Laws against virus writers?
Norman Hirsch
for virus writers. Some countries (France and others I believe) have
laws against virus writers. I'm trying to compile some information
on what laws exist and opinions on what laws should exist to prevent
virus writers from inflicting havoc on the user community.
Any suggestions or thoughts are welcome. Please e-mail to:
vl...@nha.com or leave a message here.
Thanks in advance.
Best regards,
Norman Hirsch
http://www.nha.com
Sharkman
worms, etc. We need some better enforcement, though, IMO. The
problem is in "less developed" countries where tech is seen as
the saviour solution to their economic problems... but they don't
have the social structure to handle it (ie: the laws you are
asking about). In this case in the Phillippines, I understand
they are trying to apply 'misuse of telphone equipment' laws to
'writing worm scripts.'
see end of:
http://news.excite.com/news/ap/000509/13/computer-love-bug
In article <i2mghs4d3sv1db1gi...@4ax.com>, Norman
-- Tom R. Earlywine
Posting e-mail address does not constitute request for Commercial Email.
* Sent from RemarQ http://www.remarq.com The Internet's Discussion Network *
The fastest and easiest way to search and participate in Usenet - Free!
Norman Hirsch
internet? I was under the impression we didn't really have the
laws to cover virus writing.
Best regards,
Norman
Robert Moir
"Norman Hirsch" <NOSPAM...@nha.com> wrote in message
news:htqghs4e5edlp1b88...@4ax.com...
> Thanks for the reply. Any idea where to see those laws via the
> internet? I was under the impression we didn't really have the
> laws to cover virus writing.
I think its against the law in China, isn't it?
As for making writing a virus illegal, I'm not too comfortable with that. It
should certainly be against the law to knowingly distribute, make available
for distribution, or publish them, IMHO, but I don't see why it should be
illegal to quietly sit in the corner of your study and write whatever code
you like, as long as it goes no further.
Also, until the files are distributed somehow, how would you be able to know
the law was being broken. If you can't keep track of whether or not a law is
being broken you can't enforce it. If you can't enforce it, it's not a very
good law.
IMHO we also need a better way of tracking damage done and of making an
assessment of the value of this damage than we currently have. (What is it
now? Read the wild and inaccurate guess on a newspaper front-page and double
it?). Do we count the damage caused by half-witted cleanup operations when
estimating the scope of an offender's crimes? If Spanksa was being tried in
court for unleashing Happy99 on the world, should his sentence be less than
that of the authors of LoveBug as people generally assume Happy99 is "less
harmful" than LoveBug? When summing up how serious a crime writing and
distributing Happy99 was, do we count the costs of companies where doltish
sysadmins decided that what was really needed to get rid of this worm was to
fdisk everyone's computer and rebuild the OS and apps from scratch?
I just think it's a bit of a minefield, and most likely, any laws against
writing viruses we ended up with would be difficult to understand and
unenforceable.
Rob Moir
ham...@cix.compulink.co.uk
>
> I think .US has plenty of laws regarding viruses, trojans,
> worms, etc. We need some better enforcement, though, IMO. The
> problem is in "less developed" countries where tech is seen as
> the saviour solution to their economic problems... but they don't
> have the social structure to handle it (ie: the laws you are
> asking about). In this case in the Phillippines, I understand
> they are trying to apply 'misuse of telphone equipment' laws to
> 'writing worm scripts.'
You don't need a computer virus specific law. In fact it doesn't even
need to be a law relating to computers.
I would imagine most (all?) countries in the world have laws about
criminal damage, right? In other words "It's illegal to go around
breaking someone else's windows without their permission", yes?
So, that's the law you use against people who have set viruses loose into
the wild. The viruses have caused unauthorised damage to other people's
property.
Bingo. Clunk - click. Another virus writer in jail. Ladies and
gentlemen of the jury, I rest my case.
--
Graham Cluley, Head of Corporate Communications, Sophos Anti-Virus
email: gcl...@sophos.com http://www.sophos.com
US Support: +1 888 SOPHOS 9 UK Support: +44 1235 559933
LHigdon
The laws we have here are in conjunction with damage to property.
On Tue, 09 May 2000 15:50:38 -0400, Norman Hirsch
<NOSPAM...@nha.com> wrote:
>Thanks for the reply. Any idea where to see those laws via the
>internet? I was under the impression we didn't really have the
>laws to cover virus writing.
>
>Best regards,
>
>Norman
>
Peace
Lee Higdon
Fayetteville, GA. USA
email to: lthi...@mciworld.com
lhigd...@mindspring.com
Arthur Kopp
>You don't need a computer virus specific law. In fact it doesn't even
>need to be a law relating to computers.
>
>I would imagine most (all?) countries in the world have laws about
>criminal damage, right? In other words "It's illegal to go around
>breaking someone else's windows without their permission", yes?
>
>So, that's the law you use against people who have set viruses loose into
>the wild. The viruses have caused unauthorised damage to other people's
>property.
>
>Bingo. Clunk - click. Another virus writer in jail. Ladies and
>gentlemen of the jury, I rest my case.
Virus writer? Or people who have set viruses loose? Or both? You
shifted from one to the other there.
If we criminalize just those who knowingly and with malicious intent
set malware loose, it seems there are some difficulties with proofs or
evidence and 'beyond resonable doubt' requirements of a system of
justice which protects the innocent as well. I don't know if the
problems involved with tracking them down can be solved well enough.
Now that I've been paying attention to viruses and this newsgroup for
some time, I have no problem with the idea of making the spreading of
malware illegal ... at least in principle. I do have some reservations
or concerns about how practical or realistic it might be.
One approach might be to treat it in a 'Small Claims Court' fashion
(just for the sake of an idea) using skilled judges specially trained
in the subject. Judgements would be left strictly up to these 'tough,
no nonsense' judges who would have the power to slap fines on the
clowns according to their (or their mommy and daddy) ability to pay. I
guess I'm disgusted enough right now to allow myself to imagine a sort
of legalized 'hanging judge' and vigilante approach to play a little
stomp-ass on these jerks for a change.
