Perhaps if our industry moves towards an apprenticeship model, such will be more palatable. But currently I think the school of hard knocks combined with repeated rejection is a rough and inefficient way to train young programmers.
Universities and trade schools might be the ideal place to train, but in my experience they hardly teach algorithms and concepts well - much less good programming practices - during the undergrad years. Post-graduate studies do often pair a student with an experienced mentor, but is it worth 4 more years? Is it worth going through years of babysitting and repetition in the public systems and tens of thousands of dollars just to gain access to a mentor who may be wholly out of touch with the industry? In some cases, yes. In many other cases, however, I think not.
If we were to focus on making SourceForge more open to newcomers, I'd recommend at least the following, although I believe a seperate system could be more effectively implemented for the purpose:
Add searchable flags to coders who wish to become mentors, and create a reputation-based system with which to gauge their sincerety and dedication.
Add searchable flags to the projects themselves, such that one knows which projects would like to accept young coders, allow them to participate, and assist them in their quest for knowledge and skill.
Create a pool of tools for young coders who cannot afford them. Not everyone's platform of choice is Linux, nor is it appropriate for all projects. And even within Linux, not all of the worthwhile tools are free.
Add a ratings system to allow peer review of the quality of code, such that people may be drawn to more professionally managed projects where they can learn better practices.
Encourage experienced programmers to provide more tutorials on their best practices, and work to build a high quality library of free (and preferably categorized and easy to find) knowledge. Such should not simply consist of solutions to single problems, but should also provide guidelines and thought processes that result in great software. Most teenagers are not yet going to have the finances to purchase the works of Stroustrup, Knuth, and Stevens, and it can be very hard to find useful information on the net at large - the signal/noise ratio is quite low these days. Consolidating such knowledge in one place could be of great benefit to everyone, but especially those just beginning their study of the trade.
Provide a subset of projects that are less ethically questionable, or at least a rating system to ensure that projects which might land their participants in hot water legally are clearly marked and young programmers are recommend to avoid them. While the vast majority of projects are responsible, some are questionable and others are downright inappropriate for minors (and most likely illegal for minors to work on).
Because of the tendancy of geeks to diss on newbies. I suspect a *lot* of top quality mentoring goes on on SourceForge, but I also suspect that inexperienced coders are often not allowed on projects or rudely dismissed when they make mistakes.
If a place was set up specifically for young programmers just learning the trade, I think it would have a better effect. In addition, I suspect you could get more sponsorship benefits in such an environment. Here I'm thinking Apple, Microsoft, RedHat, CodeWarrior, Compuware, the antivirus companies, and others chipping in on training materials, equipment, and manpower.
It's good to see you posting:) It sounded from the BugTraq article that Alfred posted that there was a bit of internal backlash already, but with some of the founders of the industry making waves one can hope that Symantec will make the sensible decision and never allow their clueless management and marketing fluff to go in front of government legislatures again.
I'm curious - what do you think of my suggestion for reducing the number of kids in virus writing? I know it would be very ambitious, and would need considerable effort and cooperation between a large number of ethical and talented professionals with no direct monetary gain to encourage such participation, but to me it seems like it might help. If such an alternative had been present in the late 80's and early 90's, I suspect I would have been interested.
I'm curious, are there any viable open source alternative anti-virus products out there?
I might be willing to lend a hand if anyone has such a project and needs a coder. I bet you could reduce the money available to lobby for such stupid laws by commoditizing the market and destroying the profit in creating such laws - and such a product, if done well, would benefit the net as a whole.
I'm aware of Clam AV, but since it's POSIX oriented, it's not really a replacement. I'm thinking of something that supports modern AV features under Windows - e.g. real-time scanning, prevention of execution, modern heuristics, auto-updates, etc.
Of course, for corporations, the best solution would probably be something more along the lines of an access control program that disallowed use of any products that weren't officially sanctioned.
A little bit of uneasiness now, but protection from all but the most determined adversary. And the law already completes the vaccine analogy by punishing those who are caught actually perpetrating the crime.
