Of course it's a monopolistic ploy! Never argued against that -- it's designed to prevent third parties from being able to use their extensions.
However, monopolistic ploy or not, you still can't claim that reproducing copyright documents (their copyright here isn't in any sort of doubt) is freedom of speech.
First, we're not dealing with reverse-engineering here. I'm not sure of the legality here, but it certainly should be legal. We're dealing with copying a copyrighted document.
The Kerberos spec includes empty fields for vendor use. Microsoft used one of these fields; they have no obligation to make info on their use of it public. Yes, it's against the spirit of cooperation, but did you honestly think that Microsoft was a believer in cooperation? I don't think that it's a good or smart move by Microsoft, but in comparison it's not all that evil. It's similar to taking BSD-licensed software and releasing a proprietary modified binary of it. Not great, but not satanic.
Anyway, whether or not what Microsoft did is compatible with open-source ideals has nothing to do with reproducing it illegally. If I believe in open source and get my hands on the MS Office source code, I can't distribute the source code openly. Or, conversely, if I believe in closed source, I can't sell binary-only copies of modified GPL software.
Even after all the hot water the boys in Redmond have been in recently, why do they STILL persist in engaging in various types of manipulation of questionable legality?
Requesting that your copyrighted work isn't copied and posted all over a public forum without your permission is "manipulation of questionable legality"? Being banned from selling bootlegs of a movie outside the theater is "of questionable legality"?
OK, asking that the posts about using Winzip to open the file be removed is questionable. But many of their claims make perfect sense.
Easy: no extension of fair use applies to reproducing an entire long document.
Take the example of an academic study of a recently-published novel. The study itself is quite long, and deals in depth with every chapter of the novel. This does not mean that someone can publish the study and include a copy of the novel as an appendix!
Fair use applies to quotes and citations, not to full-scale copying.
In no situation is quoting an entire document fair use. If I write an in-depth review of a new novel and discuss every single chapter, I certainly can't reproduce the entire novel.
I agree completely -- it's not a valid trade secret.
But it is still copyrighted. Secret or not, you can't reproduce the copyrighted work of others. Microsoft doesn't claim that, say, Microsoft Press's "Learn VB6 in Under 5 Milliseconds" is a trade secret. That doesn't mean that I can post its full text on my web site.
On the one hand, Microsoft claims copyright on the text. On the other hand, Microsoft allowed everyone in the world to download it, making no attempt whatsoever to restrict access to people who had previously signed an NDA. The validity of the "click-through NDA" is doubtful, because the use of WinZip to open self-extracting archives (and bypass any trojan or virus in the extraction code) is a very well-known procedure; indeed, this is a feature of the format.
Honestly, I don't know whether the NDA is valid -- I don't have the legal knowledge. It may be valid, it may not be.
It makes no difference.
Microsoft has copyrighted the material; this is not in dispute. The copyright on that material is valid. Whether or not something is distributed free of charge has absolutely no effect on its copyright. If the local bookstore decides to give out copies of a book it has excess stock of for free, this in no way gives you the right to publish and sell your own version of the book. TV shows are offered to viewers for free; you can't tape a TV show and then rebroadcast it.
The material was copyrighted by Microsoft, and posting the material violated Microsoft's copyright. This is clear. Whether the links and circumvention information violated anything is less clear -- while I'm not sure if it was illegal, I am sure that it certainly should be legal. Reproducing copyrighted material and claiming freedom of speech, however, shows a complete ignorance of the meaning of freedom of speech. (Freedom of speech means that you can express any opinion of yours, but not that you can freely copy the work of others.)
No, you can't reproduce something without breaking copyright.
If you sneak a camcorder into a new movie, record it, and sell bootlegs videos of it on the street, whether you claim to own the material or not is irrelevant: you're still reproducing it illegally.
Nothing wrong with citing unless it's determined to be for the purpose of deliberately circumventing copyright law, but this MS document is considered a "trade secret" and you are expressly forbidden from distributing it at all.
