I putted this topic up in the grc.com. Lets see how it will look in here.

OK, my main thesis is as followes. If you drive a car and that car is in bad shape, in fact, in so bad shape that its a danger to others and damages the roads you use, isnt it your problem to fix it? You bet. If you dont know how, you better take it to someone who knows how and perhaps pay him for fixing it up.

So why would the situation be any different when using computers? If you computers security is so terrible and you are stupid enought to execute viruses/trojans/worms and perhaps participate to (D)DoS attack, why should YOU not be made to pay for the damages done?

Lets keep in mind that Windows, for example, has automatic updating feature on by default; if you turn it off and dont keep patching your system, its YOUR FAULT, not M$:s. Also, there are many warnings both in programs and in manual that say that you shouldnt execute programs and attachments you dont know. If you are stupid enought to ignore them or dont bother to read the f***ing manual, its YOUR PROBLEM, not the M$:s.

I think the main issue is that since you are "not" responsible for the damages too, there is no need to "learn about computer security". You are responsible about the damages you cause with your car, therefore you must learn atleast the basis of it. If anyone sending a virus or participating to (D)DoS attack would be treated as offender (whether or not they did it on purpose), I bet it wouldnt take long for the people to learn.

Worms only spread because people are stupid enought to execute them.

So what do you think? Too hard? With windowsXP and raw sockets, this might be what we need: responsibilty. Sure we need to get the crackers and hackers too, but they arent the only ones to blame. And they are damm hard to find.

Markus

[This message has been edited by jansson_markus (edited 07-21-2001).]

Are you nuts? Comparing computer security to cars? How about making people responsible for what is done with their car after it has been stolen? After all they could have taken the car to a shop and had a security system installed.

I will not use any auto update, most knowledgeable people won’t for obvious reasons.

The average computer end user is virtually oblivious the workings of their machine, let alone security issues. To hold these people responsible for someone else hijacking their machine is unconscionable.

Come on! If you dont read the manual, its YOUR FAULT! If you dont patch the system, its YOUR FAULT! If you execute programs you receive via email, its YOUR FAULT!

The point Im making is that if it was illegal, then people and perhaps also the software companies and insurance companies would HAVE TO learn about security. People would be asking:"Hey, how can I prevent that my computer isnt used in anything like this and this?"

And setting up ZoneAlarm that blocks 99% of such attacks takes about 2 minutes.

Im not the only one who gets pissed off about the idea that because some lamer who doesnt bother to read the manual or has no common sense, I could be the next target for (D)DoS. Viruses I can handle so they arent the real trouble. But (D)DoS and similiar are.

People are lazy SOB:s. They dont do anything they dont like if they dont have to. And since vry few people like to learn about security, they dont. This would make them to learn even the very basis of it. Just reading for instance whats on my www-page would make them safe for these. But no. Why bother. If my computer crashes, I can always re-install. If someone elses computer crashes because of me, why should I care? Thats right.

But about "constitution"... well, I guess its not against constitution in here Finland. I dont about how its done in the jungle but... http://www.sysopt.com/forum/wink.gif

Cant believe this guy, if some one steals my car and hits some one it is my fault because I didn't have enough security on it. my next door neighbor lady, knows just enough to do email and the like, does he expect her to study the manuel. maybe take classes to avoid the damage done by the scum out there that cause the trouble, go to the source and nail the SOBs that cause it. with out which we would need no security at all. I was a youngster in a sociey ( right here in the USA) where I didnt even have a house key, we would leave the key in the car in case some one needed to move it. guess I've just lived to dam long. http://www.sysopt.com/forum/frown.gif http://www.sysopt.com/forum/frown.gif

Hmmm...

Well, it appears that a hacker/cracker (whatever) used my machine to break into the Pentagon's ultra-mega topsecret server containing info that the Roswell crash is in fact true, and has paved the way of technology for us ever since, the true identity of JFK's assasins (who are still in power today) and Elvis has NOT left the building. I suppose "They" will be coming for me shortly. I figure that's enough juicy material for atleast 3 years of MSNBC re-runs. Anyways, after scrambling through my OS and hardware manuals, I have found not one piece of text containing a single word regarding the utmost importance of allowing Microsoft to automatically update my OS to fight off trojans, viruses and Dos attacks. Besides, how can one survive this "jungle" of cyberspace without the latest version of MSN Messenger Service? But I'm sure the manual that came with my speakers will have all the answers...dammit! Where is it?! I guess I'm *ucked, right Markus? Dude, the key is not punishing the innocent. If a hacker has done some serious damage somewhere...he/she WILL be found. Up the penalties for cyber crime and educate the typical user. And I'm not talking about broadband ISP tech support telling regular computer users that "if file and print sharing is unchecked, you should be just fine." Either you're not serious and just want to get a holler out of some of these people, or your ethics are in leftfield.

http://www.sysopt.com/forum/wink.gif

[This message has been edited by cerberus6 (edited 07-21-2001).]