Seriously though, it obviously wouldn't work unless it was clear to
all that actual justice and fairness was involved, and I'm not sure
that sufficient clear evidence could be mustered to make it actually
work that way in a majority of cases.
Art
Sharkman
I don't think you can prosecute "writing a virus"... i have a
boot disk that reformats hard-drives via batch file. If someone
turns that into a virus somehow, am I liable for contributing to
the writing of a virus? Am I liable for leaving it in a place
where a virus writer can get to it? (silly example, because even
bad virus writers wouldn't need to steal my batch file, but
extend it a bit and you get my point)
found in a Reuters article:
"...U.S. officials have touted the Computer Fraud and Abuse Act
as a model. This U.S. law sets out the crime of knowingly
transmitting a ``program, information,code or command ... that
intentionally causes damage without authorisation to a protected
computer.''"
http://live.altavista.com/scripts/editorial.dll?ei=1780676&ern=y
As all have said, almost all internet 'crimes' are prosecutable
under current laws, anyway - this just makes it more clear, and
definable at the moment search and seizure and arrest warrants
are being issued.
sop...@cix.compulink.co.uk
(Arthur Kopp) wrote:
> On 9 May 2000 20:52:14 GMT, ham...@cix.compulink.co.uk wrote:
>
> >You don't need a computer virus specific law. In fact it doesn't even
> >need to be a law relating to computers.
> >
> >I would imagine most (all?) countries in the world have laws about
> >criminal damage, right? In other words "It's illegal to go around
> >breaking someone else's windows without their permission", yes?
> >
> >So, that's the law you use against people who have set viruses
> >loose into the wild. The viruses have caused unauthorised
> >damage to other people's property.
> >
> >Bingo. Clunk - click. Another virus writer in jail. Ladies
> >and gentlemen of the jury, I rest my case.
>
> Virus writer? Or people who have set viruses loose? Or both?
> You shifted from one to the other there.
Sorry - my sloppy English. I'm talking about people who intentionally
unleash viruses knowing they will cause criminal damage (which all viruses
do under the UK law of unauthorised modification).
In many cases the distributors appear to be the vrius writers.
> If we criminalize just those who knowingly and with
> malicious intent set malware loose, it seems there are some
> difficulties with proofs or evidence and 'beyond resonable
> doubt' requirements of a system of justice which protects the
> innocent as well. I don't know if the problems involved with
> tracking them down can be solved well enough.
Well, that's for the courts. :) I just wanted to explain why you don't
need a computer/virus law to nail a scumbag.
PaX
writers.<<<<<<<<<<<<
Really graham...perhaps you could quote the sources for that...
yes I already counted Rob Morris and Crissy Pile....
Dalt
PaX
gentlemen of the jury, I rest my case.<<<<<<<<<<<<<<
as we both know this is very hard to prove...hence the reason out of the
XXXX known virus writers only onbe is currently facing a jail term..
Regards Dalt
sop...@cix.compulink.co.uk
Well, Raid distributed his virus via his website.
David L Smith distributed Melissa via an AOL account he stole..
PaX
David L Smith distributed Melissa via an AOL account he
stole..<<<<<<<<<<<<<<
Dave Smith admitted to SPREADING melissa however RaiD made some of his work
available for download...theres a difference...in the eyes of the law
anyway..=]
Regards Dalt
sop...@cix.compulink.co.uk
Well, that would be for a court of law to decide after a proper criminal
investigation. Was Raid distributing his viruses by publishing them on a
publicly accessible website or not? The jury would decide I guess.
Plus don't forget that someone using one of Raid's pseudonyms did post one
of Raid's viruses to a newsgroup. (This was after Raid said he would
release one of his viruses into the wild).
Norman Hirsch
should we? Or should we just have laws against distributing
viruses? And then, if that was the case, what about passing them
from colleague to colleague? It's a more complicated issue that
first appears.
Perhaps the only way to make a law would be distributing with intent
to cause harm. Possibly even go so far as to say distribution
without disclaimer as to the potential consequences.
I'm still searching for more feedback as I will probably be a member
of a panel on an upcoming legal-based show on laws against virus
writers. I'm thinking now it should be more oriented: laws against
virus distributors.
Watching for your feedback and thanks in advance.
Best regards,
Norman Hirsch
http://www.nha.com
---------------
On Tue, 09 May 2000 21:26:42 GMT, lthi...@mciworld.com (LHigdon)
wrotc:
Robert Moir
<sop...@cix.compulink.co.uk> wrote in message
news:8fc5lf$53k$1...@plutonium.compulink.co.uk...
[...]
> Well, that would be for a court of law to decide after a proper criminal
> investigation. Was Raid distributing his viruses by publishing them on a
> publicly accessible website or not? The jury would decide I guess.
I personally think thats publishing, and you should take responsibility if
you publish something.
> Plus don't forget that someone using one of Raid's pseudonyms did post one
> of Raid's viruses to a newsgroup. (This was after Raid said he would
> release one of his viruses into the wild).
I also believe, in British law, if you knowingly provide tools to enable
someone else to commit an offence you can be charged with (let me get this
straight now) "Aiding and abetting, counselling and procuring"
Rob Moir
Raid Slam
<mara...@bitey.force9.co.uk> wrote:
>I personally think thats publishing, and you should take
>responsibility if you publish something.
Really? I guess you haven't seen the new to be laws regarding
software. Microsoft and AOL are major proponents of it. It's
essentially like this: "You install our software, You hold us
harmless for ANYTHING it does to you. He He"
>I also believe, in British law, if you knowingly provide tools
>to enable someone else to commit an offence you can be charged
>with (let me get this straight now) "Aiding and abetting,
>counselling and procuring"
I don't live in Britian. My country broke free of her rule many
moons ago. :) I'm not sure my viruses have caused enough
"financial" damage to warrant an extradition either. You could
very well be shit out of luck Rob.
Regards,
Raid [SLAM]
Jeffrey A. Setaro
NOSPAM...@nha.com says...