Personally, I'd rather not throw kids in jail and ban them from computer usage once they get out - that's a good way to create a hardened criminal or a very bitter and suicidal geek.
There will always be someone writing viruses - whether for misguided political motivations, as a last gesture from a disgruntled employee, or for commercial interests. For example, there's a lot of speculation that SoBig is the work of a professional spammer.
But it would be good to take the kids out of the equation without destroying their futures.
And unfortunately, I'd hardly say that typical security has gotten much better since the Morris worm made its rounds years ago. It's still the same in most places - nonexistant. Places that hire good people to protect their systems improve every day, but for most companies they don't seem to think security is worth the salary a really competent sysadmin usually requires (or they simply can't afford it).
I don't think that's going to change until having a virus take down a company's servers has a larger chance of destroying the company rather than just inconveniencing it.
Obviously, this is stupid. Outlawing such information will, at best, make it hard for programmers to learn enough about the different types of viruses out there, the techniques they use, and the methods to protect against them.
In otherwords, if you outlaw the legitimate dissemination of information regarding viruses and how they are made, you just made writing a GPL or BSD licensed antivirus program illegal - obviously anyone involved in such a project would have to break the law to obtain virus samples, disassemblies, and information. This might be good for Symantec, but it sucks for the rest of us.
However, there is a problem. There's a ton of viruses coming out every day, and the internet makes an extremely fertile ground for even a poorly written virus or worm. A simple virus or worm can literally bring a corporation's operations to a halt for a day or two - even if critical machines run moderately secure operating systems, the traffic overload and DDOS'ing from the compromised machines can be hell.
Most virus writers are kids that feel alienated by "the system". I think most studies have shown that the average virus writer ages are between 14 and 24 - meaning when people get older and join society, they generally phase out of virus writing for moral or practical reasons. For several papers on who exactly writes viruses, go here.
So how do we prevent these kids from writing viruses? Outlawing information regarding viruses is a lot like outlawing the purchase of spraypaint - it isn't going to work, and it makes life suck for the rest of us.
But could we find ways to engage kids within risk groups and help them find useful outlets for their talent, so they could receive positive feedback and recognition for their work instead of getting their kicks unleashing their work on the world? I bet if you got a teenager that otherwise felt the world was against him or her involved in an open-source project they got excited about, where they were tutored and provided with positive feedback by more experienced mentors - they wouldn't have the time or the inclination to write viruses and will learn some very valueable skills that will be useful to them.
So how about this - start something similar to SourceForge for teens, and find programmers willing to donate their time mentoring these kids and helping them take their skills to the next level while teaching them the ethics and responsibilities of a first-rate programmer? Obviously such a system would need to be watched for abusive adults and any found would need to be banned and/or prosecuted, but if a bunch of good coders that gave a shit about kids did it I think it could seriously make a dent in the growth of the virus problem.
The other solution would be to make apprenticeships mandatory for budding programmers:)
Recommendation: check for hidden cameras before using solitaire, and make sure they are waterproof before hand, 'cause you're going to have to take them into the shower with you to keep them secure after alerting the previously unhampered monitoring personnel by sending garbage text or images who's lsb's decode to pure alphabetic ascii....
i'd think if you're being hosted by a hostile nation, tempest security would be very amusing to them.
"That's an awfully nice 50-lb laptop, sir. Did you notice you were emailing us logs of all your keystrokes each day? Yeah, we installed that last week while you were at dinner."
Basically, at the start, we've got two choices. Either:
Your dad is paranoid and is not being bugged. Those people said stupid things in public, too.
Your dad is being bugged by his hosts, presumeably because there is information that his hosts may gain from bugging that he (or his employer/country) doesn't want to release.
In the first case, try any of the suggestions listed in previous comments to make him feel better.
In the second case, he simply shouldn't talk about anything that is considered sensitive while in a non-secure location. Too many ways to intercept any form of communication that doesn't start out encoded. TEMPEST is *so* 70's.