Come on! If you dont read the manual, its YOUR FAULT! If you dont patch the system, its YOUR FAULT! If you execute programs you receive via email, its YOUR FAULT!

If you don't have a shotgun under the counter and get killed, it's YOUR FAULT!

Let the murderer walk, because it's the store owner's fault. He should've had better security, right?

I agree with aspects of each side. If I purchase a model, an entertainment center or, etc... there are instructions enclosed. If I disregard the instructions and continue to put the parts together I am at fault when the model, entertainment center, etc... does not reflect what the object should actually be. I am responsible for taking the time to inform myself so that the end result is as intended. If I put it together wrong because I disregarded the instructions, it is not the engineers/designers fault. However, on the other side, if someone uses my object without permission, I am not responsible for (in most case) the damage done by that object. We have a responsibility to protect ourselves, and hopefully in doing so, protecting others. However, we can not settle this dispute with one universal law. There are too many individualized circumstances and situations that prevent us from doing so. Just my humble opinion.

Regards,
Mortis

The idea is unworkable because no amount of patching is going to make a piece of swiss cheese (windows) be leakproof. If your computer is all patched up with the "latest" that just means the other ways to break in haven't been documented yet.

So....you're saying we should be forced to take unwanted patches & upgrades and buy programs otherwise unneeded??
Not just take good care & maintain what's there??

Using your auto anology, that's the same as saying that all current safety devices should be installed in every car, regardless of it's age.
Not just maintain what came with it, but UPGRADE.

I guess my '67 Pontiac with all drum brakes should be condemned unless fitted with 4 wheel disc & antilock, huh??
Better get seatbelts, too.. http://www.sysopt.com/forum/wink.gif


Needless to say, that ain't gonna happen, neither will any "auto update" garbage ever be enabled on one of MY machines!

Ed

Why even bother to argue with this person, he either can't think straight or is just trying to **** people off.

Oh lord I can't believe you all fed this troll. Oh wait I did too...

Yep He tossed the limberger in the pond and we held our nose and kept swimming http://www.sysopt.com/forum/smile.gif http://www.sysopt.com/forum/smile.gif

jansson_markus
get a grip

[This message has been edited by Ballastboss (edited 07-21-2001).]

Okay, so what you're saying is that if we go out, buy Microsoft Windows, install it, and it crashes on install, then its our fault not Microsofts.
I don't think so. I also will not install the auto update, I'll go to the site myself and install what I want.
Also, I don't remember receiving any message about not executing programs or attachments that I don't know. We know less about the updates from Microsoft than we know about the games or apps that we install. We just take Microsofts word that their update will fix a previous problem, which this is not always true.
Take for example Windows 2k SP2, more people have problems with this service pack than they did with SP1.
And explain this: 2 days ago I'm installing ME on a second hard drive, I install most of the updates, while installing the security updates (from the windows update site) a different site pops up with the You have just been hacked by the chinese. And now I can't even install the last security update. Who's fault is that? I was at the Microsoft Windows Update Page, installing their updates.
So don't give us any guff that its our fault for not installing updates, or installing programs.

jansson, what in the world are you thinking? What you are suggesting is punishing the people who are the victims of vicious attacks. Sure this may come as a result of not maintaining their machines or simply not having a clue of what is going on. The latter is often the cause of the former, and 95% of the time people just don't have a clue. And Imperion1 has an excellent point about stabilty and service packs. Businesses all over the world refuse to install these service packs everytime they become available. There's a general understanding about them: for every ten bugs they fix, they add 1 to the mix. (Might not be the right ratio, but you get my drift) Do you realize that your idea of a solution does nothing to end the problem? I'm sorry, but it's just so liberal in design. Sure, it sounds good to the average joe with silly putty for a brain, but it's flawed logic. The intelligent solution would be to step up efforts to trace the origins of the attacks.

Yeah, it's a lot harder to do, but then again, how would you suggest your plan be implemented? Are you saying that the government should be in charge of monitoring systems? I hope you're not because that's insane. Please, next time you consider trying to solve the problems of the world, put yourself into the place of those affected. Also, remember to toss out any ideas that are unconstitutional, like your idea.

Oh, I see. You arent allowed to DISCUSS about issues here. Sorry, I tought that this was a right place for it.

