Are owners of botnetted computers culpable? [modified]
-
Chris Losinger wrote:
a computer that's connected to the internet is a tool with a huge capacity for abuse; and i'm not going to absolve people of their responsibility to see that that tool is secure and un-compromised.
but WE, as programmers, and salesmen tell them that they CAN do this, so it still doesn't apply they are doing exactly as someone tells them they should, while other people may or may not tell them something else. The first message they receive, and may never receive another, is that the computer is 100% safe and easy to use. They listened, and you want to punish them for listening? should they doubt everyone? why should they listen to us then?
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
El Corazon wrote:
but WE, as programmers, and salesmen tell them that they CAN do this
i didn't tell them anything of the kind. and it's not my responsibility to make sure they keep their computer from sending me spam.
-
Okay, so give them a month's credit for being cooperative. :laugh: But seriously, if I lost my connection because my computer had malware installed, I would be more mad at myself than the ISP. In fact, I would be grateful for them pointing it out. But I know what you're saying. I'm being penalized and inconvenienced.
And I can assure you that ISPs are doing everything they can to distance themselves from support calls. The last thing they want to be responsible for is the state of malware on your machine.
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
-
El Corazon wrote:
but WE, as programmers, and salesmen tell them that they CAN do this
i didn't tell them anything of the kind. and it's not my responsibility to make sure they keep their computer from sending me spam.
Chris Losinger wrote:
i didn't tell them anything of the kind. and it's not my responsibility to make sure they keep their computer from sending me spam.
try demanding that programmers follow best practices and computer safety, you will get a flame war the likes of which hasn't been seen since the end of Dune. :laugh: You want to hold them responsible, but how can they be if they are never told that the computers can do harm? If we don't build locks that do not require monthly service fees for the rest of their computer's life, how are they to lock their computer? I go out and clean computers, I go out and install free AV, I go out and try to educate Granny. But others just want to punish her because a salesman lied to her? The salesman is laughing all the way to the bank. Laughing twice as hard if she joins the racketeering/protection clauses. You want a change, be the change. make the locks, follow best practices, secure our software, educate Granny, help her, something. But punishing a user who has no idea even what they are being punished for doesn't solve anything.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
I don't think you can hold the machine owner at fault here. Practically speaking, I don't see how you could even have the ISP disable the user's account based on suspected botnet activity. The botnets are notorious for camouflaging their actions. The potential for false positives is therefore very high.
Software Zen:
delete this;Gary Wheeler wrote:
The botnets are notorious for camouflaging their actions. The potential for false positives is therefore very high.
exactly my point. You would have to educate the mass populace to exceed our average level. I would bet a few botnets would get past many of us for weeks before we caught it. we rely on each other, other programmers, to patch holes, and get fixes in, to offer advice (hey my drive is making wierd noises, hey my network card is going all out, how can I find the process and kill it?). We know who to turn to, because we have a collective intelligence that exceeds our own individual intelligence. At least sometimes.... There are times I still think group intelligence tends to disolve to the lowest common denominitor, but I am known for my optimistic moments. Ultimately, it still comes back to us. We are the only people fighting the war with virus writers. AV writers and spyware detection writers have been battling for years now, programmer vs. programmer. We are in this war too. every virus writer, every spyware writer, every botnet writer is looking for a hole WE leave behind. We as programmers are in this battle whether we like it or not. WE are the first line of defense and more than half us wants to punish the user. Where does that leave the first line of defense? still defenseless.... :sigh:
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
Chris Losinger wrote:
i didn't tell them anything of the kind. and it's not my responsibility to make sure they keep their computer from sending me spam.