> If we don't have laws in the US making writing viruses illegal, then
> should we?
Unfortunately under US law writing virus is Constitutionally protected
speech.
In general under US law you can say or write anything so long as it
doesn't:
A) Slander or libel.
B) Advocate the violent overthrow of the government.
C) Interfere with the rights of others.
Simply writing a virus does not violate these conditions.
> Or should we just have laws against distributing
> viruses?
Under US law you'd have to regulate the distribution since the
creation is Constitutionally protected.
> And then, if that was the case, what about passing them
> from colleague to colleague? It's a more complicated issue that
> first appears.
>
Define colleague? If you're talking colleagues actively employed by
legitimate anti-virus research organizations there are a couple of
ways to handle that depending on wording of the statute. Probably the
easiest is to include specific exemptions in the law that would exempt
persons from prosecution certain circumstances. For example:
A) Persons actively employed by anti-virus research organizations who
as part of their employment exchange sample with other researchers via
secure means.
B) Private individuals submitting samples of new unrecognized
malicious software to anti-virus research organizations for analysis.
> Perhaps the only way to make a law would be distributing with intent
> to cause harm.
Correct... It isn't a difficult a law to right either. In fact
something along the lines of... "A person knowingly distributes
malicious computer codes with the intent of causing damage". Should
cover the basics of the offense. There are of course our additional
components of the legislation that would include definitions
"malicious computer codes", exemptions, affirmative defenses,
sentencing, etc.
> Possibly even go so far as to say distribution
> without disclaimer as to the potential consequences.
>
Not necessary... At least in the example given above.
> I'm still searching for more feedback as I will probably be a member
> of a panel on an upcoming legal-based show on laws against virus
> writers.
Lucky you... :-) One thing to keep in mind... The law and common sense
have, very likely, never met.
> I'm thinking now it should be more oriented: laws against
> virus distributors.
>
Actually laws against the intentional distribution of malicious
software would probably be more appropriate.
> Watching for your feedback and thanks in advance.
>
Your welcome.
--
Cheers-
Jeff Setaro
jase...@sprynet.com
http://home.sprynet.com/~jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99
Raid Slam
Hirsch <NOSPAM...@nha.com> wrote:
>If we don't have laws in the US making writing viruses illegal,
>then should we? Or should we just have laws against distributing
>viruses?
I have a problem with this. How can we decide a certain type of
computer program (that's what a virus is...) is illegal to write
on your own machine? Does the government own your PC, or do you?
Now I know this seems a hellacious attitude to take, But c'mon..
Do you want somebody telling you what your allowed to write on a
machine you bought (and/or built) with your own money? Cars
wouldn't be an appropriate comparison because they can and do
kill people due to carelessness and ignorant/incompetent drivers.
> And then, if that was the case, what about passing
>them from colleague to colleague? It's a more complicated
>issue that first appears.
Well, this is another problem for me. If your going to tell me
I'm not allowed to trade a virus with a friend for a virus I
don't have for my collection, but at the same time if I were a
"antivirus business" I could do this, I'd accuse you of a red
herring, and proceed to trade anyway. You can't have your cake
and eat it too. These are serious issues the public needs to
think about before making rash decisions.
And when it comes to the public, Most virus infections can be
prevented with a bit of common sense. You cannot teach those who
are unwilling to learn. Why make more laws to defend the idiots?
>to cause harm. Possibly even go so far as to say distribution
>without disclaimer as to the potential consequences.
Every virus ever written by me came with full documentation AND a
disclaimer. the docs explained EXACTLY what you had inside that
exe file included in the .zip. I'd be happy to forward you
samples if you'd like.
>I'm still searching for more feedback as I will probably be a
>member of a panel on an upcoming legal-based show on laws
>against virus writers.
I've been waiting a long time for a television talkshow
concerning computer issues from the underground aspect. I even
sent an email to sally once (Not that I'm a fan, I was out sick
that day, and she forked her email address on the bottom of the
screen.) It was her month off for summer vacation, so I never got
a response concerning the email. Shrug.
Regards,
Raid [SLAM]
raid...@die.spammer@yahoo.com
[All unsolicited emails sent to this address constitutes your
permission to use your/providers system for any purpose I deem
fit. Including but not limited to Eggdrops, and fulltime XDCC
servers. If you don't want your system 0wned, Don't email me.]
Robert Moir
"Raid Slam" <soho20N...@hotmail.com.invalid> wrote in message
news:1cd8e203...@usw-ex0106-045.remarq.com...
> In article <KciS4.1242$16.45411@wards>, "Robert Moir"
> <mara...@bitey.force9.co.uk> wrote:
>
> >I personally think thats publishing, and you should take
> >responsibility if you publish something.
>
> Really? I guess you haven't seen the new to be laws regarding
> software. Microsoft and AOL are major proponents of it. It's
> essentially like this: "You install our software, You hold us
> harmless for ANYTHING it does to you. He He"
Yeah and thats a crock, too. Plain proof the computer industry is nothing
like close to becoming a "mature" industry. I think you and me went through
the "putting it on a website is distribution" dance before and we'll just
have to agree to disagree eh?
> >I also believe, in British law, if you knowingly provide tools
> >to enable someone else to commit an offence you can be charged
> >with (let me get this straight now) "Aiding and abetting,
> >counselling and procuring"
>
> I don't live in Britian. My country broke free of her rule many
> moons ago. :) I'm not sure my viruses have caused enough
> "financial" damage to warrant an extradition either. You could
> very well be shit out of luck Rob.
You assume I give a damn. I don't think the law is a perfect answer, I do
think there does need to be legal remedy, or more precedents for applying
existing law to this sort of thing, but as it is very difficult to enforce
right now it does seem a little hollow. As I've said in another post on this
thread, a law without the teeth to enforce it is just a bunch of words. And
how do you make a fair, impartial and even remotely accurate assesment of
damages. Your accountants or mine? Or do we just do what everyone else does
and add our phone numbers together, multiply by our IP addresses , round it
up and call that the figure for damages?