Now, listen up, once again. You folks dont seem to get my point. The point is, that 99% users ignore everything that is sayed about security, are too lazy to patch their system, launch files which they shouldnt, dont bother read the manual and in general, dont care.

Im not talking about hanging someone because he forgot to check M$ patches today, but to make them pay (atleast a part of the expences). Thats the ultimatum. Worms and viruses spread only because there are ignorent people who run them. Against ALL warnings.

If you dont know how to drive your car, dont. If you dont know how to use your computer, dont. Its really all that simple.

Markus

[This message has been edited by jansson_markus (edited 07-22-2001).]

There's not much analogy in cars and computers. Most people are forced to use computers, and one just cannot know everything. While I agree that most people are just too lazy to read the manuals I wouldn't make them pay for their ignorance... To some extend yeah (for instance, you buy a game from russia, it has cih95.win in it and your computer gets, well.. f??ked up, then it's your fault) but to make end users pay for not knowing everything is kinda out of the question.
Rtfm, and ask.
What's the point in this anyway?
In the land of dreams (referring to u.s.a) you could sue some company just for about anything, so making someone else pay is no big deal.
-M

One thing on the viruses is that they are contantly getting better and are always a step ahead of any counter measures. No cracker is going to create a virus and then send it to Symantec and say, "Hey, I've got this virus. I want you look it over and then update your security before I send it out so that it doesn't hurt anybody. Ok?" This just isn't going to happen in the real world. Its not just updates that are needed but more common sense, and I'm afraid that isn't something that can just be auto-updated. Sure it would be great if everybody were smart enough not to open the strange email attachments that have these zombies in them but the reality is that most (I wish I was wrong here) are not. If we start punishing these people and trying to have auto-update features installed then that leads to a breach of privacy for everybody and as much as I hate to say this, I don't think somebody should be punished based upon their ignorance of a subject. Ignorance is a bliss that most people enjoy living in. That just puts more responsibilty on those of us that do know to either spread the word or try and do a better job of creating better security.

Computers are being 'mass marketed' to people. Most have no clue to the inter-workings. Cars are the same, unless a recall notice is announced, people don't know about it. - and unless something goes wrong, most depend on the yearly safety inspection to let them know that they need brakes etc.

Although the end-user shares some responsiblility, a lot of it falls the OS manufacturer, as well as the ISP. The ISP should provide some type of security - or inform the customer of the need for it.

I just convinced a women, who was running on a cable modem, without any type of security - to at least install zonealarm.

Ken

How about this analogy? If someone places a bomb in your car because you don't have a Hi-Tech security system installed, and it explodes as an innocent bystander is walking by, Would you be at fault? Should you pay the price?

Come on... that's just insane...

--Fltsimbuff

Most PC users have a hard enough time getting their computers to work properly much less making sure that all the security patches are installed. My local cable company happily installs cable modems left and right and NEVER mentions that people should have firewalls installed. Hell, the company ought to install the firewall as part of the package. THAT is criminal! And what about the poor slobs who have dialup connections? Downloading multimegabyte updates can take hours with no guarantte that it won't get interrupted in mid download. Should people be more security aware? Of course. But there is no way you can fine them for something someone else does to their pc.

Ok.. So lets say I go out and buy all the high tech car security stuff there is out .. And one day I'm driving along and some guy comes up and car jacks me .. After stealing my car from and shooting me in the process. While I'm laying on the side of the road bleeding to death. He runs over about 10 ppl killing all of them.. So in your world I would be at fault because for that one sec I opened my door to let my children out to goto school...

[This message has been edited by LuckyTech (edited 07-23-2001).]

very lame jansson
not everyone can be computer tech. not everyone has the time or patience.
not everyone can be a car mechanic. not everyone has the time or patience.

heck, not everyone can even program their TVs or VCRs, so I guess only a handful of people have a right to own TVs and VCRs huh?

if you know stuff about something, share it. don't go lambasting other people who don't know what you know.

To radbasa:
"not everyone can be computer tech. not everyone has the time or patience.
not everyone can be a car mechanic. not everyone has the time or patience."

Thats my point! Thats why take your car to mechanic every now and then. Thats why they tell you "dont drive with flat tyres". Why couldnt the same work with computers? And again, installing a ZoneAlarm takes 2 minutes and doesnt cost anything. It alone is powerfull protection.

"heck, not everyone can even program their TVs or VCRs, so I guess only a handful of people have a right to own TVs and VCRs huh?"

Sure. But if they mess up their system so badly it prevents ME from watching TV then they should either A) learn to use it B) take it to someone who knows about it and can fix it C) stop using it.