try demanding that programmers follow best practices and computer safety, you will get a flame war the likes of which hasn't been seen since the end of Dune. :laugh: You want to hold them responsible, but how can they be if they are never told that the computers can do harm? If we don't build locks that do not require monthly service fees for the rest of their computer's life, how are they to lock their computer? I go out and clean computers, I go out and install free AV, I go out and try to educate Granny. But others just want to punish her because a salesman lied to her? The salesman is laughing all the way to the bank. Laughing twice as hard if she joins the racketeering/protection clauses. You want a change, be the change. make the locks, follow best practices, secure our software, educate Granny, help her, something. But punishing a user who has no idea even what they are being punished for doesn't solve anything.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
El Corazon wrote:
But punishing a user who has no idea even what they are being punished for doesn't solve anything.
in most areas of law, ignorance is no defense. make it a punishable offense to sell computers without basic A/V/Malware protection, or to operate such a computer. enforce it by tracking-down computers which are participating in botnets - issue warnings for first-timers and fines for repeat offenders. i'm not sure why you think people are going to bother buying secure software if you also insist that they should be isolated from the effects of not doing so. and i don't see why people will bother with the effort to write secure software if there's no demand for secure software because customers don't know they need it or care if they have it. give 'em a reason to want it, they will demand it, programmers will write it.
-
And I can assure you that ISPs are doing everything they can to distance themselves from support calls. The last thing they want to be responsible for is the state of malware on your machine.
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
Sure. Any business owner doesn't want support calls (it's one of those bottom line numbers that's hard to predict). But from an ISP's perspective, would they rather spend time and money on a few customers with malware causing problems or would they risk being shut off from their main pipe, which would impact 99% of the other customers?
-
Sure. Any business owner doesn't want support calls (it's one of those bottom line numbers that's hard to predict). But from an ISP's perspective, would they rather spend time and money on a few customers with malware causing problems or would they risk being shut off from their main pipe, which would impact 99% of the other customers?
ISPs have been shut-down for malware infected customers? Or for letting through DDOS and other bot attacks? I just don't think end users are going to be where this is won. They won't know and most won't care. They just want their computers to work. Shutting their connection off and telling them they are infected and spending many hours on the phone telling them to click this button and install this anti-malware and these patches is a no go for the ISP and a no go for the user.
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
-
Okay, so give them a month's credit for being cooperative. :laugh: But seriously, if I lost my connection because my computer had malware installed, I would be more mad at myself than the ISP. In fact, I would be grateful for them pointing it out. But I know what you're saying. I'm being penalized and inconvenienced.
-
El Corazon wrote:
But punishing a user who has no idea even what they are being punished for doesn't solve anything.
in most areas of law, ignorance is no defense. make it a punishable offense to sell computers without basic A/V/Malware protection, or to operate such a computer. enforce it by tracking-down computers which are participating in botnets - issue warnings for first-timers and fines for repeat offenders. i'm not sure why you think people are going to bother buying secure software if you also insist that they should be isolated from the effects of not doing so. and i don't see why people will bother with the effort to write secure software if there's no demand for secure software because customers don't know they need it or care if they have it. give 'em a reason to want it, they will demand it, programmers will write it.
Chris Losinger wrote:
make it a punishable offense to sell computers without basic A/V/Malware protection
not going to happen. The seller is shielded from any offense in this instance. As you said, if you protect them, there is no way to enforce it, or encourage it. The seller is completely shielded, as is any lies he tells the user. Go to any major computer store, you will hear 4 lies an hour minimum no matter what day of the week you go. Usually much, much higher. Many of those are ignorance also, most deliberate fabrications to get a user to buy what he does not need.
Chris Losinger wrote:
i'm not sure why you think people are going to bother buying secure software if you also insist that they should be isolated from the effects of not doing so.