He could get by on important things with pre-coded messages. "How are the kids" meaning all is clear. "How's the dog" meaning get me the fuck out of this country, now! But if such codes are re-used, they'll be discovered. And if someone knows he doesn't have a dog - well, that's probably a bad idea too.
Tech solutions are good for clearing areas that might have unsophisticated attacks (that didn't build the building in the first place!), and for preventing interception between two secure locations. If those locations aren't secure, you're SOL on tech.
Yeah, I'm surprised how many people still require Word format for resumes...
I've thought about embedding code demos in my resume before when scouting for contracts (going full screen 3D or something when they opened it), but figured if the person who opened it was actually a competent programmer s/he'd just be annoyed. Aside from that, can't think of a single reason not to ask for resumes in.rtf,.PDF, or *something* without executeable code in it.
You're right though - any company that executes random.doc files on the inside of their firewalls when the source is a total unknown is insane.
I can confirm the Win32\Swen.A spreading which would fit the bill. Apparently it's already become widespread in HR departments. I sent out a resume three weeks ago from a fairly virgin email account - two weeks ago, I was bombarded with SoBig.F as a result. That seems to have subsided. This morning, the Win32\Swen.A bombardment began..... On the bright side, at least I know there's still a huge need for competent IT out there, even if that's not what I want to be doing...
Hell, at least all the stuff hitting my spam filter isn't talking about "Your Application" anymore.... That sucked.
Under the U.S. system, you are protected in as far as "just and full compensation" from emminent domain. It's not always just and certainly wasn't in the 1950's, but there is a system within which to fight for proper compensation. People can also call their representatives when its abused, and organize grassroots campaigns and vote against those that abuse it.
I've personally watched farmers kicked off the farm they worked so a factory could be built in China, and it sure didn't seem like they were being compensated (I was living and working at a neighboring factory at the time). It was in one of the "special" industrial regions in southern China where Chinese citizens without the right papers to be there got beaten by the side of the road if they went there (got to watch that one, too).
And because I'm a part of a capitalistic system - my parting offer was legitimate and serious. If you really want full rights to do anything with capitalistic software, I'll be happy to write it if you pay me enough to make it worth my time.
If I write something on my own initiative, I can make the choice of whether to sell its usage to interested buyers under a license we both agree to, or release it as open source free for others to use.
I couldn't do that under communistic rule, and I'm damned happy to be in a capitalistic system. It's not perfect, there are obviously abuses, but it beats the hell out of the alternatives I've seen so far.
LOL... Okay, first of all, capitalism and socialism often go hand in hand. Even places that are deemed evil capitalist countries by people who like to rant about such, like the U.S., have massive socialist programs that are intended to improve the lives of people who need assistance. Therefore contrasting the two as if they exist in pure form is erroneous.
However, if you're speaking of communism as it exists in the world - sure it's yours... until the government bulldozes your home, takes your possessions, and tells you you're now working to build a factory on the land you used to farm to make cheap shoes. Have you ever lived in a communist country? I'd highly recommend the experience - there are still a few around you can support a fairly good lifestyle in just teaching english or going as an exchange student and living on loans. It's an experience. Don't just go to the tourist trap cities, and stay out of the "western" clubs and apartment complexes.
Capitalist markets become what is agreed upon by the consumer and the producers. I'll be happy to write software for you that you can own fully and can do what you like with - provided you'll write me a check that makes it worth my while.
Tell me then:
Who is going to make a career of writing games, fiction novels, or publishing music in your ideal world? Explain why and how. Remember, food and shelter are important parts of productivity.
Personally, I like an economic system where one can make a career out of those.
Quit bitching and hang your own shingle, learn to negotiate, or move to California.
If you want to hang your own shingle as a software programmer and make a decent living, you'd better support at least a short time-limited copyright if you want to create your own products. Sure, you can contract yourself out to other companies to produce their programs for them, but if you ever want to make your own software as a living there's got to be incentive there. Without copyright law, as soon as one person has it the cat's out of the bag - so either gorge your first customer for the $60k you needed to live while writing it, or starve.