And I do think the current trend in law enforcement of only going over
people whose viruses get a mention on the front page of the newspapers is a
little lame, to say the very least.
Rob
Patricia A. Shaffer
<t.earlywi...@giantsfan.com.invalid> wrote:
>doh, i was talking about damage, not writing.
>
>I don't think you can prosecute "writing a virus"... i have a
>boot disk that reformats hard-drives via batch file. If someone
>turns that into a virus somehow, am I liable for contributing to
>the writing of a virus? Am I liable for leaving it in a place
>where a virus writer can get to it? (silly example, because even
>bad virus writers wouldn't need to steal my batch file, but
>extend it a bit and you get my point)
>
>found in a Reuters article:
>
>"...U.S. officials have touted the Computer Fraud and Abuse Act
>as a model. This U.S. law sets out the crime of knowingly
>transmitting a ``program, information,code or command ... that
>intentionally causes damage without authorisation to a protected
>computer.''"
>
>http://live.altavista.com/scripts/editorial.dll?ei=1780676&ern=y
That cite is from the Computer Fraud and Abuse Act as amended October
11, 1996: 18USC (goofy sign that signifies section) 1030 a 5 A
See it here: <http://www.usdoj.gov/criminal/cybercrime/1030_new.html>
I can't find my bookmark for the whole durned thing, but the definition
of "protected" was originally meant to define government computers
(which we all know are not immune to viruses). However, IIRC, part of
the definition for "protected" includes any computer used in
international business transactions ... which transactions, nowadays,
could easily be done from any computer.
I think there is also something about computer tresspass, perhaps in the
TCPA, but I haven't time to search it now. Computer tresspass is
defined in the Virginia State code:
<http://leg1.state.va.us/cgi-bin/legp504.exe?991+ful+CHAP0904>
--
Patricia
Proud Citizen of the Commonwealth of Virginia
"Anti-spammers are the immune system of the Internet." (CDR M. Dobson)
"The spam wars are about rendering email useless for unsolicited
advertising before unsolicited advertising renders email useless
for communication."(Walter Dnes/Jeff Wynn) Opt-out is cop-out! <http://www.cauce.org>
LHigdon
On Wed, 10 May 2000 15:01:03 -0400, Jeffrey A. Setaro
<jase...@sprynet.com> wrote:
>
>Unfortunately under US law writing virus is Constitutionally protected
>speech.
>
I think it's quite fortunate that we limit the legal prohibitions of
what one writes/authors to the kinds of examples you give later.
>
>
>Correct... It isn't a difficult a law to right either. In fact
>something along the lines of... "A person knowingly distributes
>malicious computer codes with the intent of causing damage". Should
>cover the basics of the offense. There are of course our additional
>components of the legislation that would include definitions
>"malicious computer codes", exemptions, affirmative defenses,
>sentencing, etc.
>
While it may be easy to write, trying to prove what's in ones head
certainly isn't easy. It's also dangerous, IMHO. Libertarian
principles and all that.
The laws that deal with damage to property are far more easier to
apply and prove. They don't require the ability of one to infer what's
in anothers mind. Same problem as with hate crimes.
>
>Lucky you... :-) One thing to keep in mind... The law and common sense
>have, very likely, never met.
Well, I couldn't agree more.
Jeffrey A. Setaro
says...
> Don't take any of my comments personally; they are not meant to be:
>
Ehh? I don't see anything to take personally.
>
> On Wed, 10 May 2000 15:01:03 -0400, Jeffrey A. Setaro
> <jase...@sprynet.com> wrote:
>
>
> >
> >Unfortunately under US law writing virus is Constitutionally protected
> >speech.
> >
> I think it's quite fortunate that we limit the legal prohibitions of
> what one writes/authors to the kinds of examples you give later.
>
Couldn't agree more...
>
> >
> >Correct... It isn't a difficult a law to right either. In fact
> >something along the lines of... "A person knowingly distributes
> >malicious computer codes with the intent of causing damage". Should
> >cover the basics of the offense. There are of course our additional
> >components of the legislation that would include definitions
> >"malicious computer codes", exemptions, affirmative defenses,
> >sentencing, etc.
> >
> While it may be easy to write, trying to prove what's in ones head
> certainly isn't easy.
True... But we do all the time in capitol cases. Generally speaking
the only difference between Murder & Manslaughter is what's in the
suspects mind... Did he intend to kill the victim or only injure him?
> It's also dangerous, IMHO. Libertarian
> principles and all that.
>
True... Unfortunately a good many basic Libertarian and/or
Constitutional principles have been trampled upon in the name of law &
order.
> The laws that deal with damage to property are far more easier to
> apply and prove.
Agreed.
> They don't require the ability of one to infer what's
> in anothers mind.
I don't know that it's all that difficult to prove intent... Did the
suspect have a reasonable expectation that his actions would cause
harm to others? If the answer is yes then we've established he acted
with a "guilty mind"... Which establishes intent.
[Snip]
Nemo Shadows
>>
>> >You don't need a computer virus specific law. In fact it doesn't even
>> >need to be a law relating to computers.
>> >
No law has ever stopped those truly bent on destruction no matter what
the scenereo, guns, cars, drugs, viruses ,hammer , chisel , icepick.
the mis-use of any tool can be very destructive.
Just an opinion of many I'm sure....
Nemo Shadows
1982
You cannot save someone from themselves
All You can do is try and protect yourself
from their insanity....
Osmo Ronkanen
<ham...@cix.compulink.co.uk> wrote:
>
>You don't need a computer virus specific law. In fact it doesn't even
>need to be a law relating to computers.
>
>criminal damage, right? In other words "It's illegal to go around
>breaking someone else's windows without their permission", yes?
There are problems in interpreting them in case of viruses. In general
the doubt should always go to the defendant so if there is doubt on the
issue whether the law can be used the n the court will acquit.
I see no reason why one should not make specific laws against viruses.
