Are owners of botnetted computers culpable? [modified]
-
What do you guys think? Should people who through their own inaction or ignorance let their computers become a part of a botnet be made responsible for part of the damage their computers help to cause? It's a pretty tricky question because obviously the people themselves are not doing anything illegal (at least for now). Also, what do you think of making it mandatory for ISP's to cut off internet service temporarily (until they get rid of the infection) to those computers that are being used to attack businesses and cause millions of dollars worth of damage? What other ways do you see for stopping the proliferation of botnets? --Edit: Typos
modified on Tuesday, May 6, 2008 10:30 AM
You shouldn't punish the innocent. But cutting off their service sounds like a good idea. That would prompt a call to their ISP and they can inform the of the problem on their computer and start shutting down the botnet.
-
What do you guys think? Should people who through their own inaction or ignorance let their computers become a part of a botnet be made responsible for part of the damage their computers help to cause? It's a pretty tricky question because obviously the people themselves are not doing anything illegal (at least for now). Also, what do you think of making it mandatory for ISP's to cut off internet service temporarily (until they get rid of the infection) to those computers that are being used to attack businesses and cause millions of dollars worth of damage? What other ways do you see for stopping the proliferation of botnets? --Edit: Typos
modified on Tuesday, May 6, 2008 10:30 AM
Gunni wrote:
Are owners of botnetted computers culpable?
Are the builders of paved roads culpable for the constant proliferation of accidents on the highways. If we were still driving dirt roads we would rarely reach speeds capable of such insane destruction as a head-on at 75mph (each direction). What do you think of stopping paying taxes to support this continuation of high speed accidents? Ultimately I think the creator of the botnet, the writers of viruses, spam-bots, spy-ware, scum-ware, etc. should be ultimately culpable for the entire sum total cost/damage of their creations. The carriers, we as professionals can try to help, but it is pretty hard to haul granma jo at 75years of age out of her cooking forum and put her in jail because she only knows how to click on the link to that cooking forum.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
What do you guys think? Should people who through their own inaction or ignorance let their computers become a part of a botnet be made responsible for part of the damage their computers help to cause? It's a pretty tricky question because obviously the people themselves are not doing anything illegal (at least for now). Also, what do you think of making it mandatory for ISP's to cut off internet service temporarily (until they get rid of the infection) to those computers that are being used to attack businesses and cause millions of dollars worth of damage? What other ways do you see for stopping the proliferation of botnets? --Edit: Typos
modified on Tuesday, May 6, 2008 10:30 AM
Not responsible, but I like the idea of cutting off their internet access until they fix the problem. Maybe we need internationally recognised training courses, and a license to operate.
Simon
-
Gunni wrote:
Are owners of botnetted computers culpable?
Are the builders of paved roads culpable for the constant proliferation of accidents on the highways. If we were still driving dirt roads we would rarely reach speeds capable of such insane destruction as a head-on at 75mph (each direction). What do you think of stopping paying taxes to support this continuation of high speed accidents? Ultimately I think the creator of the botnet, the writers of viruses, spam-bots, spy-ware, scum-ware, etc. should be ultimately culpable for the entire sum total cost/damage of their creations. The carriers, we as professionals can try to help, but it is pretty hard to haul granma jo at 75years of age out of her cooking forum and put her in jail because she only knows how to click on the link to that cooking forum.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
El Corazon wrote:
Are the builders of paved roads culpable for the constant proliferation of accidents on the highways. If we were still driving dirt roads we would rarely reach speeds capable of such insane destruction as a head-on at 75mph (each direction). What do you think of stopping paying taxes to support this continuation of high speed accidents?
I think this comparison is flawed. You can't compare computer users to the "builders of paved roads", that's the builders of the network infrastructure. Computer users could be compared to drivers who are unaware of how to properly operate a car. They own a car/computer, they use it on public roads/internet. Not following established safety procedures or ignoring warning signs can cause damage to both the owners car/computer and other peoples. Drivers/owners who don't drive/browse safely should be made 100% responsible for any damage caused whilst they are driving. Perhaps we need a similar quality control system to driving. potential computer users should be trained and required to pass a test and hold a license before being allowed to go on-line.