I am not talking about shielding anyone but those who are caught in the middle with no knowledge of who is using their computer and who has lied to them in the past. In all other industries, except this one fraud is a felony. Computer fraud is a grey area left to the reputation of "used car salesmen" in reality the used car salesman is probably far more honest, more trustworthy, and safer to shop with every day of the week. If you are going to go this far, then remove the computer from the hands of the user. License it, and restrict its use. Which you and I know will never happen, because the companies that hold the money will prevent it. Until you get them responsible you will get no where, even by locking Granny in jail, you can't get a response unless they understand what happened. The user will not. You can fine them, lock them up, take away their computer, but it will all mean absolutely nothing to the average user. There will be no demands because they do not know what to demand! You cannot demand what you do not understand. These folks have no knowledge of viruses, nor malware, nor spyware, nor bots. You are talking about the rudamentary knowledge of a preschooler and charging them with a crime they do not understand. No matter how mild, or major the punishment, you can get no results. The person who lied to them is protected, even if you finally get them to understand that they must be made to pay for their computer the services of an expert to keep it up to date, or software license costs from now until forever, you are far more likely to get them to stop using the computer. Which is exactly why companies are trying to prevent you fr
-
Chris Losinger wrote:
make it a punishable offense to sell computers without basic A/V/Malware protection
not going to happen. The seller is shielded from any offense in this instance. As you said, if you protect them, there is no way to enforce it, or encourage it. The seller is completely shielded, as is any lies he tells the user. Go to any major computer store, you will hear 4 lies an hour minimum no matter what day of the week you go. Usually much, much higher. Many of those are ignorance also, most deliberate fabrications to get a user to buy what he does not need.
Chris Losinger wrote:
i'm not sure why you think people are going to bother buying secure software if you also insist that they should be isolated from the effects of not doing so.
I am not talking about shielding anyone but those who are caught in the middle with no knowledge of who is using their computer and who has lied to them in the past. In all other industries, except this one fraud is a felony. Computer fraud is a grey area left to the reputation of "used car salesmen" in reality the used car salesman is probably far more honest, more trustworthy, and safer to shop with every day of the week. If you are going to go this far, then remove the computer from the hands of the user. License it, and restrict its use. Which you and I know will never happen, because the companies that hold the money will prevent it. Until you get them responsible you will get no where, even by locking Granny in jail, you can't get a response unless they understand what happened. The user will not. You can fine them, lock them up, take away their computer, but it will all mean absolutely nothing to the average user. There will be no demands because they do not know what to demand! You cannot demand what you do not understand. These folks have no knowledge of viruses, nor malware, nor spyware, nor bots. You are talking about the rudamentary knowledge of a preschooler and charging them with a crime they do not understand. No matter how mild, or major the punishment, you can get no results. The person who lied to them is protected, even if you finally get them to understand that they must be made to pay for their computer the services of an expert to keep it up to date, or software license costs from now until forever, you are far more likely to get them to stop using the computer. Which is exactly why companies are trying to prevent you fr
El Corazon wrote:
Go to any major computer store, you will hear 4 lies an hour minimum no matter what day of the week you go. Usually much, much higher. Many of those are ignorance also, most deliberate fabrications to get a user to buy what he does not need.
now go to any computer store and try to find a product that, when you plug it in, will intentionally draw 10,000 watts, catch fire and burn your house down. can't do it? why's that ? hint: it's not because the salesmen aren't pushing it.
El Corazon wrote:
If you are going to go this far, then remove the computer from the hands of the user. License it, and restrict its use.
i'm not talking about restricting its use. i'm talking about mandating minimum security standards before a computer can be allowed to connect to the internet, or at least making it an offense to connect such a computer.
El Corazon wrote:
You are talking about the rudamentary knowledge of a preschooler and charging them with a crime they do not understand.
so what? you want to access the internet with a device that has the potential to harm (or at least annoy) millions of other users ? learn how to use it or be prepared to suffer the penalties when your computer becomes part of a botnet. it's the exact same principle at work for guns, cars, lawnmowers, dogs, cats, fireworks, everything - if you're careless with it, and you end up harming someone else, you're subject to the laws concerning the proper use of that item. don't know anything about taking care of a dog, but you get one anyway ? you'll get a visit from Animal Control. don't know how to drive your car and you back over your neighbor? it's not the salesman's fault! and you're liable to be charged with a crime even if you don't know about the law, or cars, or neighbors. ignorance is no defense. and no, it's not the salespeople's fault that customers don't know enough to secure their computers - it's the fact that there are absolutely no repercussions to people who don't secure them. people aren't going to bother learning to do something they see no need to learn. but, make it punishable, tell people about the law when they buy a computer, and services will spring up to educate people. computer stores will be scrambling to get customers to sign up for their in-store classes.