"if you know stuff about something, share it. don't go lambasting other people who don't know what you know."

Its not about what I know or what people know. People DONT CARE. They are lazy. They are stupid. I have told my father 20+ times NOT TO open attachments...guess does he still do it?

So, Markus...

How do you feel about cybercrime penalities regarding hackers that perform their dirty deeds after penetrating your firewall, on a machine that has all M$'s security updates? Should the owner of the computer still pay for any damages caused?
The problem with alot of computer users is not just laziness or "stupidity"...it's a lack of being aware of such things. You're father still executing attachments after being told 20+ times doesn't represent 99% of most computer users. Every person I've talked to that has broadband with no protection shows atleast a little concern and takes the first step in shielding themselves. Besides, if your dad gets a virus through e-mail, won't ZA and an updated AV (Norton, Cleaner, etc) spot it?

By the way this fool proof system (Zone Alarm ) has been successfully broken through in the last week guess youll have try something new with more bugs NO security system is completely safe give someone with the skills and the time and theyll get through.

We need to see more of this...
http://archives.seattletimes.nwsource.com/cgi-bin/texis/web/vortex/display?slug=domain21m&date=20010721

Go to China.

Well, jansson_markus ,I think you understand your WAY off base account people ARE people,and not all are auto.techs or computer literate.
GET A GRIP

muno, I think you've inadvertantly brought up an excellent point in this topic.
While I agree that most people are just too lazy to read the manuals I wouldn't make them pay for their ignorance...
WHAT MANUALS???

Today's systems include little if any written instructions. They're sold to people who have a lifetime's experience of either reading or ignoring manuals, but recieving one regardless. My early systems came with several huge books.


So, isn't it the system manufacturer who is responsible for not providing adequate maintenance information in the form which the buyer is accustomed to??

Getting back to the auto anology, a vehicle driver must be licensed. He recieves an owner's manual and a recommended maintenance schedule. The vehicle must pass guidelines before it can even be produced. It must be inspected periodically. Etc...

To liken this to today's computers, you'd have to sell a homebuilt high-horsepower hotrod that's never been inspected to someone that's never even seen a car before, then tell them to take it out on the freeway. All with no training or instructions.

how 'bout that homer simpson??? gotta love 'em!

http://www.sysopt.com/forum/wink.gif

SD

Yeah, the manuals are electronical nowadays. It's almost always implemented in the 'driver cdrom' that packages with the retail product... Even I (I know I'm not illeterate am I) don't want to read everything from a computer screen...
And b t w, I never read the manuals either =) Unless I payed huge cash for it.
-M

I have a professional version of a firewall that gets updated regularly. I have A/V software that gets a new pattern file regularly (daily lately). I have my Cookies set to prompt me to allow them or not. I use a hosts file to stop my computer from accessing sites that have been suspected of using SpyWare in their ad banners. I check my computer for SpyWare using Steve Gibson's OptOut software (http://grc.com/optout.htm) . I don't use Outlook Express for my email. I scan for viruses and trojans regularly. I use Window Washer to clean out the junk on my system regularly. I report some (too many to do it for all of them) of the hacking attempts on my machine to the hacker's ISP (including the log files). I manually check my StartUp folder, Run & RunServices registry keys, autoexec.bat file, and config.sys file on a regular basis.

So after all of this, if one of the would-be hackers doesn't get his/her subscription terminated by his/her ISP, and he/she discovers another way into my system (because he/she is determined to get in after being stopped), and then proceeds to use my box for a DDOS attack, am I still responsible?

With the advancements in computers these days, there is just no way to make everyone computer literate. I know many people who like to play computer games, browse a few internet sites, send and receive email, etc. that don't know anything else about the computer except what has been shown. Do you expect these people to pay a few hundred bucks and take a computing course in order to be given the priviledge of buying one, Jansson? If you were a computer merchant, would you be willing to lose a sale and a potentially HUGE profit just because you decided that the person SHOULDN'T HAVE A COMPUTER BECAUSE HE/SHE DOESN'T KNOW ANYTHING ABOUT IT?

Give me a break.

Wait a second here.....Let's look at this logically.

If you receive a virus from someone because they didn't get the updated software to protect themselves.....You, Jansson, say that they should be responsible for any damages caused to others.

Well, in your case scenario...those who were affected from that person would also be responsible to someone else, since they must NOT have had the updated protection software on their own system. Wouldn't it be their own fault also? So, either everyone pays for the next guy, or track it back to the original hacker and make him pay for all of the cumulative damage.

LinBoons


[This message has been edited by LinBoons (edited 07-25-2001).]