IMO that is the best way. There often are laws that are specific to
certain culture or technology. we here used to have a law against
dueling as chapter 23 of our criminal code. We do not have it anymore.
Instead the chapter 23 is for drunk driving.
There is a huge difference in breaking windows and releasing a virus that
cause damage on other side of the globe, possibly years after the
release.
>So, that's the law you use against people who have set viruses loose into
>the wild. The viruses have caused unauthorised damage to other people's
>property.
>
>Bingo. Clunk - click. Another virus writer in jail. Ladies and
>gentlemen of the jury, I rest my case.
Maybe that works in jury trials. Here the courts have to explain what
laws were broken and how.
Osmo
sop...@cix.compulink.co.uk
soho20N...@hotmail.com.invalid (Raid Slam) wrote:
> In article <lm6jhs8u93i0tmeuo...@4ax.com>, Norman
> Hirsch <NOSPAM...@nha.com> wrote:
>
> >If we don't have laws in the US making writing viruses
> >illegal, then should we? Or should we just have laws
> >against distributing viruses?
>
> I have a problem with this. How can we decide a certain
> type of computer program (that's what a virus is...) is
> illegal to write on your own machine? Does the government
> own your PC, or do you?
I agree with Raid.
I don't think writing viruses should be illegal. Unauthorised damage and
access with viruses should be illegal. Inciting others to make
unauthorised damage and access with viruses should be illegal.
Patricia A. Shaffer
<soho20N...@hotmail.com.invalid> wrote:
>And when it comes to the public, Most virus infections can be
>prevented with a bit of common sense. You cannot teach those who
>are unwilling to learn. Why make more laws to defend the idiots?
Because the idiots put the rest of us at risk! How many servers got
shut down because of idiots, leaving the non-idiots without services?
Until we have laws to protect the idiots, or restirict computer access
to the enlightened folk, the idiots will contuinue to do idiotic things
which detract from the viability of the Internet.
Raid Slam
<mara...@bitey.force9.co.uk> wrote:
>Yeah and thats a crock, too. Plain proof the computer industry
>is nothing like close to becoming a "mature" industry.
I agree. the computer industry isn't mature by a long shot, But
the bill I was talking about is very real. Before telling me it's
a crock of shit, I'd suggest you look into it for yourself. I
suspect you will not be impressed with what you find. (That is,
if you believe the author of a program should be atleast held
somewhat accountable for it's actions on your machine)
>I think you and me went through the "putting it on a website is
>distribution" dance before and we'll just have to agree to
>disagree eh?
While you can word and/or phrase it as "Distribution" it still
requires the recievers permission to "distribute" anything to
him/her. A website won't auto-send you anything, you still have
to go clickie clickie. That gives your consent. And even if it
didn't, Web browsers will ask you what you would like to do with
the file. Saving it to disk ensures your not going to be nailing
me with a lawsuit if something goes wrong. (Not only did you
agree to the download, you accepted it and told it where you
wanted it to go. If that wasn't enough, you'd still have to unzip
the file, and hopefully read the documentation before running the
exe.
>You assume I give a damn. I don't think the law is a perfect
>answer, I do think there does need to be legal remedy, or more
>precedents for applying existing law to this sort of thing, but
>as it is very difficult to enforce right now it does seem a
>little hollow.
I make no assumptions about you or your intentions. I don't care
enough about the matter to really make an issue of it.
>And I do think the current trend in law enforcement of only
>going over people whose viruses get a mention on the front page
>of the newspapers is a little lame, to say the very least.
Eek! On this we agree. As for the accountants, I'd say it's very
hard to say for sure what did what and who owes who how much
money.
We must also consider the fact that user error still eats more
valuable data then any virus has so far. And this trend isn't
likely to go away.
Regards,
Raid [SLAM]
PaX
viruses,
hate literature, deceptive advertising, or software that's faulty when used
as intended -- to cite a few examples.<<<<<<<<<<<<<
Unfortunatly thats totally unworkable..
Hate literature is still classed as free speech...
Deceptive advertising is also known as "Creativity"..=]
Faulty software...bwhahahahah right oh tell Uncle Bill about that one first
More seriously...
In the UK there are Laws against "Criminal Damage" as Graham pointed
out..However this is covered by the Offences against the person act of 1968
ammended 1988,90,96 and 99.
The onus of proof is on the crown to show that the individual understood his
actions to be likely to cause harm to property or acted with will full
recklessness as to endanger the property of any third party.
Bottom line of this is..
I drop my football and it bounces into your car...By accident of course..It
causes a pannel to be dented.The CPS (Crown Prosecution Service) arent gonna
touch that with a very long pole.The onus is on them to prove that I did it
with "Aforethought" and "Criminal intent"
Ok so now I kick the ball towards the car to try to dent it..Well thats a
little easier to proove..
I saw the car..I kicked the ball without regard for the damage it may
cause..Car got dented..
Open and shut case???
What if im blind...you try to bust me for it Im gonna start screaming
"Descrimination"...
See what Im getting at..."Criminal Damage " is not an easy charge to make
stick particularly in the case of viruses..
As soon as the author states "I only gave out a small number of examples to
show people what is possible" or "It was an experiment on my own PC and
another individual missused my code".....then the stakes get a little
higher...CPS in general dont go for cases they have a less than 80% chance
of getting a result..or they would be forever in the courts spending public
money.The penalties for criminal damage are not that high either...typically
a fine and a small jail term..up to around 12 months..
Im happy to post all the current laws covering virus writing if anybody
wants to see them...
Dalt...
kurt wismer
> In article <8fc1ok$a6k$1...@gxsn.com>, P...@Ultimatechaos.org.uk (PaX) wrote:
>
> > >>>>>In many cases the distributors appear to be the vrius
> > writers.<<<<<<<<<<<<
> >
> > Really graham...perhaps you could quote the sources for that...
> > yes I already counted Rob Morris and Crissy Pile....
>
> Well, Raid distributed his virus via his website.
>
> David L Smith distributed Melissa via an AOL account he stole..
does sophos teach sophistry? raid distributed viruses, but dlsmith
*spread* viruses...
