Are owners of botnetted computers culpable? [modified]
-
You shouldn't punish the innocent. But cutting off their service sounds like a good idea. That would prompt a call to their ISP and they can inform the of the problem on their computer and start shutting down the botnet.
Bert delaVega wrote:
You shouldn't punish the innocent. But cutting off their service sounds like a good idea.
So, we should punish them? :confused:
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
-
You shouldn't punish the innocent. But cutting off their service sounds like a good idea. That would prompt a call to their ISP and they can inform the of the problem on their computer and start shutting down the botnet.
How are they innocent? If you brought a chainsaw and used it improperly without a safety guard and accidentally killed someone, you would be responsible for not following the safety guidelines.
Simon
-
Gunni wrote:
Are owners of botnetted computers culpable?
Are the builders of paved roads culpable for the constant proliferation of accidents on the highways. If we were still driving dirt roads we would rarely reach speeds capable of such insane destruction as a head-on at 75mph (each direction). What do you think of stopping paying taxes to support this continuation of high speed accidents? Ultimately I think the creator of the botnet, the writers of viruses, spam-bots, spy-ware, scum-ware, etc. should be ultimately culpable for the entire sum total cost/damage of their creations. The carriers, we as professionals can try to help, but it is pretty hard to haul granma jo at 75years of age out of her cooking forum and put her in jail because she only knows how to click on the link to that cooking forum.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
El Corazon wrote:
Are the builders of paved roads culpable for the constant proliferation of accidents on the highways.
more like: are people who leave their cars running, unlocked and unwatched responsible when strangers use those cars in illegal activities ? possibly. or, even better: are someone who leaves a loaded gun unsupervised in public responsible if someone else uses that gun in a crime ? yes. at some point, negligence itself becomes a crime.
-
I thought I might get a reply along those lines so let me clarify. First of all your comparison is not really accurate is it? What you are saying is that we should blame the makers of the computers that are used in botnets. What I'm saying is that the posession of something potentially destructive carries with it a certain responsibility. I'm not saying we should start issuing computer licenses (although I know some service techs who would love that) but if I leave a weapon (or some other dangerous object) lying around where anyone can get to it and that object is used in the commission of a crime should I not be reprimanded or at least given a stern talking to for my negligence? And if granny can't be bothered to learn even the very basics of computer safety she probably shouldn't be using one (identity theft via phishing is a very real problem).
It depends. Let's say you left the gun outside on a picnic table in the park and someone took it and committed a felony. Are you negligent? Yes. Now, say you have a gun in a lockbox in your home and someone breaks in, steals it, then uses it to commit a felony. Are you negligent? No. But, something like gun ownership requires owner responsibility because it's main purpose is for protecting, intimidating, damaging, injuring or killing. The primary purpose of a computer isn't any of those so it shouldn't be compared.
-
What do you guys think? Should people who through their own inaction or ignorance let their computers become a part of a botnet be made responsible for part of the damage their computers help to cause? It's a pretty tricky question because obviously the people themselves are not doing anything illegal (at least for now). Also, what do you think of making it mandatory for ISP's to cut off internet service temporarily (until they get rid of the infection) to those computers that are being used to attack businesses and cause millions of dollars worth of damage? What other ways do you see for stopping the proliferation of botnets? --Edit: Typos
modified on Tuesday, May 6, 2008 10:30 AM
No, the people who wrote the trojan or virus that infected the computer are responsible. But, I don't have a problem with an ISP cutting off their connectivity until it is corrected. Also, at least in my part of the world, ISPs seem to be taking a proactive approach and offering free or discounted anti-malware products.
`
-
What do you guys think? Should people who through their own inaction or ignorance let their computers become a part of a botnet be made responsible for part of the damage their computers help to cause? It's a pretty tricky question because obviously the people themselves are not doing anything illegal (at least for now). Also, what do you think of making it mandatory for ISP's to cut off internet service temporarily (until they get rid of the infection) to those computers that are being used to attack businesses and cause millions of dollars worth of damage? What other ways do you see for stopping the proliferation of botnets? --Edit: Typos
modified on Tuesday, May 6, 2008 10:30 AM
Why don't we kick off all the computers that are not protected against the bot. Or maybe redirect them to update.microsoft.com That would protect the innocent. Once they have the proper updates , then they can come online and play safely :) Then people with bots won't be hurting anybody! Hogan
-
Not responsible, but I like the idea of cutting off their internet access until they fix the problem. Maybe we need internationally recognised training courses, and a license to operate.
Simon
Simon Stevens wrote:
Maybe we need internationally recognised training courses, and a license to operate.
Hogwash, the home computer was made and designed for Joe Consumer not Joe Programmer with a Degree. They have tech support for setting up your computer so it will fend off these annoyances. Granny just wants to go to her favorite site. My wife is the same way, so I make everything work right for her.
