Are owners of botnetted computers culpable? [modified]
-
What do you guys think? Should people who through their own inaction or ignorance let their computers become a part of a botnet be made responsible for part of the damage their computers help to cause? It's a pretty tricky question because obviously the people themselves are not doing anything illegal (at least for now). Also, what do you think of making it mandatory for ISP's to cut off internet service temporarily (until they get rid of the infection) to those computers that are being used to attack businesses and cause millions of dollars worth of damage? What other ways do you see for stopping the proliferation of botnets? --Edit: Typos
modified on Tuesday, May 6, 2008 10:30 AM
No. While reasoning by analogy is suspect, I think it can be applied here for thinking about the problem. A botnet functions by stealing computing and network resources from its constituent machines. The owner would be liable only if you could prove that they willfuly failed to perform due diligence. Here's the analogy: Your car gets stolen. The thieves hit and kill a pedestrian. Are you therefore guilty of vehicular homicide? The answer of course is no, unless you deliberately left the car unlocked and the keys inside in the hope that it would be stolen. I think the real solution is to find the authors/creators/controllers of the botnet, and then mount their heads on pikes outside the castle walls as a warning to others.
Software Zen:
delete this; -
El Corazon wrote:
You are saying because they are lied to, that they must somehow break through the lie, and learn as much as we do, or they are ultimately responsible for everything that happens with their computer?
no, not "as much as we do" - there's no need for them to know C# - simply enough to protect themselves. and yes, they should be held responsible, just as people are held responsible for not connecting unsafe devices to the phone lines, or the cable jack, gas line, water line, AC outlets, etc.. mess up and take out your local substation or burn your apartment building down, you get fined or sued or lose your service, etc.. a computer that's connected to the internet is a tool with a huge capacity for abuse; and i'm not going to absolve people of their responsibility to see that that tool is secure and un-compromised.
El Corazon wrote:
It doesn't matter how you phrase it, we, collectively as programmers, still as a majority refuse to secure our software products, because we have this grandoise view that we, collectively, have absolutely no responsibility at all in any of this business.
if users aren't responsible for the problem, there's no reason they should choose "secure" software over insecure software, nor is there any reason they should even bother knowing the difference. why choose one program over another on the basis of security, if there's no repercussion or penalty for running an insecure system ?
Chris Losinger wrote:
a computer that's connected to the internet is a tool with a huge capacity for abuse; and i'm not going to absolve people of their responsibility to see that that tool is secure and un-compromised.
but WE, as programmers, and salesmen tell them that they CAN do this, so it still doesn't apply they are doing exactly as someone tells them they should, while other people may or may not tell them something else. The first message they receive, and may never receive another, is that the computer is 100% safe and easy to use. They listened, and you want to punish them for listening? should they doubt everyone? why should they listen to us then?
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
No. While reasoning by analogy is suspect, I think it can be applied here for thinking about the problem. A botnet functions by stealing computing and network resources from its constituent machines. The owner would be liable only if you could prove that they willfuly failed to perform due diligence. Here's the analogy: Your car gets stolen. The thieves hit and kill a pedestrian. Are you therefore guilty of vehicular homicide? The answer of course is no, unless you deliberately left the car unlocked and the keys inside in the hope that it would be stolen. I think the real solution is to find the authors/creators/controllers of the botnet, and then mount their heads on pikes outside the castle walls as a warning to others.
Software Zen:
delete this;Gary Wheeler wrote:
The answer of course is no, unless you deliberately left the car unlocked and the keys inside in the hope that it would be stolen.
and if we sold them a car that could not be locked without expertise they do not have, do not know how to get, or have to be charged an extra fee to use day to day, week to week, who is responsible? The person for refusing to accept a protection racket?
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
No, I'm saying that if you build a chainsaw, it's a dangerous tool, so when you sell it, you stick a big warning on it that says "don't leave this chainsaw in reach of children". If a user buys your chainsaw and ignores your warning, it is their fault, (not the chainsaw maker) if someone gets killed. Computer designers, build computers, which can be dangerous, and include warnings like "This application could be dangerous, only install this application if you know and trust the publisher". If the user chooses to ignore that warning and install some piece a virus infected malicious software even though they don't know and trust the publisher, that's their fault, not the computer/software designers. (Yes, OK, obviously some blame is to be allocated to the designer of the malicious software as well, and I think they are the ones that deserve the real punishment as what they do is intentional designed to cause harm).