--
"i'm gonna break,
i'm gonna break my,
i'm gonna break my rusty cage,
and run"
PaX
*spread* viruses...<<<<<<<<<<<<<<<
There is a huge difference Kurt...
RaiD makes his work available for investigation and learning
purposes..IE:For download subject to the usual disclaimer..
Dave Smith Uploaded his work in the guise of porn passwords and it was not
labeled as a virus...
one way you know what your getting the other you dont...
regards Dalt
PaX
prosecuted. It is
action without regard to safety since, obviously, they have no way of
knowing what
possible dangers they may present.<<<<<<<<<<<<<<<<<<
That is an opinion but a blind person has a right to play football if they
wish....
>>>>Of course it can still be a matter of civil law.<<<<<<<<<<<
you cannot be sentanced to a jail term in the UK for a breach of Civil law..
>>>Wouldn't a blind hunter be criminally negligent if they shot another
person?<<<<<<<<<<<
section 5 and 2 and 1 of the 1968 firearms act speciffically prohibit a
blind person from owning a firearm.as does the 1988 and 1999 amendments..
Blind people cannot see targets...
Dalt
Robert Moir
"Raid Slam" <soho20N...@hotmail.com.invalid> wrote in message
[snip]
> Saving it to disk ensures your not going to be nailing
> me with a lawsuit if something goes wrong. (Not only did you
> agree to the download, you accepted it and told it where you
> wanted it to go. If that wasn't enough, you'd still have to unzip
> the file, and hopefully read the documentation before running the
> exe.
Yes.. I thought we'd danced that dance before. Like I said, we'll have to
agree to disagree.
[...]
> >And I do think the current trend in law enforcement of only
> >going over people whose viruses get a mention on the front page
> >of the newspapers is a little lame, to say the very least.
>
> [...] As for the accountants, I'd say it's very
> hard to say for sure what did what and who owes who how much
> money.
Thats my point!
> We must also consider the fact that user error still eats more
> valuable data then any virus has so far. And this trend isn't
> likely to go away.
I don't think that one will play very well to the peanut gallery. And while
you are correct, it's not an excuse for to distribute malicious code.
In the case of accidental abuse and of users running any old crap people
send them, we are back to the case of people needing more training before
being let lose with a computer. Thats gonna require a big change in the way
a lot of companies think.
- rob
kurt wismer
> >>>>does sophos teach sophistry? raid distributed viruses, but dlsmith
> *spread* viruses...<<<<<<<<<<<<<<<
>
> There is a huge difference Kurt...
i know, that's why i used very different words... and why i suggested that
grahams use of the same word for both was sophistry...
> RaiD makes his work available for investigation and learning
> purposes..IE:For download subject to the usual disclaimer..
of course he has also posted source code in usenet...
> Dave Smith Uploaded his work in the guise of porn passwords and it was not
> labeled as a virus...
which is malicious spreading...
> one way you know what your getting the other you dont...
i know... actually, though, i did make a mistake in the previous
message... i shouldn't have used the plural form, i only know of one virus
dlsmith spread...
Bart Bailey
> There must never be laws against writing anything. Such laws would serve as
> a basis for invading sanctuaries -- your home, for example -- to check
> what's been expressed in private.
>
> But there must be laws holding the initiators of harmful distributions
> responsible for their actions. Whether the distribution has been deliberate
> or unintended should affect only the extent of the punishment, not the
> finding of guilt.
>
> That principle should apply equally to the originators of computer viruses,
> hate literature, deceptive advertising, or software that's faulty when used
> as intended -- to cite a few examples.
This is one of the most fair, mature, rational, and responsible attitudes I've
seen on Usenet in quite awhile.
LHigdon
private property, are the most effective way of dealing with the
"virus" issue. Distributing code that damages property is and should
be a crime. Distribution, per se, of any code should not be a crime.
We have enough "victimless" crimes to deal with, without making life
more complex by adding more.
On Thu, 11 May 2000 13:25:14 -0400, ne...@doer.com (Paul Doering)
wrote:
>
>For the purposes of this thread, I maintain that virus writers should be
>free to write, while virus distributors should be crushed. In your example
>of the writer whose trusted friend initiates the distribution, I'd
>exonerate the writer and punish the distributor. This aligns with the
>prinicple of proximate cause: convict the one closest to the triggering of
>damage.
Norman Hirsch
wrote:
>
>Im happy to post all the current laws covering virus writing if anybody
>wants to see them...
>
>Dalt...
>
I would be happy to make you happy in that case! please post or send
e-mail (or both).
thanks.
Best regads,
Norman Hirsch
http://www.nha.com
Norman Hirsch
wrote:
I'm also very gratified by the responses in this thread. We seem to
all be somewhat in agreement on some of the following yet some
questions remain.
A. writing viruses should not be a criminal act in itself
B. distributing viruses with intent to harm probably should be a
criminal act. (albiet hard to prove and tough to enforce--but then
many other laws are tough to enforce). If someone is harmed, then
the distributor should be additionally accountable for damages.
C. "distributing viruses" is a tough call because the user usually
has to take action on their own to allow and effect the virus on to
their machine(s) HOWEVER if you open the door to let someone in your
house and they commit an act against you, it's clear that they are
legally accountable for their actions even though you opened the door
and asked them to come in and maybe even directed them into a specific
room. So in that light, IMO, while you can blame the user for
stupidity, the distributor of the virus should not be immune from
legal consequences on that basis alone. There are various situations
that fall under this category:
Is putting viruses on a website with full information and warning an
illegal act? (IMO probably not illegal nor should the site be
accountable for damages as long as we have freedom of information)
What about putting viruses on a website with no warning or disclaimer?
(maybe not illegal, but maybe accountable for damages in a civil
action nevertheless)
What about putting "files" up which are said to be different (say a
game) than what they are (a virus). In this last case, the site is
lying and false advertising and enticing the user into downloading a
damaging file. (IMO, this action should be illegal and accountable
for criminal and civil damages. Even a disclaimer would be invalid
because of the falsified intent of the program.)
