Les <hlhowell@xxxxxxxxxxx> wrote:
One thing missing in this discussion is the scale of costs. No
individual, outside of maybe Bill Gates could begin to repay for the
damage caused by a rogue computer spreading a virus. Nor can one
individual be even considered of being capable of patching a flaw in a
piece of readily available software of proprietary nature (remember that
"reverse engineering" is banned by most user license agreements.) So
lets say you get a law passed that puts the onus on an individual. You
get hacked, and the hacker uses a bit of code inside your system to
"spiff up" his latest virus/worm program. Your name is in the code
(courtesy of the memory map when your bit was built). Now that code
breaks out and infects 200,000 systems, bringing them to their knees.
You had all the good AV stuff installed, the system had a firewall, but
this particular hacker managed to slip by
As I have mentioned several times in my postings on this subject, the
law usually considers whether you have taken "reasonable and customary"
measures to protect against such things. Especially, see my previous
posting regarding a joyrider stealing a car.
Self-propagating viruses act a lot like the real thing. It doesn't take
a 100 percent inoculation rate to stop a real virus from spreading; only
getting enough of the population protected that the probability that the
infection can spread is low. One of the problems is that way too many
computer users don't understand their vulnerability and how harmful
having a vulnerable system is. This is what needs to change.
We've already seen a number of attack vectors go out of favor as a
certain large software vendor has patched the security holes in it's
operating system and other products. If a significantly larger
percentage of users were to install effective AV software, the problem
would drop significantly. I'm not saying it would go away but we would
probably see the people who write such software look to other
approaches. Some of these might initially be successful but having a
larger percentage of systems running effective AV software would mean
that such problems would rapidly be contained.
It would be nice if that same software vendor were to tighten up their
product rather than rely on after the fact patches like AV software.
Being as how their behavior has barely changed in over 25 years, I'm not
holding my breath.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