"I'm not altogether all together."
-
What do you guys think? Should people who through their own inaction or ignorance let their computers become a part of a botnet be made responsible for part of the damage their computers help to cause? It's a pretty tricky question because obviously the people themselves are not doing anything illegal (at least for now). Also, what do you think of making it mandatory for ISP's to cut off internet service temporarily (until they get rid of the infection) to those computers that are being used to attack businesses and cause millions of dollars worth of damage? What other ways do you see for stopping the proliferation of botnets? --Edit: Typos
modified on Tuesday, May 6, 2008 10:30 AM
I agree with the idea of cutting off service as long as: 1. The ISP provides links to all appropriate patches 2. The ISP doesn't charge data costs to download these patches 3. The ISP provides simple instructions on what to do. All these (apart from the not charging bit) should be fairly easy to do if the ISP is able to detect the nature of the infection based on traffic patterns and network sniffing. Which prompts the question: Should an ISP have the right to packet sniff if it suspects an infected machine?
cheers, Chris Maunder
CodeProject.com : C++ MVP
-
I thought I might get a reply along those lines so let me clarify. First of all your comparison is not really accurate is it? What you are saying is that we should blame the makers of the computers that are used in botnets. What I'm saying is that the posession of something potentially destructive carries with it a certain responsibility. I'm not saying we should start issuing computer licenses (although I know some service techs who would love that) but if I leave a weapon (or some other dangerous object) lying around where anyone can get to it and that object is used in the commission of a crime should I not be reprimanded or at least given a stern talking to for my negligence? And if granny can't be bothered to learn even the very basics of computer safety she probably shouldn't be using one (identity theft via phishing is a very real problem).
Gunni wrote:
And if granny can't be bothered to learn even the very basics of computer safety she probably shouldn't be using one
she shouldn't have to. That's why there's virus scans, spyblockers, phishing filters, etc that run on auto and tech support to set it up and help when a problem arises. If set up properly a computer will not have these troubles and granny doesn't need to know jack except how to get to her favorite site. That's what I did for my wife.
"I'm not altogether all together."
-
You shouldn't punish the innocent. But cutting off their service sounds like a good idea. That would prompt a call to their ISP and they can inform the of the problem on their computer and start shutting down the botnet.
Yep, cut off their internet until they go online and download a anti virus to remove the bots! Oh wait... :laugh:
-
How are they innocent? If you brought a chainsaw and used it improperly without a safety guard and accidentally killed someone, you would be responsible for not following the safety guidelines.
Simon
But if someone uses your chainsaw to do that without your permission you aren't.
-
El Corazon wrote:
Are the builders of paved roads culpable for the constant proliferation of accidents on the highways. If we were still driving dirt roads we would rarely reach speeds capable of such insane destruction as a head-on at 75mph (each direction). What do you think of stopping paying taxes to support this continuation of high speed accidents?
I think this comparison is flawed. You can't compare computer users to the "builders of paved roads", that's the builders of the network infrastructure. Computer users could be compared to drivers who are unaware of how to properly operate a car. They own a car/computer, they use it on public roads/internet. Not following established safety procedures or ignoring warning signs can cause damage to both the owners car/computer and other peoples. Drivers/owners who don't drive/browse safely should be made 100% responsible for any damage caused whilst they are driving. Perhaps we need a similar quality control system to driving. potential computer users should be trained and required to pass a test and hold a license before being allowed to go on-line.
Simon
Simon Stevens wrote:
I think this comparison is flawed. You can't compare computer users to the "builders of paved roads", that's the builders of the network infrastructure.
exactly my point. We built the infrastructure of the internet, bit by bit, byte by byte, we fooled ourselves into thinking that we could write idiot proof programs, and the universe simply made better idiots. The comparison isn't flawed, you didn't take it far enough. The original comparison would be holding the person who is victim of a headon responsible for simply being on the highway and minding their own business unaware that there is a drunk on the road out to do someone harm. The drunk, isn't responsible, obviously because the botnet writers aren't responsible, therefore because the one person is somehow unaware they are suddenly responsible. But isn't it US that was unaware? We want to blame the user, to deflect blame. I don't want the blame anymore than any of us, so I say hold the perpetrator responsible, but if you say hold the user responsible, then ultimately WE as programmers, the builders of the infrastructure that makes more users are responsible. I don't think it should be that way. hold the perpetrator of the crime responsible for the total sum damage in time/money/equipment/hours.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
I agree with the idea of cutting off service as long as: 1. The ISP provides links to all appropriate patches 2. The ISP doesn't charge data costs to download these patches 3. The ISP provides simple instructions on what to do. All these (apart from the not charging bit) should be fairly easy to do if the ISP is able to detect the nature of the infection based on traffic patterns and network sniffing. Which prompts the question: Should an ISP have the right to packet sniff if it suspects an infected machine?
cheers, Chris Maunder
CodeProject.com : C++ MVP
Chris Maunder wrote:
Should an ISP have the right to packet sniff if it suspects an infected machine?