Simon
Simon Stevens wrote:
Computer designers, build computers, which can be dangerous, and include warnings like "This application could be dangerous, only install this application if you know and trust the publisher". If the user chooses to ignore that warning and install some piece a virus infected malicious software even though they don't know and trust the publisher, that's their fault, not the computer/software designers.
except we build computer programs that do NOT come with warnings. We sell them to anyone who can afford it, and many who cannot. We sell them, and TELL them, that they are safe, anyone can use it, everyone can use it from 2 year old key-pounding toddlers to 102 year old Great-Granny. And then after telling them it is completely safe, you want to fine them, punish them, because **WE** lied to them. We know it is not safe, but that is NOT the message we are telling them. We are selling computers and software and telling them that anyone and everyone can and should use it. WE are charging racketeering services for AV and spam control and even maintenance/security for many products. You want security updates? no problem, pay up. You want AV? no problem, pay up. The free ones advertise to us, we know where to look, how to look. The big companies make sure the little guy never gets the message that AV can be had for free. They try to run out the free ones too. Because they want to charge the for the "protection service". You have a computer, we told you it was easy, we lied, but now you have it, pay your monthly charge and no one will "get hurt." :rolleyes:
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
Okay, so give them a month's credit for being cooperative. :laugh: But seriously, if I lost my connection because my computer had malware installed, I would be more mad at myself than the ISP. In fact, I would be grateful for them pointing it out. But I know what you're saying. I'm being penalized and inconvenienced.
Bert delaVega wrote:
But seriously, if I lost my connection because my computer had malware installed, I would be more mad at myself than the ISP. In fact, I would be grateful for them pointing it out.
but you understand what it means, and why it happened. You are talking about some people who know nothing about what malware is, viruses are treated with nyquil or a doctor visit, but usually ignored completely until they are so miserable they have to go somewhere to be treated. The vast majority of people treat themselves the same way, they won't visit a doctor until they are VERY ill. They do not know when a computer is very ill, there is no temperature, no fever, no shakes, and they don't know how to recognize computer vomit. So the computer is ill and they have no idea that it is. If they are lucky, they will get it to a computer doctor. Some of us clean systems for a diet coke. :) Because some of us realize the system is eating itself because of how it is set up. You can't charge for the cleaning service and also punish someone for not taking it. :)
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
Gary Wheeler wrote:
The answer of course is no, unless you deliberately left the car unlocked and the keys inside in the hope that it would be stolen.
and if we sold them a car that could not be locked without expertise they do not have, do not know how to get, or have to be charged an extra fee to use day to day, week to week, who is responsible? The person for refusing to accept a protection racket?
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
I don't think you can hold the machine owner at fault here. Practically speaking, I don't see how you could even have the ISP disable the user's account based on suspected botnet activity. The botnets are notorious for camouflaging their actions. The potential for false positives is therefore very high.
Software Zen:
delete this; -
Ultimately, I do agree that the perpetrator is the one who should be hold mostly responsible. But I do think untrained users should not use their ignorance as an excuse. Going back to the road metaphor. You've got 1 malicious user who knows how to drive safely, but drives their car at 200mph with the intention of killing people. They are like a malware writer, yes they are definitely responsible. They intentional planned to cause damage. You've also got a granny who's 85, learnt how to drive in the 30's with a dodgy hip and can't press the brake peddle properly. She misreads a new sign because it wasn't in the highway code when she passed. She fails to brake because her hip means she can't press the brake hard. She is also responsible for the damage she causes because she should have a acquired the proper training and made sure she was capable of safely using the vehicle before driving alone. I'm sure she didn't mean to cause the damage, but she is still responsible. She is like the common user, they need adequate training before they can be trusted to remain safe.
Simon
Simon Stevens wrote:
She is like the common user, they need adequate training before they can be trusted to remain safe.