[This message has been edited by LinBoons (edited 07-25-2001).]

My old boss taught me two things:

1. Don't argue with F***wits.
2. Don't get involved in an exchange of mutual ignorances.

Oops.

i agree with jansson_markus 100%, but let me give you a better example for cars

i feel that people complaining about executing viruses is like someone leaving the keys in the ignition and the car unlocked. then getting surprised that they get the car stolen. personally i didnt get any manuals with my computer because it came all oem preassembled but its just common sense people.


another example is blaming gun manufacturers for kids getting shot with guns made by them. they didnt pull the trigger so it was all the gun user's fault. its bs to blame other people for your stupidity

just my opinion

hehe jacob...100 % he
With the two sentences you made it seems you only agree 50%
Indeed it's the gun USER wich is responsible even if the gun was stolen to a policeman. So if someone steel your computer to shoot at grc.com with a Dos attack, he is responsible, not you or your computer.

For the other 50% i will say that even if you let the key on the car, you are not responsible if he use your car, have an accident, kill someone or use it for a robbery. Only insurrance will try to put responsability on you, just to not pay.

So it seems that you don't agree at all

Within the context of the above discussion, you all should know that in most jurisdictions within the United States, an intervening criminal act (i.e. hacking and launching a DDOS attack from the zombie) will generally relieve a person from liability for negligence (i.e. not adequately protecting their system), unless the intervening criminal act was foreseeable.

Restated, if a criminal act is foreseeable and a defendant (i.e. zombie owner) is negligent in protecting against the criminal act, most U.S. courts will hold the defendant liable for all damages incurred by a third party victim.

That said, even if third-party criminal conduct was foreseeable by the defendant, California courts have in some cases refused to hold defendants liable for allegedly providing inadequate security measures and therefore causing the plaintiff's injuries by negligently failing to deter crime [Noble v. Los Angeles Dodgers, Inc. (1985) 168 Cal. App. 3d 912, 916-919, 214 Cal. Rptr. 395]. For example, in a case involving a heavily armed man who entered a restaurant in an area plagued with robberies and killed or wounded dozens of people, the restaurant's failure to install security cameras or employ licensed security guards was held not to be the cause of the injuries and deaths. These measures could not possibly have deterred this particular criminal or prevented the massacre [Lopez v. McDonald's Corp. (1987) 193 Cal. App. 3d 495, 502, 514-517, 238 Cal. Rptr. 436; see, Thai v. Stang (1989) 214 Cal. App. 3d 1264, 1274, 263 Cal. Rptr. 202 (skating rink owners' failure to hire security guard was not cause of plaintiff's injuries from drive-by shooting in front of rink)].

There are two issues raised by "jansson_markus":

1. Is it reasonably foreseeable that a machine could be hacked and turned into a zombie? and,

2. Is it negligent to leave a machine connected to the Internet, unprotected by a firewall and not regularly patched?

FYI: Negligence is the "breach" of a "duty" that "causes" "damages." If an Internet user does not have a duty to protect their machine from hackers then they cannot be held negligent under any circumstance. Alternatively, if an Internet user does have a duty to protect their machine from hackers then they must take "reasonable" steps to prevent a breach of their duty.

If the answer is "yes" to both questions, then most jurisdictions would hold the "zombie owner" liable for those damages caused by the zombie owner's unprotected system. A "no" answer to any of the above questions would relieve the zombie owner of liability.

[This message has been edited by Cyber Lawyer (edited 07-26-2001).]

I have studied my manuals and am off to the Ministry of Computing to write my user liscense test. If I score high enough I can get a windows ME box and a cable modem, wish me luck..... fingers crossed. lol.

Jansson_markus....

I was wondering...Are you one of those lawyers for a tobacco caused illness?


Hmmm...if we go back into just who is really responsible...it's not the users who own the PC's...it's not the people who sold them the PC's it must be the maker of the PC's..or even the makers of the components inside the PC...wait, they had teachers, didn't they? Make THEM pay...ooops...even THEY had parents...right? make them pay....


Of course, I think we should just go after the obviously only real innocent ones here...you know, ....the ones we call HACKERS, of course...they wouldn't be any bit responsible for computer crimes now...would they? http://www.sysopt.com/forum/biggrin.gif

CYBER LAWYER:

QED: But please refer to Rule #1, above. If in doubt, refer to Rule #2.

OOps, I've done it again.

Whoo hooo...

We got some fires burnin' here! http://www.sysopt.com/forum/wink.gif

Cerberus6:

I think you and a few others have got my point! Insert smiley of your choice here. I don't want to upset anyone here, but pointless argument is pointless.