El Cor
-
El Corazon wrote:
Go to any major computer store, you will hear 4 lies an hour minimum no matter what day of the week you go. Usually much, much higher. Many of those are ignorance also, most deliberate fabrications to get a user to buy what he does not need.
now go to any computer store and try to find a product that, when you plug it in, will intentionally draw 10,000 watts, catch fire and burn your house down. can't do it? why's that ? hint: it's not because the salesmen aren't pushing it.
El Corazon wrote:
If you are going to go this far, then remove the computer from the hands of the user. License it, and restrict its use.
i'm not talking about restricting its use. i'm talking about mandating minimum security standards before a computer can be allowed to connect to the internet, or at least making it an offense to connect such a computer.
El Corazon wrote:
You are talking about the rudamentary knowledge of a preschooler and charging them with a crime they do not understand.
so what? you want to access the internet with a device that has the potential to harm (or at least annoy) millions of other users ? learn how to use it or be prepared to suffer the penalties when your computer becomes part of a botnet. it's the exact same principle at work for guns, cars, lawnmowers, dogs, cats, fireworks, everything - if you're careless with it, and you end up harming someone else, you're subject to the laws concerning the proper use of that item. don't know anything about taking care of a dog, but you get one anyway ? you'll get a visit from Animal Control. don't know how to drive your car and you back over your neighbor? it's not the salesman's fault! and you're liable to be charged with a crime even if you don't know about the law, or cars, or neighbors. ignorance is no defense. and no, it's not the salespeople's fault that customers don't know enough to secure their computers - it's the fact that there are absolutely no repercussions to people who don't secure them. people aren't going to bother learning to do something they see no need to learn. but, make it punishable, tell people about the law when they buy a computer, and services will spring up to educate people. computer stores will be scrambling to get customers to sign up for their in-store classes.
El Cor
Chris Losinger wrote:
i'm talking about mandating minimum security standards before a computer can be allowed to connect to the internet, or at least making it an offense to connect such a computer.
not going to happen, and you are fooling yourself if you think it ever will. It would restrict the amount of sales, and right now with the economy doing so poorly, nothing that restrict sales will ever fly.
Chris Losinger wrote:
now go to any computer store and try to find a product that, when you plug it in, will intentionally draw 10,000 watts, catch fire and burn your house down. can't do it? why's that ? hint: it's not because the salesmen aren't pushing it.
One problem. Digital copywrite laws refuse to place monitary value to digital losses. There are reasons for this, too long to get into in this thread, but it is not going to happen. The loss of something digital, yours, mine, anyones, has no value. Its one of the grey areas of the digital age. On one hand you want to support the record company and other groups that want to have 100% complete control over every byte of their product, on the other hand, if you go so far as to place a value on a byte, then a computer crash ultimately allows the user to sue the OS designer. So we are trapped in no-man's land, a vast wasteland of digital non-value and threats, and misuse, and problems. If you are expecting the government to step in and change this, just don't hold your breath while you wait.
Chris Losinger wrote:
it's the fact that there is absolutely no repercussions to people who don't secure them.
so you are saying that because I expect my home to be secure when I use a key, and someone breaks in through a window, I am responsible for the guy killing my wife? The user thinks their password is a key, as long as they don't give anyone their key, their computer is like their home. They don't even know they don't know because the salesman assured them that the computer is just like their home. As long as they don't give out their password they are fine. Even if there are repercussions, it is meaningless. The user doesn't understand what a bot is. You can lock them in jail, give them mandatory computer training in order to let them understand what they were tried and convicted of, but then it is too late. No matter what punishment you do, they won't understand. If a dog pee
-
Chris Losinger wrote:
i'm talking about mandating minimum security standards before a computer can be allowed to connect to the internet, or at least making it an offense to connect such a computer.
not going to happen, and you are fooling yourself if you think it ever will. It would restrict the amount of sales, and right now with the economy doing so poorly, nothing that restrict sales will ever fly.