There is one big difference. They are ALL told that they can go online safely, and everything will be fine. There is a license for drivers for a reason, it is not safe. There will never be a license for computing, but there is a racketeering service. If you don't pay your monthly fee someone will "get hurt" and you want to reinforce that service by saying we should punish the users? We gave them a car that cannot be locked without paying for the racketeering service because management wants the racketeering service income. Now we are demanding that the user be punished for not signing up for the racketeering service? Granny will be sold a computer and told it is completely safe. It may be the last message she will get before you toss her in jail for not getting adequate training? how is that somehow fair? If she gets any message it will be the racketeering message. Your computer is not safe, give us $75 a year for the rest of your life, or your computer will get hurt. How would you respond? pay the guy?
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
Chris Losinger wrote:
a computer that's connected to the internet is a tool with a huge capacity for abuse; and i'm not going to absolve people of their responsibility to see that that tool is secure and un-compromised.
but WE, as programmers, and salesmen tell them that they CAN do this, so it still doesn't apply they are doing exactly as someone tells them they should, while other people may or may not tell them something else. The first message they receive, and may never receive another, is that the computer is 100% safe and easy to use. They listened, and you want to punish them for listening? should they doubt everyone? why should they listen to us then?
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
El Corazon wrote:
but WE, as programmers, and salesmen tell them that they CAN do this
i didn't tell them anything of the kind. and it's not my responsibility to make sure they keep their computer from sending me spam.
-
Okay, so give them a month's credit for being cooperative. :laugh: But seriously, if I lost my connection because my computer had malware installed, I would be more mad at myself than the ISP. In fact, I would be grateful for them pointing it out. But I know what you're saying. I'm being penalized and inconvenienced.
And I can assure you that ISPs are doing everything they can to distance themselves from support calls. The last thing they want to be responsible for is the state of malware on your machine.
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
-
El Corazon wrote:
but WE, as programmers, and salesmen tell them that they CAN do this
i didn't tell them anything of the kind. and it's not my responsibility to make sure they keep their computer from sending me spam.
Chris Losinger wrote:
i didn't tell them anything of the kind. and it's not my responsibility to make sure they keep their computer from sending me spam.
try demanding that programmers follow best practices and computer safety, you will get a flame war the likes of which hasn't been seen since the end of Dune. :laugh: You want to hold them responsible, but how can they be if they are never told that the computers can do harm? If we don't build locks that do not require monthly service fees for the rest of their computer's life, how are they to lock their computer? I go out and clean computers, I go out and install free AV, I go out and try to educate Granny. But others just want to punish her because a salesman lied to her? The salesman is laughing all the way to the bank. Laughing twice as hard if she joins the racketeering/protection clauses. You want a change, be the change. make the locks, follow best practices, secure our software, educate Granny, help her, something. But punishing a user who has no idea even what they are being punished for doesn't solve anything.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
I don't think you can hold the machine owner at fault here. Practically speaking, I don't see how you could even have the ISP disable the user's account based on suspected botnet activity. The botnets are notorious for camouflaging their actions. The potential for false positives is therefore very high.
Software Zen:
delete this;Gary Wheeler wrote:
The botnets are notorious for camouflaging their actions. The potential for false positives is therefore very high.
exactly my point. You would have to educate the mass populace to exceed our average level. I would bet a few botnets would get past many of us for weeks before we caught it. we rely on each other, other programmers, to patch holes, and get fixes in, to offer advice (hey my drive is making wierd noises, hey my network card is going all out, how can I find the process and kill it?). We know who to turn to, because we have a collective intelligence that exceeds our own individual intelligence. At least sometimes.... There are times I still think group intelligence tends to disolve to the lowest common denominitor, but I am known for my optimistic moments. Ultimately, it still comes back to us. We are the only people fighting the war with virus writers. AV writers and spyware detection writers have been battling for years now, programmer vs. programmer. We are in this war too. every virus writer, every spyware writer, every botnet writer is looking for a hole WE leave behind. We as programmers are in this battle whether we like it or not. WE are the first line of defense and more than half us wants to punish the user. Where does that leave the first line of defense? still defenseless.... :sigh:
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
Chris Losinger wrote:
i didn't tell them anything of the kind. and it's not my responsibility to make sure they keep their computer from sending me spam.
