Les wrote:
On Wed, 2007-05-30 at 08:02 -0600, David G. Miller wrote:
Les <hlhowell@xxxxxxxxxxx <mailto:hlhowell@xxxxxxxxxxx>> wrote:
> One thing missing in this discussion is the scale of costs. No
> individual, outside of maybe Bill Gates could begin to repay for the
> damage caused by a rogue computer spreading a virus. Nor can one
> individual be even considered of being capable of patching a flaw in a
> piece of readily available software of proprietary nature (remember that
> "reverse engineering" is banned by most user license agreements.) So
> lets say you get a law passed that puts the onus on an individual. You
> get hacked, and the hacker uses a bit of code inside your system to
> "spiff up" his latest virus/worm program. Your name is in the code
> (courtesy of the memory map when your bit was built). Now that code
> breaks out and infects 200,000 systems, bringing them to their knees.
> You had all the good AV stuff installed, the system had a firewall, but
> this particular hacker managed to slip by
As I have mentioned several times in my postings on this subject, the
law usually considers whether you have taken "reasonable and customary"
measures to protect against such things. Especially, see my previous
posting regarding a joyrider stealing a car.
Self-propagating viruses act a lot like the real thing. It doesn't take
a 100 percent inoculation rate to stop a real virus from spreading; only
getting enough of the population protected that the probability that the
infection can spread is low. One of the problems is that way too many
computer users don't understand their vulnerability and how harmful
having a vulnerable system is. This is what needs to change.
We've already seen a number of attack vectors go out of favor as a
certain large software vendor has patched the security holes in it's
operating system and other products. If a significantly larger
percentage of users were to install effective AV software, the problem
would drop significantly. I'm not saying it would go away but we would
probably see the people who write such software look to other
approaches. Some of these might initially be successful but having a
larger percentage of systems running effective AV software would mean
that such problems would rapidly be contained.
It would be nice if that same software vendor were to tighten up their
product rather than rely on after the fact patches like AV software.
Being as how their behavior has barely changed in over 25 years, I'm not
holding my breath.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
Agreed, but when schools are dropping laptop support because they say
it "impeded education", how on earth can we get people educated about
what the computer can and cannot do, and how to use it appropriately.
There are basic skills necessary for life in the modern world,
such as taxes, driving, and computing among others that are poorly
addressed by our schools. Not just in the US, but world wide from
what I can tell. How will that change by passing a law that
persecutes people for ignorance when the folks responsible for
removing ignroance don't have the basic knowledge required?
Regards,
Les H
Ignorance - a crime against humanity,
have to admit it has a bit of a nice feel with it.