If you want a steady easy paycheck, but want rights to the work you do outside of your employment, you should negotiate it when signing up to work for a company. In the U.S. at least, it's standard to have a list of exemptions in the employee contract - make use of it. If it isn't there, write one and require that they sign it before signing yours. Hire a lawyer to whip one up for you if you need.
If you want rights to what you do at work - try talking them into doing it as open source. If it's a piece of code that would be of benefit to others, but wouldn't harm their competitiveness with other companies, you can probably succeed if you can voice your reasoning well and defend it. Of course, if what you are working on is trade secret for the company and is the heart of their business - good luck. Remember, those paychecks have to come from somewhere - usually its customers buying something they couldn't get for free at an equally high quality elsewhere.
If you want the law on your side - get a visa and move to California. They have some of the most employee-friendly state laws regarding copyright, patents, and other IP that I've seen. In some cases they may override your employer's contract. Hire a lawyer.
True. She was going through hell. I've known others who have gone through that procedure, too - although in one of the cases I think the damage was far worse to the guy's daughter than it was to him.
However, it's not profitable for a company to have their entire coding staff having to chase someone through the code to know that a.) it works, and b.) it isn't stolen. And, the GPL problem predated the announcement of the process.
I have encountered GPL'd code in proprietary software I was hired to work on. I immediately removed it from the project (like, within minutes), and did my damndest to get the coder that put it in there fired (that part ended up being delayed because he was in the middle of becoming a she...).
I think most proprietary, closed-source developers - at least any halfway decent ones - are going to have a similar reaction. See, any closed-source programmer worth his or her salt is going to value copyright laws (patents are another issue entirely, btw). We may disagree with the ever-extending time limits on them, but without some period of time in which one can sell a software product without people legally spreading it all over the planet for free - we loose our paycheck. By extension, we're going to respect other people's rights for what they want done with their code - such as those who use a GPL or BSD license.
There are plagiarists in any copyright-driven business, but just like in books, newspapers, or anywhere else, in coding the majority of professionals take a very dim view and you aren't likely to get away with it if you work on a team that reviews your work.
Neato - they do exist. That's gotta violate some privacy laws in most countries. I may be purchasing some more toys and a building a faraday cage into my backpack before the next Comdex though.
Thanks! Bontchev's quote was slightly off, which was why I couldn't find it elsewhere. Found confirmation now on CERT and a number of other places looking for "The tree of evil bears bitter fruit", rather than "has bitter fruit".
Unless of course they get flooded and just start calling the SPA's anti-piracy lines and getting audits done anywhere they receive such a response from, which is guilty until proven guilty because someone miscounted the number of licenses to buy.
Quite honestly, if I was asked to code such a feature in a product I was writing for a company, I'd refuse. Management changes pretty often, and tactics can change overnight. I have written copy protection schemes, but not ones that specifically sent identifiable information - I just made to program not work when cracked and display a dialog box.
Call the company. Say you found the user and pirated software, and appreciate their notice. Tell them the software has been deleted and the user has been reprimanded. Tell them you have banned said software company wide because your company does not use pirated software - or spyware.
It's spyware. I think active copy protections such as that are stupid anyway - what happens if the user is legitimate, but either had a file corrupted or a virus infected it? I'd assume they are just doing an MD5 hash of their software at best for the check for cracks, and a parasitic.exe virus would set it off right away. So would some older methods of file innoculation, random disk/transfer corruption, and a whole lot of other things.
There's a legend that Microsoft actually encountered this back with Microsoft Word 1.0 - it formatted the hard drive if the CRC of the program changed. Bad karma there, hosing innocent users if they got infected. (BTW - I've seen Vesselin Bontchev reference it here and other places, but it could just be he picked up a convenient rumor. Anyone have verification of this story?