OOPS!

RLG...how long have you been the hall monitor here?

Topic-Starter...while your premise is understandable, your reasoning is unquestionably flawed. That you don't or won't see this is understandable...laughably so.

In some countries, hands are lopped-off for stealing...when someone maliciously causes any problem for someone else, they have stolen time and possibly more from their victim. It is truly sad that pathetic individuals enjoy harming others this way or any way for that matter. It was better when they spent their time pulling the wings off of insects. Now that they have evolved into something more dangerous, it is sad their penalty for cyber-crimes doesn't include the removal of all their extremities. Would this be a deterrent against such pathetic, malicious acts? Maybe not, but the pathetic sport would surely become less popular. I'd expect as the number of vermin caught and punished properly increased, the number of victims would surely decrease.

It's not a crime to be ignorant...
No substantial guilt will be found where there was no knowledge of the crime. So then, who really did know better? Microsoft?
If Microsoft knows better...their failure to provide protection is the real culprit. MS forced sales of PCs with the MS-OS on them, didn't they?

JRBACH: I feel myself being drawn into something of a abyss of misunderstanding. perhaps I've created a monster that's devouring me...but I tend to agree with you: I think Markus had a point, but I wouldn't blame it on Microsoft. The niggly thing is that I just don't believe most of what I read.

One day the administators of this, probably the best and most useful of all the forums around, might give us a new "Let's argue and have FUN" forum, but before they do, I'll try to make my position on this a little clearer.

It is clear that very few people, myself included, fully understand the technology behind the D.O.S zombies. Neither do the aptly christened "script kiddies"; they do it because they can. I use NAV and ZoneAlarm but I don't think for a moment that they are in any way un-hackable, and I know there will come a time that they will be useless in their present form.

It is also clear (to me, at least) that the world needs a little needling of this kind to keep us on our toes. If we can deal with these little guys, maybe we can deal with the real nasties if or when they want to knock us off.

Steve Gibson understands the technology and has his point of view. Microsoft understands the technology. That's where rule number 2 comes in for those of us that don't.

I really need to abide by rule number 1; but Cyber Lawyer told us that we are either guilty or not guilty if our machines are used for a D.O.S attack. That is really succinct. A triumph of legal...

Oh! I think I'll just go have a beer.

Cheers, and thanks for your response.

RLG

[This message has been edited by RLG (edited 07-27-2001).]

*hmm?*
I hope no ones' confusing ignorance with nonunderstanding.. My dear old mum could read evry manual for her machine (and has btw) and still not know that an attacment from one of her friends actually contains a virus.
Ok, e.g. she opens an excel document from a friend that contains macros, and 'oops' fries the system, how was she to know? I wouldn't hold the fact that she accidentaly fired one of the computers.

The only true way to protect your system is to isolate them from any outside influences (the net, CD's, floppy disks)

And no, just because some ****** has written a new virus and ******* over my mum's system, mum shouldn't be held responsable unless the file had 'I AM A VIRUS, I WILL DESTROY YOUR SYSTEM, PLEASE RUN ME' printed on it..

As for hackers, :p to them all. The most fun way is to become a hacker your self and when one taps into your system, format his hdd http://www.sysopt.com/forum/smile.gif

[This message has been edited by silverfish51 (edited 07-27-2001).]

Silverfish:

I spoke to my Proctologist about raw sockets:
I asked my wife, too. (I prefer her explanation.)

I could even ask MY mum, she's 86, but she CAN program her VCR.

So I'm not quite sure. As a I am a (non English speaking) resident of Australia you can understand my dilemma. I can't understand these Yanks...except SoCalGal and MntSnow who speak my language.

Grovel.

But I do agree with CYBER-LAWYER: If this stuff is taken to extremes, the only people who will win are the lawyers. And as we all know, the only difference between a skittled kangaroo and a skittled lawyer is that there are skid marks in front of the kangaroo...

I applaud Jannson_Markus for raising this issue, an eye for an eye, etc (I think I knew his mother) but first you gotta catch the crims.

Now, when I was just a boy and learning all this stuff, I had trouble shifting here, interupting there; hell, you could even poke. But I got by. On 4K of RAM. And a web address was something spooky.

Then I gave it all away and bought a PC. C++ rules, eh? ON 4MB of RAM.

Now, in the Autumn of my years, with 512MB of RAM @ 1.5GHz, I am told I might be implicated in a DoS thingy if some script kiddy wants to target me.

Well, FFFF 'em all.

I ran out of beer. Started on the wine.

I am not a cynic.

At all.

Sorry guys. Forgot rule #1


[This message has been edited by RLG (edited 07-27-2001).]