Let's start with #2. The script was not embedded. (Outlook does have the capability to run scripts, but they are fully sandboxed.) WSH, which was used to run this script, is the Windows equivalent of Perl.
Neither #1 nor #3 are valid as they depend on an OS being difficult to use in a time where ease of use is one of the major targets for Linux. Linux's target is world domination; this involves being used by less-knowledgeable users.
The changes which the virus made to the registry could have been done without root privileges on unix. If I remember correctly, they were changing the browser home page and setting things to run on user login.
The damage done by the virus was done by doing three things:
- Reading your address book. - Sending e-mails. - Deleting or modifying documents (which would usually be in a home directory).
Sorry, but this just isn't possible. Think about it:
- for most users, including myself, you have to run an attachment. If you look at the documents at CERT and the antivirus companies, you will see that they say that attachment-opening is required.
- The source code of the virus is available. It does no tricky security-bypassing things.
- There is no option in Outlook (Express 5 or 2000) to autorun attachments.
It's just not plausible that it would sometimes decide to run attachments (which didn't try to exploit any security bug) and sometimes not.
Allow me to repeat myself: The attachment does not run within the client..
VBS files are executable -- they run via the Windows Scripting Host. Outlook does not contain a VB exec engine. (Well, it kind of does -- it uses the IE html control quite a bit, and that uses a sandboxed VB engine.)
This particular virus will not spread without an outlook address book. (It will, however, infect your system.) But that's only because it was written for Outlook; it could be written for just about any other e-mail client. The VBScript has full filesystem and registry access, and with that you can read any setting from any program.
So, in other words, it is 100% possible without Outlook.
It applies to the process of encrypting data with the RSA algorithm. And yes, if someone finds a different way to encode to MP3, then patents will not apply. But nobody has found a different way, and it's unlikely that one will be found.
No, that's not it being in a preview window, that's a security bug (buffer overflow). Yes, MS software has tons of security bugs. (MS certainly doesn't have a monopoly on them, though.) This is not by design, though, and this virus doesn't exploit any bugs.
Well, simply saying that 4 out of 5 dentists and/or security experts say that the preview pane activates it automatically is not enough. Please point to me to these security experts.
In the mean time, I'll show you some other security experts. For instance, there are the largest antivirus companies, McAfee (NAI) and Symantec (Norton).
To provide some quotes from these pages:
If the user runs the attachment the worm runs using the Windows Scripting Host program.
Payload trigger: On execution of email attachment
Seems like they're on my side. The CERT advisory doesn't explicitly say either way how the virus is executed, but it does tell users to exercise caution opening attachments, which implicitly says that opening an attachment is required.
It does not tell you if it is running any form of code embedded into an email message.
Wrong. It will automatically run any code which IE would run in a web page -- HTML, safely sandboxed JavaScript. (It can be set to warn you, but this isn't the default.) It will NOT, however, run code which modifies your system files, like this virus/trojan; users have to run that themselves.
On a *nix system, the trojan still would not have been very effective since it would have to be executed as Root to have the same extensive and damaging effects as it's Windows counterpart.
Really? Please tell me which of the trojan's actions require root. Your choices are:
1) Reading the user's address book. 2) Sending e-mail. 3) Deleting/modifying user documents.
Please explain why non-Outlook users weren't as badly effected
This one's easy. Because the virus was written to use Outlook. Why? Because Outlook has the most market share. If Netscape has the most market share, the virus would have been written to use Netscape. The virus does not exploit any Outlook security holes.
The ability to design complex programs with system administrative capabilities should be difficult to master.
So computers should be made purposefully made more difficult to use? You know, tons of people die in car accidents every year; why don't we have cars require you to answer a multiple-choice American History question and then perform 60 push-ups before they will turn on?
Making things easy is a very good thing. If I had to write all scripts in x86 assembler rather than in Perl, I would not be happy. Yes, it would prevent buggy Perl scripts, but it would also unnecessarily restrict the use of computers to those with a great deal of previous knowledge. Or, in short, saying that things should be made purposefully hard to keep away the unwashed masses is elitist crap.