If it's not documented in the EULA for the product, it might even be a potential civil suit against the company. Doesn't Europe have fairly restrictive privacy laws that could come into effect here? Could be criminal there if so, especially if it misfired on an innocent user. Although of course - IANAL.
Yep. And, many such viruses have their distribution site shut down within days (if not hours) of them hitting the wild - either from traffic overflow, or an administrator with just enough of a clue to think that maybe helping a virus along is a bad idea.
The obscure hole of course defeats the entire purpose of the proposed so-called 'good' virus. It renders the machine even less secure.
Slashdot Mirror
That's kinda cute... so the middle man gets your quarter, *and* a copy of your song. Does their DRM counter that that all?
Universities and trade schools might be the ideal place to train, but in my experience they hardly teach algorithms and concepts well - much less good programming practices - during the undergrad years. Post-graduate studies do often pair a student with an experienced mentor, but is it worth 4 more years? Is it worth going through years of babysitting and repetition in the public systems and tens of thousands of dollars just to gain access to a mentor who may be wholly out of touch with the industry? In some cases, yes. In many other cases, however, I think not.
If we were to focus on making SourceForge more open to newcomers, I'd recommend at least the following, although I believe a seperate system could be more effectively implemented for the purpose:
If a place was set up specifically for young programmers just learning the trade, I think it would have a better effect. In addition, I suspect you could get more sponsorship benefits in such an environment. Here I'm thinking Apple, Microsoft, RedHat, CodeWarrior, Compuware, the antivirus companies, and others chipping in on training materials, equipment, and manpower.
I'm curious - what do you think of my suggestion for reducing the number of kids in virus writing? I know it would be very ambitious, and would need considerable effort and cooperation between a large number of ethical and talented professionals with no direct monetary gain to encourage such participation, but to me it seems like it might help. If such an alternative had been present in the late 80's and early 90's, I suspect I would have been interested.
I might be willing to lend a hand if anyone has such a project and needs a coder. I bet you could reduce the money available to lobby for such stupid laws by commoditizing the market and destroying the profit in creating such laws - and such a product, if done well, would benefit the net as a whole.
I'm aware of Clam AV, but since it's POSIX oriented, it's not really a replacement. I'm thinking of something that supports modern AV features under Windows - e.g. real-time scanning, prevention of execution, modern heuristics, auto-updates, etc.
Of course, for corporations, the best solution would probably be something more along the lines of an access control program that disallowed use of any products that weren't officially sanctioned.
Personally, I'd rather not throw kids in jail and ban them from computer usage once they get out - that's a good way to create a hardened criminal or a very bitter and suicidal geek.
There will always be someone writing viruses - whether for misguided political motivations, as a last gesture from a disgruntled employee, or for commercial interests. For example, there's a lot of speculation that SoBig is the work of a professional spammer.
But it would be good to take the kids out of the equation without destroying their futures.
And unfortunately, I'd hardly say that typical security has gotten much better since the Morris worm made its rounds years ago. It's still the same in most places - nonexistant. Places that hire good people to protect their systems improve every day, but for most companies they don't seem to think security is worth the salary a really competent sysadmin usually requires (or they simply can't afford it).
I don't think that's going to change until having a virus take down a company's servers has a larger chance of destroying the company rather than just inconveniencing it.
In otherwords, if you outlaw the legitimate dissemination of information regarding viruses and how they are made, you just made writing a GPL or BSD licensed antivirus program illegal - obviously anyone involved in such a project would have to break the law to obtain virus samples, disassemblies, and information. This might be good for Symantec, but it sucks for the rest of us.
However, there is a problem. There's a ton of viruses coming out every day, and the internet makes an extremely fertile ground for even a poorly written virus or worm. A simple virus or worm can literally bring a corporation's operations to a halt for a day or two - even if critical machines run moderately secure operating systems, the traffic overload and DDOS'ing from the compromised machines can be hell.
Most virus writers are kids that feel alienated by "the system". I think most studies have shown that the average virus writer ages are between 14 and 24 - meaning when people get older and join society, they generally phase out of virus writing for moral or practical reasons. For several papers on who exactly writes viruses, go here.