D. laws specifically against virus distribution are probably
unnecessary because more general laws can be written to cover viruses,
trojans, worms, password stealing, or other damaging actions by
software programs and perhaps they are already in effect?
E. damages are tough to assess accurately (but then that is sometimes
true in other legal situations). civil damages may be imposed even
if criminal actions are not proved. (the OJ case for example)
F. it's best if virus writers would put the source code, some warning
and disclaimer on their work. If they do, then IMO, they cannot be
held accountable for damages nor should it be illegal even if they
provide a distribution site for their work because of freedom of
information and expression.
If writers don't put clear warning and disclaimer, we can imply they
are not providing sufficient warning (such as on cigarette labels) and
that they are willing to allow distribution of their viruses and we
can say they are bad people. IMO they are not criminals unless laws
are made requiring such disclaimer/warnings nor can we argue strongly
for civil damages to the writer.
If the virus, however is put on a distribution site, the distribution
site should be accountable for damages and thus distributions sites
must be very careful. What about if the distribution sites allow
uploads and subsequent downloads without examination, then should the
uploader be in effect the distributor? IMO, I think so because we
want freedom of the internet but we want protection in some way even
if not wanting too many laws.
G. When there is a lot of publicity, human nature will cause new and
creative actions to be taken regardless of any clear law because of
the public interest/pressure. Elian Gonzalez and the Love Bug are
recent examples of this. Because you cannot enforce all violations
in the same way, does this mean that laws should not be written to
cover such situations where human nature deems such action necessary?
Should laws only be written if they can and will enfore the laws
equally. IMO, while it is impossible to enforce in total, there
should be laws so when these things happen, we can punish the
perpetrators and the laws will hopefully be a deterrent to such
actions.
I hope we can keep this tread open for a few more days and maybe flush
out other issues and hopefully get some concurrence on some of the
above suggestions for agreement at least in this newsgroup.
sop...@cix.compulink.co.uk
soho20N...@hotmail.com.invalid (Raid Slam) wrote:
> I don't live in Britian. My country broke free of her
> rule many moons ago. :) I'm not sure my viruses have
> caused enough "financial" damage to warrant an extradition
> either.
Have you taken legal advice on this? What about the
multi-national organisation in Austria that got hit by one of your
viruses?
Raid Slam
sop...@cix.compulink.co.uk wrote:
>Have you taken legal advice on this? What about the
>multi-national organisation in Austria that got hit by one of
>your viruses?
Graham...
As you well know (yet didn't mention) that virus was first found
on my website. Anybody could have downloaded it, ignored the
disclaimer and the usage "rules" and decided to spread it. I'm
quiet annoyed at your innuendo suggestions as to myself spreading
them. If the legal system in this country or in Austria's thought
I had spread it, I'm sure by now based on your press release and
the money lost due to Toadie, I'd be in some jail cell right now.
But the fact of the matter is, Writing Toadie wasn't illegal,
putting it on MY website clearly labeling it as a virus wasn't
illegal. Now piss off Toadie.
sop...@cix.compulink.co.uk
soho20N...@hotmail.com.invalid (Raid Slam) wrote:
> I'm quiet annoyed at your innuendo suggestions as to
> myself spreading them.
Well, in the case of Irok you said you would spread it in the wild.. and
then - lo and behold! - "someone" using one of your pseudonyms did indeed
spread it.
Don't you think you should do something to stop this kind of thing
happening again?
ANAkTOS
NOSPAM...@nha.com wrote:
> The Love Bug virus has brought new focus on the laws or lack of laws
> for virus writers. Some countries (France and others I believe) have
> laws against virus writers. I'm trying to compile some information
> on what laws exist and opinions on what laws should exist to prevent
> virus writers from inflicting havoc on the user community.
> Norman Hirsch
As about france, I think there are some law set by the European
commision.
Those laws are active for all members.
-------------------------------------
ANAkTOS
http://www.coderz.net/anaktos/
Sent via Deja.com http://www.deja.com/
Before you buy.
Raid Slam
sop...@cix.compulink.co.uk wrote:
>Well, in the case of Irok you said you would spread it in the
>wild.. and then - lo and behold! - "someone" using one of your
>pseudonyms did indeed spread it.
And again you left out the response you recieved last time. I had
said I was going to spread it, but that I had essentially changed
my mind. It's these little insigificant details which you seem to
have such trouble with Graham.
>Don't you think you should do something to stop this kind of
>thing happening again?
You don't live close enough for me to pay you a visit, So there
isn't much I can do to you... Right now...
Raid Slam
<mara...@bitey.force9.co.uk> wrote:
>Yes.. I thought we'd danced that dance before. Like I said,
>we'll have to agree to disagree.
What dance Rob? My point's quiet valid. Let's try to show this in
another way then. Say your going to download an antivirus
program. Is the website then, spreading the antivirus program to
you? If not, why not? Whats the difference between it and my
site? They both require your consent. Is the light coming on yet?
>I don't think that one will play very well to the peanut
>gallery. And while you are correct, it's not an excuse for to
>distribute malicious code.
The code is only malicious if used improperly. format.com is
malicious if you don't use it properly. Not everyone finds
viruses to be malicious. Some people earn a rather nice living
off of their existance, I don't see too many of them complaining.
(Or when they do, it's for free publicity).
And Rob, ever stop to think why it's called the peanut gallery?
>In the case of accidental abuse and of users running any old
>crap people send them, we are back to the case of people needing
>more training before being let lose with a computer. Thats gonna
>require a big change in the way a lot of companies think.
Change is good. People are slow to accept change. That is bad.
Eventually, the virus situation will force them to become
educated, or unemployed. Their is only so much "hand holding" you
can do. It's a sink or swim world, not "foul foul foul!"
PaX
unnecessary because more general laws can be written to cover viruses,
trojans, worms, password stealing, or other damaging actions by
software programs and perhaps they are already in effect?
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Yup,there are already the laws to cover it,just not speciffic to viruses..