try demanding that programmers follow best practices and computer safety, you will get a flame war the likes of which hasn't been seen since the end of Dune. :laugh: You want to hold them responsible, but how can they be if they are never told that the computers can do harm? If we don't build locks that do not require monthly service fees for the rest of their computer's life, how are they to lock their computer? I go out and clean computers, I go out and install free AV, I go out and try to educate Granny. But others just want to punish her because a salesman lied to her? The salesman is laughing all the way to the bank. Laughing twice as hard if she joins the racketeering/protection clauses. You want a change, be the change. make the locks, follow best practices, secure our software, educate Granny, help her, something. But punishing a user who has no idea even what they are being punished for doesn't solve anything.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
El Corazon wrote:
But punishing a user who has no idea even what they are being punished for doesn't solve anything.
in most areas of law, ignorance is no defense. make it a punishable offense to sell computers without basic A/V/Malware protection, or to operate such a computer. enforce it by tracking-down computers which are participating in botnets - issue warnings for first-timers and fines for repeat offenders. i'm not sure why you think people are going to bother buying secure software if you also insist that they should be isolated from the effects of not doing so. and i don't see why people will bother with the effort to write secure software if there's no demand for secure software because customers don't know they need it or care if they have it. give 'em a reason to want it, they will demand it, programmers will write it.
-
And I can assure you that ISPs are doing everything they can to distance themselves from support calls. The last thing they want to be responsible for is the state of malware on your machine.
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
Sure. Any business owner doesn't want support calls (it's one of those bottom line numbers that's hard to predict). But from an ISP's perspective, would they rather spend time and money on a few customers with malware causing problems or would they risk being shut off from their main pipe, which would impact 99% of the other customers?
-
Sure. Any business owner doesn't want support calls (it's one of those bottom line numbers that's hard to predict). But from an ISP's perspective, would they rather spend time and money on a few customers with malware causing problems or would they risk being shut off from their main pipe, which would impact 99% of the other customers?
ISPs have been shut-down for malware infected customers? Or for letting through DDOS and other bot attacks? I just don't think end users are going to be where this is won. They won't know and most won't care. They just want their computers to work. Shutting their connection off and telling them they are infected and spending many hours on the phone telling them to click this button and install this anti-malware and these patches is a no go for the ISP and a no go for the user.
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
-
Okay, so give them a month's credit for being cooperative. :laugh: But seriously, if I lost my connection because my computer had malware installed, I would be more mad at myself than the ISP. In fact, I would be grateful for them pointing it out. But I know what you're saying. I'm being penalized and inconvenienced.
-
El Corazon wrote:
But punishing a user who has no idea even what they are being punished for doesn't solve anything.
in most areas of law, ignorance is no defense. make it a punishable offense to sell computers without basic A/V/Malware protection, or to operate such a computer. enforce it by tracking-down computers which are participating in botnets - issue warnings for first-timers and fines for repeat offenders. i'm not sure why you think people are going to bother buying secure software if you also insist that they should be isolated from the effects of not doing so. and i don't see why people will bother with the effort to write secure software if there's no demand for secure software because customers don't know they need it or care if they have it. give 'em a reason to want it, they will demand it, programmers will write it.
Chris Losinger wrote:
make it a punishable offense to sell computers without basic A/V/Malware protection
not going to happen. The seller is shielded from any offense in this instance. As you said, if you protect them, there is no way to enforce it, or encourage it. The seller is completely shielded, as is any lies he tells the user. Go to any major computer store, you will hear 4 lies an hour minimum no matter what day of the week you go. Usually much, much higher. Many of those are ignorance also, most deliberate fabrications to get a user to buy what he does not need.
Chris Losinger wrote:
i'm not sure why you think people are going to bother buying secure software if you also insist that they should be isolated from the effects of not doing so.