Simon
-
Gunni wrote:
Are owners of botnetted computers culpable?
Are the builders of paved roads culpable for the constant proliferation of accidents on the highways. If we were still driving dirt roads we would rarely reach speeds capable of such insane destruction as a head-on at 75mph (each direction). What do you think of stopping paying taxes to support this continuation of high speed accidents? Ultimately I think the creator of the botnet, the writers of viruses, spam-bots, spy-ware, scum-ware, etc. should be ultimately culpable for the entire sum total cost/damage of their creations. The carriers, we as professionals can try to help, but it is pretty hard to haul granma jo at 75years of age out of her cooking forum and put her in jail because she only knows how to click on the link to that cooking forum.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
I thought I might get a reply along those lines so let me clarify. First of all your comparison is not really accurate is it? What you are saying is that we should blame the makers of the computers that are used in botnets. What I'm saying is that the posession of something potentially destructive carries with it a certain responsibility. I'm not saying we should start issuing computer licenses (although I know some service techs who would love that) but if I leave a weapon (or some other dangerous object) lying around where anyone can get to it and that object is used in the commission of a crime should I not be reprimanded or at least given a stern talking to for my negligence? And if granny can't be bothered to learn even the very basics of computer safety she probably shouldn't be using one (identity theft via phishing is a very real problem).
-
You shouldn't punish the innocent. But cutting off their service sounds like a good idea. That would prompt a call to their ISP and they can inform the of the problem on their computer and start shutting down the botnet.
Bert delaVega wrote:
You shouldn't punish the innocent. But cutting off their service sounds like a good idea.
So, we should punish them? :confused:
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
-
You shouldn't punish the innocent. But cutting off their service sounds like a good idea. That would prompt a call to their ISP and they can inform the of the problem on their computer and start shutting down the botnet.
How are they innocent? If you brought a chainsaw and used it improperly without a safety guard and accidentally killed someone, you would be responsible for not following the safety guidelines.
Simon
-
Gunni wrote:
Are owners of botnetted computers culpable?
Are the builders of paved roads culpable for the constant proliferation of accidents on the highways. If we were still driving dirt roads we would rarely reach speeds capable of such insane destruction as a head-on at 75mph (each direction). What do you think of stopping paying taxes to support this continuation of high speed accidents? Ultimately I think the creator of the botnet, the writers of viruses, spam-bots, spy-ware, scum-ware, etc. should be ultimately culpable for the entire sum total cost/damage of their creations. The carriers, we as professionals can try to help, but it is pretty hard to haul granma jo at 75years of age out of her cooking forum and put her in jail because she only knows how to click on the link to that cooking forum.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
El Corazon wrote:
Are the builders of paved roads culpable for the constant proliferation of accidents on the highways.
more like: are people who leave their cars running, unlocked and unwatched responsible when strangers use those cars in illegal activities ? possibly. or, even better: are someone who leaves a loaded gun unsupervised in public responsible if someone else uses that gun in a crime ? yes. at some point, negligence itself becomes a crime.
-
I thought I might get a reply along those lines so let me clarify. First of all your comparison is not really accurate is it? What you are saying is that we should blame the makers of the computers that are used in botnets. What I'm saying is that the posession of something potentially destructive carries with it a certain responsibility. I'm not saying we should start issuing computer licenses (although I know some service techs who would love that) but if I leave a weapon (or some other dangerous object) lying around where anyone can get to it and that object is used in the commission of a crime should I not be reprimanded or at least given a stern talking to for my negligence? And if granny can't be bothered to learn even the very basics of computer safety she probably shouldn't be using one (identity theft via phishing is a very real problem).
It depends. Let's say you left the gun outside on a picnic table in the park and someone took it and committed a felony. Are you negligent? Yes. Now, say you have a gun in a lockbox in your home and someone breaks in, steals it, then uses it to commit a felony. Are you negligent? No. But, something like gun ownership requires owner responsibility because it's main purpose is for protecting, intimidating, damaging, injuring or killing. The primary purpose of a computer isn't any of those so it shouldn't be compared.