Chris Losinger wrote:
now go to any computer store and try to find a product that, when you plug it in, will intentionally draw 10,000 watts, catch fire and burn your house down. can't do it? why's that ? hint: it's not because the salesmen aren't pushing it.
One problem. Digital copywrite laws refuse to place monitary value to digital losses. There are reasons for this, too long to get into in this thread, but it is not going to happen. The loss of something digital, yours, mine, anyones, has no value. Its one of the grey areas of the digital age. On one hand you want to support the record company and other groups that want to have 100% complete control over every byte of their product, on the other hand, if you go so far as to place a value on a byte, then a computer crash ultimately allows the user to sue the OS designer. So we are trapped in no-man's land, a vast wasteland of digital non-value and threats, and misuse, and problems. If you are expecting the government to step in and change this, just don't hold your breath while you wait.
Chris Losinger wrote:
it's the fact that there is absolutely no repercussions to people who don't secure them.
so you are saying that because I expect my home to be secure when I use a key, and someone breaks in through a window, I am responsible for the guy killing my wife? The user thinks their password is a key, as long as they don't give anyone their key, their computer is like their home. They don't even know they don't know because the salesman assured them that the computer is just like their home. As long as they don't give out their password they are fine. Even if there are repercussions, it is meaningless. The user doesn't understand what a bot is. You can lock them in jail, give them mandatory computer training in order to let them understand what they were tried and convicted of, but then it is too late. No matter what punishment you do, they won't understand. If a dog pee
El Corazon wrote:
not going to happen, and you are fooling yourself if you think it ever will. It would restrict the amount of sales, and right now with the economy doing so poorly, nothing that restrict sales will ever fly.
well, i'm really not sure that the economy "right now" has anything to do with "ever".
El Corazon wrote:
Digital copywrite laws refuse to place monitary value to digital losses.
cite? but i wasn't talking about copyright issues - i'm talking about the harm in terms of harassment and loss of productivity and bandwidth due to being overwhelmed by spam. one simple example: if 80%-90% of email traffic today is spam, there must enormous overcapacity built into in the system just to keep non-spam emails moving. reducing spam by eliminating botnets would save ISPs at all levels huge amounts of time and money. make it a crime, and ISPs can start using law enforcement, or even just the threat of law enforcement, to crack down on users who abuse the system.
El Corazon wrote:
so you are saying that because I expect my home to be secure when I use a key, and someone breaks in through a window, I am responsible for the guy killing my wife?
no - unless you had a good reason to suspect that such a thing could happen and didn't bother with a security system, or at least a big dog. with an unsecured computer on the net, there's every reason to suspect that someone is going to try to break into it and start abusing it, immediately[^]. it's more like leaving a loaded gun in a crowded playground.
El Corazon wrote:
You can lock them in jail, give them mandatory computer training in order to let them understand what they were tried and convicted of, but then it is too late. No matter what punishment you do, they won't understand.
:omg: all punishment is "too late" to prevent the crime that's being punished ! punishment works because people will work to avoid it. and, people will know what the crime and the punishment is the same way they learn what the punishments are for all the other crimes on the books: CSI, Law And Order, publ
-
ISPs have been shut-down for malware infected customers? Or for letting through DDOS and other bot attacks? I just don't think end users are going to be where this is won. They won't know and most won't care. They just want their computers to work. Shutting their connection off and telling them they are infected and spending many hours on the phone telling them to click this button and install this anti-malware and these patches is a no go for the ISP and a no go for the user.