[This message has been edited by RLG (edited 07-27-2001).]

Hey, S.D. Willie!

C'mon. Get back here. This is serious.

I might need help from Homer.


Sigh.

Couldn't agree more. Go RLG!!

Ok I agree on some of the points made by jansson not all... People are lazy and cheap they don't want to do anything unless they are told to or forced to.

Example: This SirCam virus going around I spent 5 hrs trying to get a computer back up and running after they opened the attachment so many times it royally screwed up the system.

Did they learn not to open attachments? I'd say yes after they seen the bill.

Whenever we sell a computer we advize the person to install AntiVirus software and if they are going on a high speed connection we advize them to get a firewall program as well.

They usually don't listen, their response is "I don't want to spend the extra money doesn't that come free with the computer". Pffff nothing is free. I point out to them that there are free programs (ZoneAlarm Innoculate I'm sure there are more) just update them after installing.. I usually get a respose "I don't have time to do that"

But I've seen quite a few come back because of virus' or someone hacking their system and it all comes back to who's fault is it.

It sure isn't mine I told the customer about it. It's not their fault they chose not to protect their computer. It's the fault of the person who initially sent out the virus or did the system hack.

Get ahold of these people and slap them with a heavy fine or jail time maybe they'll learn not to do that. And in these third world country the laws don't apply to them. I'm protected by blah bl blah bl blah you do the crime you do the time. But apparently the laws around this are so fuzzy anyone can get out of it (ie Melissa virus maker "I don't think/remember I sent it out" Bamm instant get out of jail free card)

Well I guess I'm making a couple of points here people don't do anything unless they have to shell out large amounts of money to fix the dammage and change the laws (ha ya right) so if you are caught hacking or sending virus' you get jail time or a big big fine.

Along with the car analogy if you speed and never get caught is it against the law?

I could go on and on but I'll stop now

ok i only read halfway through this forum and just skimmed through the last few posts. i got to teh parts about people being lazy about updating their computer. janus, about half the people out there are computer illiterate people. they don't even know there is an update page. secondly, sure there might be people who DO get lazy to update their computer, but think about it this way, those update files and patch files are huge: triple digit size of total downloading. now, as a person like me, i wouldn't mind downloading the file, but there are two things that make me not want to download it. one: it causes more problems and headaches for me. i get more errors then ever before. i remmeber i use to have a perfect, no error environment with win98, but after installing updates, man i was bombarded with errors. two: with a poor person like me, i dont' have broadband connection to quickyl download the files. i pay for my internet connection, and i only get limited amount of hours, so why would i want to waste my money downloading files? also, you say its the users fault for not downloading the latest update. so what if a virus JUST came out, and there was no update for it because a service like norton, has not fixed it yet? what if I was the first few people to get the virus before there was an update? is that MY fault? because there was no update for it in time? i think not. theres always gonna be loopholes for viruses and trojans to get around teh updates. you can't have a update that will block ALL viruses and trojans. if there was, then heck, why are there so many updates then??? I mean, heck even a hacker breaks enter a government page. is that the governments fault that a hacker hacked into the page???? no. and thats a fact. there will NEVER be a stop to viruses and hackers, because hackers will always find a way to get around no matter how big the encription or the security is. in other words, true, there might be people that are too lazy to update, but the majority of the people inflicted with a computer attack are not responsible for it because there was just no way to stop it for numerous reasons.

So if we get all the updates for our "ie" firewalls, email and such and we still get slammed with a virus. Then we should hold the software companys liable, because they did not protect our sytems as promised with all their updates and usless information.

If you have read my post above, you can all appreciate that the answer is a definitive: It depends. Take two examples:

Example 1: XYZ Technology Corp, with a staff of 5 in their MIS department and a T-3 pipe refuses to install a firewall and chooses the difficult and not easily guessed password: "Admin" for the Administrator account on their domain server. It will take a script kiddy 15 seconds to hack into the domain server and 30 seconds to install DDOS software. If XYZ's network is used in a DDOS attack, it is my opinion that they will be held liable for the resulting damages because XYZ failed to take reasonable precautions and the likelihood that XYZ's network would be used in a DDOS attack is strong (i.e. foreseeable). Bottom line - They are a sophisticated user, have the bandwidth to really mess with a victim in a DDOS attack and should have known better.

Example 2: Grandma is given a computer by her technology savvy grandson, uses a dial-up account to send email only and inadvertently opens a file containing a Trojan horse DDOS program. Grandma will probably not be held liable because she is a different type of user, her Internet access is sporadic, and the likelihood that her machine would be used for a DDOS attack is small (i.e. not foreseeable).