Could I suggest the same? Please look into what this virus does -- it reads your address book, sends e-mail, and deletes personal documents. Could you please tell me which of these tasks would require root privileges?
Please say what you mean by "easily-exploitable"; simply saying that software can be easily exploited does not make it so. Without examples, this is all just empty rhetoric.
I don't think that the preview pane is a security risk. Plenty of IT professionals use it. Why? Because the preview pane will not run this virus. Users have to run the attachment manually.
Slashdot Mirror
Of course it's a monopolistic ploy! Never argued against that -- it's designed to prevent third parties from being able to use their extensions.
However, monopolistic ploy or not, you still can't claim that reproducing copyright documents (their copyright here isn't in any sort of doubt) is freedom of speech.
The Kerberos spec includes empty fields for vendor use. Microsoft used one of these fields; they have no obligation to make info on their use of it public. Yes, it's against the spirit of cooperation, but did you honestly think that Microsoft was a believer in cooperation? I don't think that it's a good or smart move by Microsoft, but in comparison it's not all that evil. It's similar to taking BSD-licensed software and releasing a proprietary modified binary of it. Not great, but not satanic.
Anyway, whether or not what Microsoft did is compatible with open-source ideals has nothing to do with reproducing it illegally. If I believe in open source and get my hands on the MS Office source code, I can't distribute the source code openly. Or, conversely, if I believe in closed source, I can't sell binary-only copies of modified GPL software.
Requesting that your copyrighted work isn't copied and posted all over a public forum without your permission is "manipulation of questionable legality"? Being banned from selling bootlegs of a movie outside the theater is "of questionable legality"?
OK, asking that the posts about using Winzip to open the file be removed is questionable. But many of their claims make perfect sense.
Easy: no extension of fair use applies to reproducing an entire long document.
Take the example of an academic study of a recently-published novel. The study itself is quite long, and deals in depth with every chapter of the novel. This does not mean that someone can publish the study and include a copy of the novel as an appendix!
Fair use applies to quotes and citations, not to full-scale copying.
In no situation is quoting an entire document fair use. If I write an in-depth review of a new novel and discuss every single chapter, I certainly can't reproduce the entire novel.
I agree completely -- it's not a valid trade secret.
But it is still copyrighted. Secret or not, you can't reproduce the copyrighted work of others. Microsoft doesn't claim that, say, Microsoft Press's "Learn VB6 in Under 5 Milliseconds" is a trade secret. That doesn't mean that I can post its full text on my web site.
Honestly, I don't know whether the NDA is valid -- I don't have the legal knowledge. It may be valid, it may not be.
It makes no difference.
Microsoft has copyrighted the material; this is not in dispute. The copyright on that material is valid. Whether or not something is distributed free of charge has absolutely no effect on its copyright. If the local bookstore decides to give out copies of a book it has excess stock of for free, this in no way gives you the right to publish and sell your own version of the book. TV shows are offered to viewers for free; you can't tape a TV show and then rebroadcast it.
The material was copyrighted by Microsoft, and posting the material violated Microsoft's copyright. This is clear. Whether the links and circumvention information violated anything is less clear -- while I'm not sure if it was illegal, I am sure that it certainly should be legal. Reproducing copyrighted material and claiming freedom of speech, however, shows a complete ignorance of the meaning of freedom of speech. (Freedom of speech means that you can express any opinion of yours, but not that you can freely copy the work of others.)
No, you can't reproduce something without breaking copyright.
If you sneak a camcorder into a new movie, record it, and sell bootlegs videos of it on the street, whether you claim to own the material or not is irrelevant: you're still reproducing it illegally.
Nothing wrong with citing unless it's determined to be for the purpose of deliberately circumventing copyright law, but this MS document is considered a "trade secret" and you are expressly forbidden from distributing it at all.
OK, I'll feed this troll too.
Let's start with #2. The script was not embedded. (Outlook does have the capability to run scripts, but they are fully sandboxed.) WSH, which was used to run this script, is the Windows equivalent of Perl.