I am not talking about shielding anyone but those who are caught in the middle with no knowledge of who is using their computer and who has lied to them in the past. In all other industries, except this one fraud is a felony. Computer fraud is a grey area left to the reputation of "used car salesmen" in reality the used car salesman is probably far more honest, more trustworthy, and safer to shop with every day of the week. If you are going to go this far, then remove the computer from the hands of the user. License it, and restrict its use. Which you and I know will never happen, because the companies that hold the money will prevent it. Until you get them responsible you will get no where, even by locking Granny in jail, you can't get a response unless they understand what happened. The user will not. You can fine them, lock them up, take away their computer, but it will all mean absolutely nothing to the average user. There will be no demands because they do not know what to demand! You cannot demand what you do not understand. These folks have no knowledge of viruses, nor malware, nor spyware, nor bots. You are talking about the rudamentary knowledge of a preschooler and charging them with a crime they do not understand. No matter how mild, or major the punishment, you can get no results. The person who lied to them is protected, even if you finally get them to understand that they must be made to pay for their computer the services of an expert to keep it up to date, or software license costs from now until forever, you are far more likely to get them to stop using the computer. Which is exactly why companies are trying to prevent you fr
-
Chris Losinger wrote:
make it a punishable offense to sell computers without basic A/V/Malware protection
not going to happen. The seller is shielded from any offense in this instance. As you said, if you protect them, there is no way to enforce it, or encourage it. The seller is completely shielded, as is any lies he tells the user. Go to any major computer store, you will hear 4 lies an hour minimum no matter what day of the week you go. Usually much, much higher. Many of those are ignorance also, most deliberate fabrications to get a user to buy what he does not need.
Chris Losinger wrote:
i'm not sure why you think people are going to bother buying secure software if you also insist that they should be isolated from the effects of not doing so.
I am not talking about shielding anyone but those who are caught in the middle with no knowledge of who is using their computer and who has lied to them in the past. In all other industries, except this one fraud is a felony. Computer fraud is a grey area left to the reputation of "used car salesmen" in reality the used car salesman is probably far more honest, more trustworthy, and safer to shop with every day of the week. If you are going to go this far, then remove the computer from the hands of the user. License it, and restrict its use. Which you and I know will never happen, because the companies that hold the money will prevent it. Until you get them responsible you will get no where, even by locking Granny in jail, you can't get a response unless they understand what happened. The user will not. You can fine them, lock them up, take away their computer, but it will all mean absolutely nothing to the average user. There will be no demands because they do not know what to demand! You cannot demand what you do not understand. These folks have no knowledge of viruses, nor malware, nor spyware, nor bots. You are talking about the rudamentary knowledge of a preschooler and charging them with a crime they do not understand. No matter how mild, or major the punishment, you can get no results. The person who lied to them is protected, even if you finally get them to understand that they must be made to pay for their computer the services of an expert to keep it up to date, or software license costs from now until forever, you are far more likely to get them to stop using the computer. Which is exactly why companies are trying to prevent you fr
El Corazon wrote:
Go to any major computer store, you will hear 4 lies an hour minimum no matter what day of the week you go. Usually much, much higher. Many of those are ignorance also, most deliberate fabrications to get a user to buy what he does not need.
now go to any computer store and try to find a product that, when you plug it in, will intentionally draw 10,000 watts, catch fire and burn your house down. can't do it? why's that ? hint: it's not because the salesmen aren't pushing it.
El Corazon wrote:
If you are going to go this far, then remove the computer from the hands of the user. License it, and restrict its use.
i'm not talking about restricting its use. i'm talking about mandating minimum security standards before a computer can be allowed to connect to the internet, or at least making it an offense to connect such a computer.
El Corazon wrote:
You are talking about the rudamentary knowledge of a preschooler and charging them with a crime they do not understand.
so what? you want to access the internet with a device that has the potential to harm (or at least annoy) millions of other users ? learn how to use it or be prepared to suffer the penalties when your computer becomes part of a botnet. it's the exact same principle at work for guns, cars, lawnmowers, dogs, cats, fireworks, everything - if you're careless with it, and you end up harming someone else, you're subject to the laws concerning the proper use of that item. don't know anything about taking care of a dog, but you get one anyway ? you'll get a visit from Animal Control. don't know how to drive your car and you back over your neighbor? it's not the salesman's fault! and you're liable to be charged with a crime even if you don't know about the law, or cars, or neighbors. ignorance is no defense. and no, it's not the salespeople's fault that customers don't know enough to secure their computers - it's the fact that there are absolutely no repercussions to people who don't secure them. people aren't going to bother learning to do something they see no need to learn. but, make it punishable, tell people about the law when they buy a computer, and services will spring up to educate people. computer stores will be scrambling to get customers to sign up for their in-store classes.
