal group in the /. "community" who have some anti-corporate (and in many cases) socialist leanings. This is compounded by editors who appear to have similar feelings. If this was not the case, your post never would have been modded up like it was.
By all means -- get pissed. Tell the anti-capitalists (or however you want to describe them) that you think they're full of it. Ask for proof. Slashdot is a "news for nerds" site. It doesn't specify "news for computer nerds". Business nerds exist, and just because you do business doesn't make you an automatic asshole. Business is what drives our economy. Those who think that businesses need heavy regulation and huge taxes don't usually understand how it all works (well, I don't either -- but I still think that those folks are full of it)...it's sort of a "tax the other guy who seems to have deeper pockets" mentality. Maybe you can use what you've learned to show the "community" a thing or two -- because it's clear that many (not all) of the naysayers are victims of making assumptions based on data that they fail to understand.
Correct...but if you read my post again, you'll notice that I said that "the most important stuff to protect against are the recent outbreaks". I never said anything about completely overlooking old viruses. If you analyze a logfile from a mail server's quarantine logs, you'll find that the vast majority (~99.5%) of the worms/viruses that are picked off are from the latest outbreak. Furthermore, "latest outbreak" doesn't necessarily suggest a new virus/worm -- it's just a new outbreak.
Based on what I've written above, when it comes to protecting my users, where should my main priorities be...the .5%, or the 99.5%? I tend to worry about the common stuff first, then the way-out-of-the-ordinary stuff.
I've had reasonably good luck with ClamAV. I've found that effectiveness tends to depend on configuration (which I'll get back to).
Some people say that the ironclad test of an A/V app is the number of virus definitions listed. In ClamAV's case (per FreshClam's log output), there are 20372 signatures in the DB. IMO, the number of definitions doesn't really mean much. In my experience, the most important stuff to protect against are the recent outbreaks -- where mail servers are inundated with worm-laiden email. In this case, it's really a matter of how soon the definitions are updated. Generally, I tend to see definitions updated within 12-48 hours of a reported outbreak. Combine this with your update frequency to figure out your expopsure period.
There will be an exposure period regardless of which A/V software you run. Some will have greater average periods than others. Don't rely on marketing information to figure this out. It's a bunch of crap. Real world experience is what counts here -- if you've got lots of experience with these, great. If not, try to find someone who knows their stuff who can give you a good idea for what's what with different apps. I haven't used a ton of these, so I can't give you any ironclad data.
Your configuration will tend to be your greatest asset/worst enemy in terms of finding the best A/V setup for your particular needs. For example -- I automatically block certain types of attachments via qmail-scanner. There's no reason for them -- and they're not worth the risk. I block any attachment with the following extensions (I'm sure that this is not perfect, but whatever): .vbs, lnk, scr, wsh, hta, pif, exe, bat, com, sct, chm, cmd, crt, hlp, hta, isp, pcd, reg, shs, and js. These attachments are all allowed inside of an archive (which ClamAV scan), but I'm willing to roll the dice on exposure to those, since screwing up and opening the attachment is no longer as simple as a single mouseclick.
Finally, I also run client-side A/V. These just aren't as reliable as server-side protection -- users always find wonky things to do with/to their computers...but I like to think of this is a last line of defense. Furthermore, users also tend to check their personal email from work. If you have the hardware to handle it, it might be worth your while to have your users forward their personal email through your service to cover your butt (or enact a policy forbidding users from checking personal email at work)...just be careful about discoverability of their personal email if it comes through your work email (IANAL).
Overall, I'm satisfied with ClamAV/Qmail-Scanner. I'm running it on a system designed for 1000 users (in its current hardware/software configuration) -- scalable to up to about 3000 users. Currently, we're running with around 150 users...in about 2 months, we'll have our new HR/payroll system up which will allow us to add accounts for the rest of our 750 employees (long story). We'll see how good it is once I have a larger userbase to work with. However, my favorite part about ClamAV (and this is the real selling point) is the lack of per-seat fees associated with most commercial AV products. This is the same reason we chose not to use Exchange...those fees are hefty!
Convenient...perhaps too convenient. Do you think that NASA and Long John Silvers are in kahootz?
Those bastards.
As long as retailers accept the software returns, I don't see a problem. As far as lost time and potential lost business -- caveat emptor. That's never been a reason for a creating law (AFAIK). Besides, due diligence has always been a customer's responsibility. I'm not sure that the argument is really relevant because the problem as I see it is definitely not with shrinkwrapped software. It's with software distributed over the Internet. Finally, how in the world is malware extortion? I believe that malware is alot of things (all bad) -- but extortion has never come to mind.
Was this a response in regards to my comment or just your sig?
One important thing to remember in this discussion is that many companies spend far more time keeping their networks spyware-free than they do worrying about viruses/worms. I know mine does.
I don't really view spyware/adware/etc as anything other than a virus/worm with an EULA. If mydoom had an EULA attached to it which specifically states how it will work, and what it will do (in perfect legalese) -- should this be legal to write and spread in the wild? I say hell no. Anyway, since EULA's are not signed (in any way), and don't even have to be read -- they're not really an "agreement". They're more of a proclimation. Not only are their names misleading, but certain fundamental rights cannot be taken away by an EULA (and these are). Why not call one of those rights "control over your computer and personal information"? Maybe even redefine how EULAs are written. If you're giving up control over certain functions and information, maybe it should be in BIG BOLD LETTERS in plain English at the top of the agreement (rather than somewhere in the middle, small print, and in legalese so ambigous, most lawyers would read it and say "WTF?").
It's about time that someone did something (not that this is the best thing to do). I'm all about freedom -- let people do what they want as long as nobody gets hurt. However, when software depends on mass trickery in order to propigate, then there is a problem. When it comes to spyware/adware, it's important to let people know what they're getting into -- this is where we should start.
Wait a minute -- I used to watch that show all the time. I thought it was Jesse and Boss Hogg who used to be Rum Runners (or was it Ridge Runners) together. Jesse swore to never run booze again. IIRC, Bo and Luke weren't running any booze.
Legal or not, I can see EV1 eating that up:
I know that this is going to be incredibly unpopular, and it's more of a contingency than my belief, so I'll choose my words carefully. Let's assume, just for a second, that SCO is legally correct -- that their code is in Linux. And let's assume (again, just for a second) that IBM's enterprise contributions (Read Copy Update, SMP, etc) to the Linux kernel really does violate their IP. Then SCO has not violated the GPL, because there is non-GPL'ed code in the kernel. All McBride has done is publicly stated that he doesn't think that the GPL is even legal. If a Linux advocate said that they weren't sure that the GPL would hold up in court -- would that invalidate their use of the GPL?
I'm not saying that I that SCO is right, but the point is that from an objective perspective, Fyodor's reponse may be a bit premature. SCO has not won their court case yet -- it's not like anyone (with any sense) is buying Linux licenses from SCO yet. If SCO loses their court case (likely) then (unless they continue to try to charge for other people's IP) I don't think they've violated the GPL. Before anyone freaks out and calls me a troll, I'll admit that I could be way off-base here...IANAL -- and I don't know what the hell I'm talking about besides my own (poor) intrepretation of the GPL and what I'm able to get from Groklaw, etc. Just the same, I'd be interested in hearing opinions about this.
They're here.