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
No. ISP's haven't been shut down for malware. I was just making a point that if someone suspected a client (user) of the ISP of harbouring a botnet, then it would be a better idea to have the ISP address the problem (for a small number of clients) than have the ISP suffer being shut off from the trunk for most of their other business. Given the choice, I would rather help the few clients inflicted with this than endanger my other (99%) clients. If you don't help the end consumer, then they're going to keep helping the botnet. I don't know. I thought informing the end user that they have a problem to deal with seemed reasonable to me. I guess others don't. Wow.
-
No. ISP's haven't been shut down for malware. I was just making a point that if someone suspected a client (user) of the ISP of harbouring a botnet, then it would be a better idea to have the ISP address the problem (for a small number of clients) than have the ISP suffer being shut off from the trunk for most of their other business. Given the choice, I would rather help the few clients inflicted with this than endanger my other (99%) clients. If you don't help the end consumer, then they're going to keep helping the botnet. I don't know. I thought informing the end user that they have a problem to deal with seemed reasonable to me. I guess others don't. Wow.
BitTorrent and other high-end users are a much bigger "problem" for ISPs. They suck a lot more bandwidth than malware infected computers. I'm not saying I agree with ISP thinking, just saying that by and large that is how they think. Plus one way to control malware infected computers is to shape their traffic instead of helping to solve the root problem. ISPs do this already with "abusive" users. If they think you are doing something odd then they ratchet your pipe down to a straw. They don't phone you, they don't even email you, they just shape you. Traffic shaping software is making good money for IT companies.
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
-
BitTorrent and other high-end users are a much bigger "problem" for ISPs. They suck a lot more bandwidth than malware infected computers. I'm not saying I agree with ISP thinking, just saying that by and large that is how they think. Plus one way to control malware infected computers is to shape their traffic instead of helping to solve the root problem. ISPs do this already with "abusive" users. If they think you are doing something odd then they ratchet your pipe down to a straw. They don't phone you, they don't even email you, they just shape you. Traffic shaping software is making good money for IT companies.
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
That's very true, Paul. I can't stand that stuff myself. But the original question was specific about what to do with a botnet infected computer. Torrents proliferate all kinds of malware and illegal stuff 24x7. I hate it. But what if your computer had malware installed that was helping a botnet somewhere do whatever it is they do? Would you unplug the ethernet cable? Would you unplug the power cord? Would you scan the disk, memory clean and then plug it back into the "net"? You probably would take all those steps, being savvy and smart. But what about the not so smart users ..... you know what I mean...
-
That's very true, Paul. I can't stand that stuff myself. But the original question was specific about what to do with a botnet infected computer. Torrents proliferate all kinds of malware and illegal stuff 24x7. I hate it. But what if your computer had malware installed that was helping a botnet somewhere do whatever it is they do? Would you unplug the ethernet cable? Would you unplug the power cord? Would you scan the disk, memory clean and then plug it back into the "net"? You probably would take all those steps, being savvy and smart. But what about the not so smart users ..... you know what I mean...
Bert delaVega wrote:
But what about the not so smart users
If I knew I wouldn't still be here typing this. I'd be on the phone to a VC asking for $100 million as I had a sure-fire money maker. It is a really tough problem. Make computers too closed and idiot-proof and you reduce their utility. Make them open and "alive with possibility" and you by definition make them able to run malware. Phoning ISP support and having a low-paid, disinterested bloke walk you through removing malware is not going to help. The customer isn't helped to understand the real problem, just the symptons are cured and left for a few weeks while the root of the problem (ignorance and needlessly complicated systems) is left. On one hand you want to educate all computer users but on the other hand computers are meant to help us, to save time and make us more productive. Users shouldn't have to know the internals to use them. They might as well go back to pen and paper if they have to become programmers to use their computers. Cars are getting better at this. A yearly check-up by a professional and you are grand. A car should run ten years without major problems. Computers aren't there yet. There are some basic things we can educate all computer users on but for the most part we are just going to have to suck it up and deal with the problems you and I created. Iterate, improve, simplify and do better in v2.
regards, Paul Watson Ireland & South Africa
Fernando A. Gomez F. wrote:
At least he achieved immortality for a few years.