So how do we prevent these kids from writing viruses? Outlawing information regarding viruses is a lot like outlawing the purchase of spraypaint - it isn't going to work, and it makes life suck for the rest of us.
But could we find ways to engage kids within risk groups and help them find useful outlets for their talent, so they could receive positive feedback and recognition for their work instead of getting their kicks unleashing their work on the world? I bet if you got a teenager that otherwise felt the world was against him or her involved in an open-source project they got excited about, where they were tutored and provided with positive feedback by more experienced mentors - they wouldn't have the time or the inclination to write viruses and will learn some very valueable skills that will be useful to them.
So how about this - start something similar to SourceForge for teens, and find programmers willing to donate their time mentoring these kids and helping them take their skills to the next level while teaching them the ethics and responsibilities of a first-rate programmer? Obviously such a system would need to be watched for abusive adults and any found would need to be banned and/or prosecuted, but if a bunch of good coders that gave a shit about kids did it I think it could seriously make a dent in the growth of the virus problem.
The other solution would be to make apprenticeships mandatory for budding programmers :)
i'd think if you're being hosted by a hostile nation, tempest security would be very amusing to them.
"That's an awfully nice 50-lb laptop, sir. Did you notice you were emailing us logs of all your keystrokes each day? Yeah, we installed that last week while you were at dinner."
In the first case, try any of the suggestions listed in previous comments to make him feel better.
In the second case, he simply shouldn't talk about anything that is considered sensitive while in a non-secure location. Too many ways to intercept any form of communication that doesn't start out encoded. TEMPEST is *so* 70's.
He could get by on important things with pre-coded messages. "How are the kids" meaning all is clear. "How's the dog" meaning get me the fuck out of this country, now! But if such codes are re-used, they'll be discovered. And if someone knows he doesn't have a dog - well, that's probably a bad idea too.
Tech solutions are good for clearing areas that might have unsophisticated attacks (that didn't build the building in the first place!), and for preventing interception between two secure locations. If those locations aren't secure, you're SOL on tech.
I've thought about embedding code demos in my resume before when scouting for contracts (going full screen 3D or something when they opened it), but figured if the person who opened it was actually a competent programmer s/he'd just be annoyed. Aside from that, can't think of a single reason not to ask for resumes in .rtf, .PDF, or *something* without executeable code in it.
You're right though - any company that executes random .doc files on the inside of their firewalls when the source is a total unknown is insane.
Hell, at least all the stuff hitting my spam filter isn't talking about "Your Application" anymore.... That sucked.
I've personally watched farmers kicked off the farm they worked so a factory could be built in China, and it sure didn't seem like they were being compensated (I was living and working at a neighboring factory at the time). It was in one of the "special" industrial regions in southern China where Chinese citizens without the right papers to be there got beaten by the side of the road if they went there (got to watch that one, too).
And because I'm a part of a capitalistic system - my parting offer was legitimate and serious. If you really want full rights to do anything with capitalistic software, I'll be happy to write it if you pay me enough to make it worth my time.
If I write something on my own initiative, I can make the choice of whether to sell its usage to interested buyers under a license we both agree to, or release it as open source free for others to use.
I couldn't do that under communistic rule, and I'm damned happy to be in a capitalistic system. It's not perfect, there are obviously abuses, but it beats the hell out of the alternatives I've seen so far.
However, if you're speaking of communism as it exists in the world - sure it's yours... until the government bulldozes your home, takes your possessions, and tells you you're now working to build a factory on the land you used to farm to make cheap shoes. Have you ever lived in a communist country? I'd highly recommend the experience - there are still a few around you can support a fairly good lifestyle in just teaching english or going as an exchange student and living on loans. It's an experience. Don't just go to the tourist trap cities, and stay out of the "western" clubs and apartment complexes.
Capitalist markets become what is agreed upon by the consumer and the producers. I'll be happy to write software for you that you can own fully and can do what you like with - provided you'll write me a check that makes it worth my while.