Neither #1 nor #3 are valid as they depend on an OS being difficult to use in a time where ease of use is one of the major targets for Linux. Linux's target is world domination; this involves being used by less-knowledgeable users.
The changes which the virus made to the registry could have been done without root privileges on unix. If I remember correctly, they were changing the browser home page and setting things to run on user login.
The damage done by the virus was done by doing three things:
- Reading your address book.
- Sending e-mails.
- Deleting or modifying documents (which would usually be in a home directory).
None of these require root.
It's true -- the scripting engine has no restraints placed on its behavior.
Neither does Perl. VBScript and Perl fill the exact same roles. (This was NOT an embedded script.)
No - no more so than in any other client.
Sorry, but this just isn't possible. Think about it:
- for most users, including myself, you have to run an attachment. If you look at the documents at CERT and the antivirus companies, you will see that they say that attachment-opening is required.
- The source code of the virus is available. It does no tricky security-bypassing things.
- There is no option in Outlook (Express 5 or 2000) to autorun attachments.
It's just not plausible that it would sometimes decide to run attachments (which didn't try to exploit any security bug) and sometimes not.
The attachment does not run within the client.
Allow me to repeat myself: The attachment does not run within the client..
VBS files are executable -- they run via the Windows Scripting Host. Outlook does not contain a VB exec engine. (Well, it kind of does -- it uses the IE html control quite a bit, and that uses a sandboxed VB engine.)
This particular virus will not spread without an outlook address book. (It will, however, infect your system.) But that's only because it was written for Outlook; it could be written for just about any other e-mail client. The VBScript has full filesystem and registry access, and with that you can read any setting from any program.
So, in other words, it is 100% possible without Outlook.
It applies to the process of encrypting data with the RSA algorithm. And yes, if someone finds a different way to encode to MP3, then patents will not apply. But nobody has found a different way, and it's unlikely that one will be found.
No, that's not it being in a preview window, that's a security bug (buffer overflow). Yes, MS software has tons of security bugs. (MS certainly doesn't have a monopoly on them, though.) This is not by design, though, and this virus doesn't exploit any bugs.
In the mean time, I'll show you some other security experts. For instance, there are the largest antivirus companies, McAfee (NAI) and Symantec (Norton).
To provide some quotes from these pages:
If the user runs the attachment the worm runs using the Windows Scripting Host program.
Payload trigger: On execution of email attachment
Seems like they're on my side. The CERT advisory doesn't explicitly say either way how the virus is executed, but it does tell users to exercise caution opening attachments, which implicitly says that opening an attachment is required.
Wrong. It will automatically run any code which IE would run in a web page -- HTML, safely sandboxed JavaScript. (It can be set to warn you, but this isn't the default.) It will NOT, however, run code which modifies your system files, like this virus/trojan; users have to run that themselves.
Really? Please tell me which of the trojan's actions require root. Your choices are:
1) Reading the user's address book.
2) Sending e-mail.
3) Deleting/modifying user documents.
This one's easy. Because the virus was written to use Outlook. Why? Because Outlook has the most market share. If Netscape has the most market share, the virus would have been written to use Netscape. The virus does not exploit any Outlook security holes.
So computers should be made purposefully made more difficult to use? You know, tons of people die in car accidents every year; why don't we have cars require you to answer a multiple-choice American History question and then perform 60 push-ups before they will turn on?
Making things easy is a very good thing. If I had to write all scripts in x86 assembler rather than in Perl, I would not be happy. Yes, it would prevent buggy Perl scripts, but it would also unnecessarily restrict the use of computers to those with a great deal of previous knowledge. Or, in short, saying that things should be made purposefully hard to keep away the unwashed masses is elitist crap.
Could I suggest the same? Please look into what this virus does -- it reads your address book, sends e-mail, and deletes personal documents. Could you please tell me which of these tasks would require root privileges?
Please say what you mean by "easily-exploitable"; simply saying that software can be easily exploited does not make it so. Without examples, this is all just empty rhetoric.
I don't think that the preview pane is a security risk. Plenty of IT professionals use it. Why? Because the preview pane will not run this virus. Users have to run the attachment manually.