-
El Corazon wrote:
not going to happen, and you are fooling yourself if you think it ever will. It would restrict the amount of sales, and right now with the economy doing so poorly, nothing that restrict sales will ever fly.
well, i'm really not sure that the economy "right now" has anything to do with "ever".
El Corazon wrote:
Digital copywrite laws refuse to place monitary value to digital losses.
cite? but i wasn't talking about copyright issues - i'm talking about the harm in terms of harassment and loss of productivity and bandwidth due to being overwhelmed by spam. one simple example: if 80%-90% of email traffic today is spam, there must enormous overcapacity built into in the system just to keep non-spam emails moving. reducing spam by eliminating botnets would save ISPs at all levels huge amounts of time and money. make it a crime, and ISPs can start using law enforcement, or even just the threat of law enforcement, to crack down on users who abuse the system.
El Corazon wrote:
so you are saying that because I expect my home to be secure when I use a key, and someone breaks in through a window, I am responsible for the guy killing my wife?
no - unless you had a good reason to suspect that such a thing could happen and didn't bother with a security system, or at least a big dog. with an unsecured computer on the net, there's every reason to suspect that someone is going to try to break into it and start abusing it, immediately[^]. it's more like leaving a loaded gun in a crowded playground.
El Corazon wrote:
You can lock them in jail, give them mandatory computer training in order to let them understand what they were tried and convicted of, but then it is too late. No matter what punishment you do, they won't understand.
:omg: all punishment is "too late" to prevent the crime that's being punished ! punishment works because people will work to avoid it. and, people will know what the crime and the punishment is the same way they learn what the punishments are for all the other crimes on the books: CSI, Law And Order, publ
Chris Losinger wrote:
cite?
check every time the bills come before congress, the same arguments apply. If you put a monitary value to digital time, you open up a full can of worms that will "destroy the foundation of computers" and thus it will not be done. The ISPs charge, they will do nothing. The computers are already sold, the makers will do nothing. The programmers, like us, left the holes, but as you say, we are not held responsible for our own mistakes, we are ultimately innocent of our own negligence right? The user is unaware we set him up, anaware some other idiot has taken over his computer, so we should punish him for not correcting our negligence. sounds fair to me.
Chris Losinger wrote:
are we talking about severely retarded people here?
yes, we are talking about the average user who will drive across town spending a gallon of gas to save 2 cents a gallon. they respond to phishing, and spam.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
Chris Losinger wrote:
cite?
check every time the bills come before congress, the same arguments apply. If you put a monitary value to digital time, you open up a full can of worms that will "destroy the foundation of computers" and thus it will not be done. The ISPs charge, they will do nothing. The computers are already sold, the makers will do nothing. The programmers, like us, left the holes, but as you say, we are not held responsible for our own mistakes, we are ultimately innocent of our own negligence right? The user is unaware we set him up, anaware some other idiot has taken over his computer, so we should punish him for not correcting our negligence. sounds fair to me.
Chris Losinger wrote:
are we talking about severely retarded people here?