-
What do you guys think? Should people who through their own inaction or ignorance let their computers become a part of a botnet be made responsible for part of the damage their computers help to cause? It's a pretty tricky question because obviously the people themselves are not doing anything illegal (at least for now). Also, what do you think of making it mandatory for ISP's to cut off internet service temporarily (until they get rid of the infection) to those computers that are being used to attack businesses and cause millions of dollars worth of damage? What other ways do you see for stopping the proliferation of botnets? --Edit: Typos
modified on Tuesday, May 6, 2008 10:30 AM
No, the people who wrote the trojan or virus that infected the computer are responsible. But, I don't have a problem with an ISP cutting off their connectivity until it is corrected. Also, at least in my part of the world, ISPs seem to be taking a proactive approach and offering free or discounted anti-malware products.
`
-
What do you guys think? Should people who through their own inaction or ignorance let their computers become a part of a botnet be made responsible for part of the damage their computers help to cause? It's a pretty tricky question because obviously the people themselves are not doing anything illegal (at least for now). Also, what do you think of making it mandatory for ISP's to cut off internet service temporarily (until they get rid of the infection) to those computers that are being used to attack businesses and cause millions of dollars worth of damage? What other ways do you see for stopping the proliferation of botnets? --Edit: Typos
modified on Tuesday, May 6, 2008 10:30 AM
Why don't we kick off all the computers that are not protected against the bot. Or maybe redirect them to update.microsoft.com That would protect the innocent. Once they have the proper updates , then they can come online and play safely :) Then people with bots won't be hurting anybody! Hogan
-
Not responsible, but I like the idea of cutting off their internet access until they fix the problem. Maybe we need internationally recognised training courses, and a license to operate.
Simon
Simon Stevens wrote:
Maybe we need internationally recognised training courses, and a license to operate.
Hogwash, the home computer was made and designed for Joe Consumer not Joe Programmer with a Degree. They have tech support for setting up your computer so it will fend off these annoyances. Granny just wants to go to her favorite site. My wife is the same way, so I make everything work right for her.
"I'm not altogether all together."
-
What do you guys think? Should people who through their own inaction or ignorance let their computers become a part of a botnet be made responsible for part of the damage their computers help to cause? It's a pretty tricky question because obviously the people themselves are not doing anything illegal (at least for now). Also, what do you think of making it mandatory for ISP's to cut off internet service temporarily (until they get rid of the infection) to those computers that are being used to attack businesses and cause millions of dollars worth of damage? What other ways do you see for stopping the proliferation of botnets? --Edit: Typos
modified on Tuesday, May 6, 2008 10:30 AM
I agree with the idea of cutting off service as long as: 1. The ISP provides links to all appropriate patches 2. The ISP doesn't charge data costs to download these patches 3. The ISP provides simple instructions on what to do. All these (apart from the not charging bit) should be fairly easy to do if the ISP is able to detect the nature of the infection based on traffic patterns and network sniffing. Which prompts the question: Should an ISP have the right to packet sniff if it suspects an infected machine?
cheers, Chris Maunder
CodeProject.com : C++ MVP
-
I thought I might get a reply along those lines so let me clarify. First of all your comparison is not really accurate is it? What you are saying is that we should blame the makers of the computers that are used in botnets. What I'm saying is that the posession of something potentially destructive carries with it a certain responsibility. I'm not saying we should start issuing computer licenses (although I know some service techs who would love that) but if I leave a weapon (or some other dangerous object) lying around where anyone can get to it and that object is used in the commission of a crime should I not be reprimanded or at least given a stern talking to for my negligence? And if granny can't be bothered to learn even the very basics of computer safety she probably shouldn't be using one (identity theft via phishing is a very real problem).
Gunni wrote:
And if granny can't be bothered to learn even the very basics of computer safety she probably shouldn't be using one
she shouldn't have to. That's why there's virus scans, spyblockers, phishing filters, etc that run on auto and tech support to set it up and help when a problem arises. If set up properly a computer will not have these troubles and granny doesn't need to know jack except how to get to her favorite site. That's what I did for my wife.