Tell me then:
Who is going to make a career of writing games, fiction novels, or publishing music in your ideal world? Explain why and how. Remember, food and shelter are important parts of productivity.
Personally, I like an economic system where one can make a career out of those.
If you want to hang your own shingle as a software programmer and make a decent living, you'd better support at least a short time-limited copyright if you want to create your own products. Sure, you can contract yourself out to other companies to produce their programs for them, but if you ever want to make your own software as a living there's got to be incentive there. Without copyright law, as soon as one person has it the cat's out of the bag - so either gorge your first customer for the $60k you needed to live while writing it, or starve.
If you want a steady easy paycheck, but want rights to the work you do outside of your employment, you should negotiate it when signing up to work for a company. In the U.S. at least, it's standard to have a list of exemptions in the employee contract - make use of it. If it isn't there, write one and require that they sign it before signing yours. Hire a lawyer to whip one up for you if you need.
If you want rights to what you do at work - try talking them into doing it as open source. If it's a piece of code that would be of benefit to others, but wouldn't harm their competitiveness with other companies, you can probably succeed if you can voice your reasoning well and defend it. Of course, if what you are working on is trade secret for the company and is the heart of their business - good luck. Remember, those paychecks have to come from somewhere - usually its customers buying something they couldn't get for free at an equally high quality elsewhere.
If you want the law on your side - get a visa and move to California. They have some of the most employee-friendly state laws regarding copyright, patents, and other IP that I've seen. In some cases they may override your employer's contract. Hire a lawyer.
Here's an interesting article on copyright law with some pointers. I don't know how similar Australia's laws are.
In Texas we just take vacation and think about redistricting.
However, it's not profitable for a company to have their entire coding staff having to chase someone through the code to know that a.) it works, and b.) it isn't stolen. And, the GPL problem predated the announcement of the process.
I think most proprietary, closed-source developers - at least any halfway decent ones - are going to have a similar reaction. See, any closed-source programmer worth his or her salt is going to value copyright laws (patents are another issue entirely, btw). We may disagree with the ever-extending time limits on them, but without some period of time in which one can sell a software product without people legally spreading it all over the planet for free - we loose our paycheck. By extension, we're going to respect other people's rights for what they want done with their code - such as those who use a GPL or BSD license.
There are plagiarists in any copyright-driven business, but just like in books, newspapers, or anywhere else, in coding the majority of professionals take a very dim view and you aren't likely to get away with it if you work on a team that reviews your work.
Neato - they do exist. That's gotta violate some privacy laws in most countries. I may be purchasing some more toys and a building a faraday cage into my backpack before the next Comdex though.
And, found more in depth info from Bontchev - seems he just misremembered later.
Ever modify the executeable? Just using it wouldn't cause the problem..
Quite honestly, if I was asked to code such a feature in a product I was writing for a company, I'd refuse. Management changes pretty often, and tactics can change overnight. I have written copy protection schemes, but not ones that specifically sent identifiable information - I just made to program not work when cracked and display a dialog box.
Call the company. Say you found the user and pirated software, and appreciate their notice. Tell them the software has been deleted and the user has been reprimanded. Tell them you have banned said software company wide because your company does not use pirated software - or spyware.
There's a legend that Microsoft actually encountered this back with Microsoft Word 1.0 - it formatted the hard drive if the CRC of the program changed. Bad karma there, hosing innocent users if they got infected. (BTW - I've seen Vesselin Bontchev reference it here and other places, but it could just be he picked up a convenient rumor. Anyone have verification of this story?
If it's not documented in the EULA for the product, it might even be a potential civil suit against the company. Doesn't Europe have fairly restrictive privacy laws that could come into effect here? Could be criminal there if so, especially if it misfired on an innocent user. Although of course - IANAL.
BTW - what product?
The obscure hole of course defeats the entire purpose of the proposed so-called 'good' virus. It renders the machine even less secure.
It's just a bad idea.