In sum, the answer to jansson_markus' question depends on the type of user and whether or not that user was under a duty to take "reasonable" steps to protect their system. The type of connection is directly relevant to the potential for damage in a DDOS attack; thus, I would argue users with more bandwidth have a greater responsibility to take "reasonable" precautions against hackers seeking to launch a DDOS attack. As well, the sophistication of the user is also relevant.

Take the following analogy: A Defendant walks onto a preschool playground and leaves an object on a table and then leaves. One of the preschoolers picks up the object and uses it to seriously injure another child. Will the Defendant be liable for the resulting damages? It depends on the object.

If the object was a loaded gun that one of the kids picked up and used to shoot another child - the Defendant will be held liable because it was foreseeable that a child would pick up the gun (thinking it was a toy) and pull the trigger, which would foreseeably injure another child.

If on the other hand, the object was a feather, which was picked up by one of the kids and used in such a manner that the shaft poked another kid in the eye, the Defendant would probably not be held liable. After all, it is highly unlikely that a feather could be used to injure another child, thus, not foreseeable.

So, how does a user prevent being held liable? The simple answer is take “reasonable” precautions. What is “reasonable” depends on the type of user you are and the type of connection you have to the Internet. If you install a firewall, update your software on a regular basis, use strong passwords, don’t run unnecessary services, and use virus-checking software, you definitely have taken reasonable steps to prevent your machine from being hacked and even if your machine is used in a DDOS attack – you should not be liable under any circumstance.

I'll make this as short as I can. http://www.sysopt.com/forum/wink.gif

1) I feel ZERO sympathy for anyone who gets a virus or trojan because they opened an "unknown" email attachment.

2) Ditto for people NOT running current antivirus software.

3) There's NO WAY people with infected machines should be held criminally responsible for hidden trojans running on their machines.

Excuse my poor language...

Hey man, let the viruses flow. I get paid to fix 'em when their broken. It's even kinda funny sometimes.

Friend of mine with basic typing duties saw an email coming at her from 843 computers at the same time from this company's home base in Cleveland. She stood over her bosses shoulder and said you sure you want to open that? I don't think they'd send emails concerning impending nuclear attacks. The guy opens it anyway, it was a 15 mb file and he was on dialup. Boy did I laugh. He waited 1.5 hours to summon Satan all over his hard drive and I came in like a good ***mopper and cleaned it all up.

Who's responsible?

Complaint on language. -Socalgal

[This message has been edited by socalgal (edited 07-29-2001).]

I've been watching this post from the get go and I think there have been some very good points made. I think Cyber Lawyer's recent analogy about the object at a preschool sums up the situation and possible outcomes very well.

One thing I find very annoying(and I am sure others do too) is the number of people who make posts that certian people are stupid or ignorant for stating how they feel about this issue. Whats the point of a forum then?

I find this forum works pretty well for answering questions of a technical nature but when it comes to a debate, the name calling begins early.

I guess my feelings are best sumed up with a little something from the Simpsons.

"Worst Episode Ever."

Nuclear_Confusion:

Agreed:

My references to "exchanges of mutual ignorances" (Rule #2) et al was delivered with cheeky and mischievous intent to hopefully inflame the debate and perhaps attract some replies from people with demonstrated real knowledge of the DoS issue itself rather than any implied penalties or legal action resulting therefrom. Rule #1 still applies, though!

Jannson_Marcus floated the topic to see how it would go, saying "I putted this topic up in the grc.com. Lets see how it will look in here." I didn't want to disappoint him.

Make no mistake: I am in full agreement with Cyber_Lawyer while strongly believing that only the lawyers would win if any case was escalated. If you go to grc.com you will find a side of the story that sounds pretty scary. But, like anything you read, how much can you believe? MS is castigated for leaving XP wide open; if they stitched it up tightly enough they'd no doubt be in deep poo because no-one else could write applications that would run on their OS at all. And if they built in a full-strength firewall no doubt they'd be back in court the next day...the lawyers would love it.

I'd still like to see an independent response from someone who could explain the technical REALITIES rather than the GENERALITIES, perhaps as Cyber_Lawyer has tried to do with the legal position. QED??


Cheers for now...

too funny.
I haven't been able to get past .."Read the manual".

I havent SEEN too many manuals in years. The manual is usually the HELP file, which can only be seen by downloading/installin/executing the product. The manuals you DO see, don't say much about anything related to the post.

Education is the answer..do it for the children...oh wait, that's a different forum...sorry

"And now for something completely different."

"It's...."

Any guesses? (I made it easy!)