"I'm not altogether all together."
-
You shouldn't punish the innocent. But cutting off their service sounds like a good idea. That would prompt a call to their ISP and they can inform the of the problem on their computer and start shutting down the botnet.
Yep, cut off their internet until they go online and download a anti virus to remove the bots! Oh wait... :laugh:
-
How are they innocent? If you brought a chainsaw and used it improperly without a safety guard and accidentally killed someone, you would be responsible for not following the safety guidelines.
Simon
But if someone uses your chainsaw to do that without your permission you aren't.
-
El Corazon wrote:
Are the builders of paved roads culpable for the constant proliferation of accidents on the highways. If we were still driving dirt roads we would rarely reach speeds capable of such insane destruction as a head-on at 75mph (each direction). What do you think of stopping paying taxes to support this continuation of high speed accidents?
I think this comparison is flawed. You can't compare computer users to the "builders of paved roads", that's the builders of the network infrastructure. Computer users could be compared to drivers who are unaware of how to properly operate a car. They own a car/computer, they use it on public roads/internet. Not following established safety procedures or ignoring warning signs can cause damage to both the owners car/computer and other peoples. Drivers/owners who don't drive/browse safely should be made 100% responsible for any damage caused whilst they are driving. Perhaps we need a similar quality control system to driving. potential computer users should be trained and required to pass a test and hold a license before being allowed to go on-line.
Simon
Simon Stevens wrote:
I think this comparison is flawed. You can't compare computer users to the "builders of paved roads", that's the builders of the network infrastructure.
exactly my point. We built the infrastructure of the internet, bit by bit, byte by byte, we fooled ourselves into thinking that we could write idiot proof programs, and the universe simply made better idiots. The comparison isn't flawed, you didn't take it far enough. The original comparison would be holding the person who is victim of a headon responsible for simply being on the highway and minding their own business unaware that there is a drunk on the road out to do someone harm. The drunk, isn't responsible, obviously because the botnet writers aren't responsible, therefore because the one person is somehow unaware they are suddenly responsible. But isn't it US that was unaware? We want to blame the user, to deflect blame. I don't want the blame anymore than any of us, so I say hold the perpetrator responsible, but if you say hold the user responsible, then ultimately WE as programmers, the builders of the infrastructure that makes more users are responsible. I don't think it should be that way. hold the perpetrator of the crime responsible for the total sum damage in time/money/equipment/hours.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
I agree with the idea of cutting off service as long as: 1. The ISP provides links to all appropriate patches 2. The ISP doesn't charge data costs to download these patches 3. The ISP provides simple instructions on what to do. All these (apart from the not charging bit) should be fairly easy to do if the ISP is able to detect the nature of the infection based on traffic patterns and network sniffing. Which prompts the question: Should an ISP have the right to packet sniff if it suspects an infected machine?
cheers, Chris Maunder
CodeProject.com : C++ MVP
Chris Maunder wrote:
Should an ISP have the right to packet sniff if it suspects an infected machine?
Excellent point. Maybe it should be left at the level of symptoms of a breach and left to the user to rectify. Once you get to the packet level, it becomes a privacy issue that could violate the terms you agreed to with the ISP.
-
I agree with the idea of cutting off service as long as: 1. The ISP provides links to all appropriate patches 2. The ISP doesn't charge data costs to download these patches 3. The ISP provides simple instructions on what to do. All these (apart from the not charging bit) should be fairly easy to do if the ISP is able to detect the nature of the infection based on traffic patterns and network sniffing. Which prompts the question: Should an ISP have the right to packet sniff if it suspects an infected machine?
cheers, Chris Maunder
CodeProject.com : C++ MVP
Hey Chris, see my previous post to Chris Austin. I was replying to your post and it posted the reply on his instead. I used the quote function so I know it's a bug. I had this happen this morning on an article comment reply. At the time I thought I screwed up but now I think there's a bug.
-
Bert delaVega wrote:
You shouldn't punish the innocent. But cutting off their service sounds like a good idea.
So, we should punish them? :confused:
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.