Excellent point. Maybe it should be left at the level of symptoms of a breach and left to the user to rectify. Once you get to the packet level, it becomes a privacy issue that could violate the terms you agreed to with the ISP.
-
I agree with the idea of cutting off service as long as: 1. The ISP provides links to all appropriate patches 2. The ISP doesn't charge data costs to download these patches 3. The ISP provides simple instructions on what to do. All these (apart from the not charging bit) should be fairly easy to do if the ISP is able to detect the nature of the infection based on traffic patterns and network sniffing. Which prompts the question: Should an ISP have the right to packet sniff if it suspects an infected machine?
cheers, Chris Maunder
CodeProject.com : C++ MVP
Hey Chris, see my previous post to Chris Austin. I was replying to your post and it posted the reply on his instead. I used the quote function so I know it's a bug. I had this happen this morning on an article comment reply. At the time I thought I screwed up but now I think there's a bug.
-
Bert delaVega wrote:
You shouldn't punish the innocent. But cutting off their service sounds like a good idea.
So, we should punish them? :confused:
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
-
El Corazon wrote:
Are the builders of paved roads culpable for the constant proliferation of accidents on the highways.
more like: are people who leave their cars running, unlocked and unwatched responsible when strangers use those cars in illegal activities ? possibly. or, even better: are someone who leaves a loaded gun unsupervised in public responsible if someone else uses that gun in a crime ? yes. at some point, negligence itself becomes a crime.
Chris Losinger wrote:
at some point, negligence itself becomes a crime.
I was waiting for that. Then we are ultimately responsible. Did not we, collectively, as programmers leave the gun in the hands of the user, loaded, unlocked and ready to be used? Did not we, collectively, as programmers thinking ultimately in our power of making idiot proof programs, leave cars always on, always running, always unlocked and ready to be used? You can't take the one step without taking the next. If you want to blame the users for not being as smart as us, perhaps you should blame us for not being smart enough to realize they are NOT as smart as us! Let me see a show of hands who belives there are not idiots in the world? Anyone? Does anyone here actually believe that they do not exist? No. Yet we wrote the software full of holes, hand them to the user without the knowledge of how to lock them up. If you hand a gun to a grown up with the full knowledge of how to use it, you have committed no crime. But have not we, collectively, as programmers handed guns, cars, even mack-trucks to children some who would not even qualify as pre-school in the comparative culture of computer experience? So who ultimately is to blame? these children? us? or the criminals who took advantage of them? Ultimately I think the criminals, but if you want to look around for blame, there is more than enough to share with the users, grab some, there's more than enough to go around. :-D
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
No, the people who wrote the trojan or virus that infected the computer are responsible. But, I don't have a problem with an ISP cutting off their connectivity until it is corrected. Also, at least in my part of the world, ISPs seem to be taking a proactive approach and offering free or discounted anti-malware products.
`
Sorry. My reply was meant for Chris. Something's not right. While I'm here, the reason a lot of ISP's are active in thwarting these things is that the risk being cut off at the trunk end which would devastate their business.
-
No, cutting off the service it's not a punishment, it's our self-defence.
-- Jarek Andrzejewski
Still punishment for the innocent.
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
-
Gunni wrote:
And if granny can't be bothered to learn even the very basics of computer safety she probably shouldn't be using one
she shouldn't have to. That's why there's virus scans, spyblockers, phishing filters, etc that run on auto and tech support to set it up and help when a problem arises. If set up properly a computer will not have these troubles and granny doesn't need to know jack except how to get to her favorite site. That's what I did for my wife.
"I'm not altogether all together."
justfunnin wrote:
That's what I did for my wife.
As have I, for many people. I have taken a pro-active approach, I try to help folks get their machines fixed. A diet-coke here and there in barter for my time. The better way is instead of blaming, help them get the machines fixed. There is more than enough blame to share, so just help solve the problem. :)
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
Simon Stevens wrote:
Maybe we need internationally recognised training courses, and a license to operate.
Hogwash, the home computer was made and designed for Joe Consumer not Joe Programmer with a Degree. They have tech support for setting up your computer so it will fend off these annoyances. Granny just wants to go to her favorite site. My wife is the same way, so I make everything work right for her.
"I'm not altogether all together."
justfunnin wrote:
Granny just wants to go to her favorite site.
Darn lots of granny's now. :-D
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."