yes, we are talking about the average user who will drive across town spending a gallon of gas to save 2 cents a gallon. they respond to phishing, and spam.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
El Corazon wrote:
but as you say, we are not held responsible for our own mistakes
except for the fact that i never said that, good point
-
El Corazon wrote:
but as you say, we are not held responsible for our own mistakes
except for the fact that i never said that, good point
Chris Losinger wrote:
except for the fact that i never said that, good point
Not in so many words, but you do want the user responsible for our mistakes. :) Because the user doesn't have the intelligence to see our mistakes, fix our mistakes, and sign up for long term monetary plans to repair our mistakes. Ultimately, it always comes back to us as programmers. We refuse, because we have no fault. fine the user for not knowing we left a hole and having the sense to fix it. Where in all this do we fit in? take a way Granny's computer service because John C left a security hole in his application, because I left a buffer overflow in mine, because someone else thought they had a good encryption algorithm and didn't, it was cracked and the computer was laid open. But Granny is ultimately responsible for being negligent because we left her computer open to be stolen, and didn't know how to fix it? then mandate C# training to all computer users. Legislate that all computer owners must take a MS certification course before being allowed to use the internet. Enforce it police inspection, and annual checkups. :) But in the whole scheme of things, where is our part in it all? Where is our responsibility too? Granny's computer is a battle ground, between us, as programmers to secure our applications, and hackers wanting in. We are the first line of defense against the CQ's of the world, we'll vote him down, but we'd all rather fine Granny for him using her computer than do more than vote him down.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
-
Chris Losinger wrote:
except for the fact that i never said that, good point
Not in so many words, but you do want the user responsible for our mistakes. :) Because the user doesn't have the intelligence to see our mistakes, fix our mistakes, and sign up for long term monetary plans to repair our mistakes. Ultimately, it always comes back to us as programmers. We refuse, because we have no fault. fine the user for not knowing we left a hole and having the sense to fix it. Where in all this do we fit in? take a way Granny's computer service because John C left a security hole in his application, because I left a buffer overflow in mine, because someone else thought they had a good encryption algorithm and didn't, it was cracked and the computer was laid open. But Granny is ultimately responsible for being negligent because we left her computer open to be stolen, and didn't know how to fix it? then mandate C# training to all computer users. Legislate that all computer owners must take a MS certification course before being allowed to use the internet. Enforce it police inspection, and annual checkups. :) But in the whole scheme of things, where is our part in it all? Where is our responsibility too? Granny's computer is a battle ground, between us, as programmers to secure our applications, and hackers wanting in. We are the first line of defense against the CQ's of the world, we'll vote him down, but we'd all rather fine Granny for him using her computer than do more than vote him down.
_________________________ Asu no koto o ieba, tenjo de nezumi ga warau. Talk about things of tomorrow and the mice in the ceiling laugh. (Japanese Proverb) John Andrew Holmes "It is well to remember that the entire universe, with one trifling exception, is composed of others."
El Corazon wrote:
but you do want the user responsible for our mistakes.
i want the users to be reasponsible for what their computers do. our security "mistakes" should cost us business and damage our reputations. and the market should avoid companies which make security mistakes - or, it would, if there was incentive for the user to choose secure programs. is there another market where the producers assume all liability and take it upon themselves to protect the customer from even knowing what the hazards are?
El Corazon wrote:
Ultimately, it always comes back to us as programmers.
except when you don't create any incentive for "it" to do so. you can't hold programmers responsible for writing secure programs if there's no incentive for their employers to make them program responsibly. if users don't seek out sercure software (because there's no reason for them to do so because you seem oppsed to even telling them what secure software is or what it does) then software companies will not write secure software. "security" won't be in the spec; it won't be tested for; it will be something conscientious and knowledgeable programmers do when they have the chance or inclination. programmers aren't going to do this out of the goodness of their hearts or some vauge sense of pride. this is simple economics.
El Corazon wrote:
But Granny is ultimately responsible for being negligent because we left her computer open to be stolen, and didn't know how to fix it?
yes. granny's old enough to understand responsibility - she raised children, right?
El Corazon wrote:
Legislate that all computer owners must take a MS certification course before being allowed to use the internet. Enforce it police inspection, and annual checkups
no. simply hold computer users responsible for what their computers do. what it does, it does in your name.
El Corazon wrote:
But in the whole scheme of things, where is our part in it all? Where is our responsibility too?
our responsibility is to our employers. we're not the knighted guardians of some sacred public trust, we're engineers, writing programs to meet the marketing needs of the people who pay our salaries. and if there's no market for secure software, we won't be asked to write