El Cor
-
El Corazon wrote:
Go to any major computer store, you will hear 4 lies an hour minimum no matter what day of the week you go. Usually much, much higher. Many of those are ignorance also, most deliberate fabrications to get a user to buy what he does not need.
now go to any computer store and try to find a product that, when you plug it in, will intentionally draw 10,000 watts, catch fire and burn your house down. can't do it? why's that ? hint: it's not because the salesmen aren't pushing it.
El Corazon wrote:
If you are going to go this far, then remove the computer from the hands of the user. License it, and restrict its use.
i'm not talking about restricting its use. i'm talking about mandating minimum security standards before a computer can be allowed to connect to the internet, or at least making it an offense to connect such a computer.
El Corazon wrote:
You are talking about the rudamentary knowledge of a preschooler and charging them with a crime they do not understand.
so what? you want to access the internet with a device that has the potential to harm (or at least annoy) millions of other users ? learn how to use it or be prepared to suffer the penalties when your computer becomes part of a botnet. it's the exact same principle at work for guns, cars, lawnmowers, dogs, cats, fireworks, everything - if you're careless with it, and you end up harming someone else, you're subject to the laws concerning the proper use of that item. don't know anything about taking care of a dog, but you get one anyway ? you'll get a visit from Animal Control. don't know how to drive your car and you back over your neighbor? it's not the salesman's fault! and you're liable to be charged with a crime even if you don't know about the law, or cars, or neighbors. ignorance is no defense. and no, it's not the salespeople's fault that customers don't know enough to secure their computers - it's the fact that there are absolutely no repercussions to people who don't secure them. people aren't going to bother learning to do something they see no need to learn. but, make it punishable, tell people about the law when they buy a computer, and services will spring up to educate people. computer stores will be scrambling to get customers to sign up for their in-store classes.
El Cor
Chris Losinger wrote:
i'm talking about mandating minimum security standards before a computer can be allowed to connect to the internet, or at least making it an offense to connect such a computer.
not going to happen, and you are fooling yourself if you think it ever will. It would restrict the amount of sales, and right now with the economy doing so poorly, nothing that restrict sales will ever fly.
Chris Losinger wrote:
now go to any computer store and try to find a product that, when you plug it in, will intentionally draw 10,000 watts, catch fire and burn your house down. can't do it? why's that ? hint: it's not because the salesmen aren't pushing it.
One problem. Digital copywrite laws refuse to place monitary value to digital losses. There are reasons for this, too long to get into in this thread, but it is not going to happen. The loss of something digital, yours, mine, anyones, has no value. Its one of the grey areas of the digital age. On one hand you want to support the record company and other groups that want to have 100% complete control over every byte of their product, on the other hand, if you go so far as to place a value on a byte, then a computer crash ultimately allows the user to sue the OS designer. So we are trapped in no-man's land, a vast wasteland of digital non-value and threats, and misuse, and problems. If you are expecting the government to step in and change this, just don't hold your breath while you wait.
Chris Losinger wrote:
it's the fact that there is absolutely no repercussions to people who don't secure them.
so you are saying that because I expect my home to be secure when I use a key, and someone breaks in through a window, I am responsible for the guy killing my wife? The user thinks their password is a key, as long as they don't give anyone their key, their computer is like their home. They don't even know they don't know because the salesman assured them that the computer is just like their home. As long as they don't give out their password they are fine. Even if there are repercussions, it is meaningless. The user doesn't understand what a bot is. You can lock them in jail, give them mandatory computer training in order to let them understand what they were tried and convicted of, but then it is too late. No matter what punishment you do, they won't understand. If a dog pee
-
Chris Losinger wrote:
i'm talking about mandating minimum security standards before a computer can be allowed to connect to the internet, or at least making it an offense to connect such a computer.
not going to happen, and you are fooling yourself if you think it ever will. It would restrict the amount of sales, and right now with the economy doing so poorly, nothing that restrict sales will ever fly.
Chris Losinger wrote:
now go to any computer store and try to find a product that, when you plug it in, will intentionally draw 10,000 watts, catch fire and burn your house down. can't do it? why's that ? hint: it's not because the salesmen aren't pushing it.
One problem. Digital copywrite laws refuse to place monitary value to digital losses. There are reasons for this, too long to get into in this thread, but it is not going to happen. The loss of something digital, yours, mine, anyones, has no value. Its one of the grey areas of the digital age. On one hand you want to support the record company and other groups that want to have 100% complete control over every byte of their product, on the other hand, if you go so far as to place a value on a byte, then a computer crash ultimately allows the user to sue the OS designer. So we are trapped in no-man's land, a vast wasteland of digital non-value and threats, and misuse, and problems. If you are expecting the government to step in and change this, just don't hold your breath while you wait.
Chris Losinger wrote:
it's the fact that there is absolutely no repercussions to people who don't secure them.
so you are saying that because I expect my home to be secure when I use a key, and someone breaks in through a window, I am responsible for the guy killing my wife? The user thinks their password is a key, as long as they don't give anyone their key, their computer is like their home. They don't even know they don't know because the salesman assured them that the computer is just like their home. As long as they don't give out their password they are fine. Even if there are repercussions, it is meaningless. The user doesn't understand what a bot is. You can lock them in jail, give them mandatory computer training in order to let them understand what they were tried and convicted of, but then it is too late. No matter what punishment you do, they won't understand. If a dog pee
El Corazon wrote:
not going to happen, and you are fooling yourself if you think it ever will. It would restrict the amount of sales, and right now with the economy doing so poorly, nothing that restrict sales will ever fly.
well, i'm really not sure that the economy "right now" has anything to do with "ever".
El Corazon wrote:
Digital copywrite laws refuse to place monitary value to digital losses.
cite? but i wasn't talking about copyright issues - i'm talking about the harm in terms of harassment and loss of productivity and bandwidth due to being overwhelmed by spam. one simple example: if 80%-90% of email traffic today is spam, there must enormous overcapacity built into in the system just to keep non-spam emails moving. reducing spam by eliminating botnets would save ISPs at all levels huge amounts of time and money. make it a crime, and ISPs can start using law enforcement, or even just the threat of law enforcement, to crack down on users who abuse the system.
El Corazon wrote:
so you are saying that because I expect my home to be secure when I use a key, and someone breaks in through a window, I am responsible for the guy killing my wife?
no - unless you had a good reason to suspect that such a thing could happen and didn't bother with a security system, or at least a big dog. with an unsecured computer on the net, there's every reason to suspect that someone is going to try to break into it and start abusing it, immediately[^]. it's more like leaving a loaded gun in a crowded playground.
El Corazon wrote:
You can lock them in jail, give them mandatory computer training in order to let them understand what they were tried and convicted of, but then it is too late. No matter what punishment you do, they won't understand.
:omg: all punishment is "too late" to prevent the crime that's being punished ! punishment works because people will work to avoid it. and, people will know what the crime and the punishment is the same way they learn what the punishments are for all the other crimes on the books: CSI, Law And Order, publ
-
ISPs have been shut-down for malware infected customers? Or for letting through DDOS and other bot attacks? I just don't think end users are going to be where this is won. They won't know and most won't care. They just want their computers to work. Shutting their connection off and telling them they are infected and spending many hours on the phone telling them to click this button and install this anti-malware and these patches is a no go for the ISP and a no go for the user.
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
No. ISP's haven't been shut down for malware. I was just making a point that if someone suspected a client (user) of the ISP of harbouring a botnet, then it would be a better idea to have the ISP address the problem (for a small number of clients) than have the ISP suffer being shut off from the trunk for most of their other business. Given the choice, I would rather help the few clients inflicted with this than endanger my other (99%) clients. If you don't help the end consumer, then they're going to keep helping the botnet. I don't know. I thought informing the end user that they have a problem to deal with seemed reasonable to me. I guess others don't. Wow.