>>>>>>F. it's best if virus writers would put the source code, some warning
and disclaimer on their work. If they do, then IMO, they cannot be
held accountable for damages nor should it be illegal even if they
provide a distribution site for their work because of freedom of
information and expression. <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Just about EVERY original Virus Binary post I have seen from my friends has
a disclaimer and or information that using the enclosed files may proove
harmful to computers.
VXers in general arent out to infect the planet or cause wanton damage.
>>>>>If writers don't put clear warning and disclaimer, we can imply they
are not providing sufficient warning (such as on cigarette labels) and
that they are willing to allow distribution of their viruses and we
can say they are bad people. IMO they are not criminals unless laws
are made requiring such disclaimer/warnings nor can we argue strongly
for civil damages to the writer.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<,
from a "mainstream" Vxer I have never seenm this occour iin files that the
public have access to.
>>>>>If the virus, however is put on a distribution site, the distribution
site should be accountable for damages and thus distributions sites
must be very careful. What about if the distribution sites allow
uploads and subsequent downloads without examination, then should the
uploader be in effect the distributor? IMO, I think so because we
want freedom of the internet but we want protection in some way even
if not wanting too many laws.<<<<<<<<<<<<<<<<<,
Humm awkward one....Demon a UK provider recently fell foul of the law
regarding "Deffamation of character" as comments posted on a demon hosted
page were slanderous to a doctor..
I understand they settled out of court for a large sum.
I think this also is one of the reasons Evul/John will not host binaries..(I
cant tell you how he thinks im not him)
>>>>I hope we can keep this tread open for a few more days and maybe flush
out other issues and hopefully get some concurrence on some of the
above suggestions for agreement at least in this newsgroup.<<<<<<<<<<<<
I hope so too its nice to have dialogue without ad homien attacks by either
side..
best wishes Dalt
PaX
multi-national organisation in Austria that got hit by one of your
viruses?<<<<<<<<<<<<<
Maybe RaiD hasnt Graham but I have....
"its not in the national interest to extradite a citizen for providing an
item that another user has abused" ....
same way as Smith and Wesson cannot be held accountable for a person being
shot with one of their handguns..
(yup its been tried and the US supreme court threw it out)
regards Dalt
Frederic Bonroy
> And again you left out the response you recieved last time. I had
> said I was going to spread it, but that I had essentially changed
> my mind. It's these little insigificant details which you seem to
> have such trouble with Graham.
>
> >Don't you think you should do something to stop this kind of
> >thing happening again?
>
> You don't live close enough for me to pay you a visit, So there
> isn't much I can do to you... Right now...
Blah blah blah.
Why don't you simply answer his questions.
1. Who spread Irok under your pseudonym?
2. What are you going to do to avoid this in the future?
You have been asked these questions so often and you have yet to
provide concrete responses. You are just quibbling here, as usual.
Threaten me as well if that makes you feel better but answer
the questions!
sop...@cix.compulink.co.uk
(Frederic Bonroy) wrote:
> Blah blah blah.
>
> Why don't you simply answer his questions.
>
> 1. Who spread Irok under your pseudonym?
>
> 2. What are you going to do to avoid this in the future?
And why (although Raid claims to have communicated with the person
who spread his virus) didn't Raid notice that said person was using
one of Raid's pseudonyms? You would have thought Raid would have
noticed.
As it was we had to point it out to him.
sop...@cix.compulink.co.uk
> > Have you taken legal advice on this? What about the
> > multi-national organisation in Austria that got hit by
> > one of your viruses?
>
> Maybe RaiD hasnt Graham but I have....
>
> "its not in the national interest to extradite a citizen
> for providing an item that another user has abused" ....
The organisation is multi-national. I happen to know for a fact that they
have offices in the USA too. In fact that may be their head office. I
don't know if their US branch got infected too, but it might not matter.
And we know someone was distributing Raid's viruses by posting infected
files (which did not declare that they were infected) to the net. I don't
know if the person who did this used one of Raid's pseudonyms when they
did this, like they did with Irok.
sop...@cix.compulink.co.uk
soho20N...@hotmail.com.invalid (Raid Slam) wrote:
> In article <8fgucd$9ci$1...@plutonium.compulink.co.uk>,
> sop...@cix.compulink.co.uk wrote:
>
> >Well, in the case of Irok you said you would spread it in the
> >wild.. and then - lo and behold! - "someone" using one of your
> >pseudonyms did indeed spread it.
>
> And again you left out the response you recieved last time. I had
> said I was going to spread it, but that I had essentially changed
> my mind. It's these little insigificant details which you seem to
> have such trouble with Graham.
>
> >Don't you think you should do something to stop this kind of
> >thing happening again?
>
> You don't live close enough for me to pay you a visit, So there
> isn't much I can do to you... Right now...
You shouldn't be worried about me. You should be worried about the person
who is trying to frame you by using your pseudonyms when posting your
viruses! Don't you see the legal trouble he's trying to get you in?
sop...@cix.compulink.co.uk
> Blah blah blah.
>
> Why don't you simply answer his questions.
>
> 1. Who spread Irok under your pseudonym?
> 2. What are you going to do to avoid this in the future?
My advice to Raid would be to go to the FBI and report that someone is
trying to frame him for computer-related crimes. The FBI should take a
case like this seriously (particularly in the current climate).
Raid will be able to give them useful information about who he has given
his viruses to, which may be a good lead to start off with.. Raid says
he's taken expert legal advice on his activities, so he won't have
anything to worry about regarding the FBI.
It's the guy impersonating Raid/John H Grahms/Dustin Cook/Casio who should
be worried.
kurt wismer
> On 10 May 2000 08:27:52 GMT, sop...@cix.compulink.co.uk wrote:
>
> >>
> >> >You don't need a computer virus specific law. In fact it doesn't even
> >> >need to be a law relating to computers.
> >> >
> No law has ever stopped those truly bent on destruction no matter what
> the scenereo, guns, cars, drugs, viruses ,hammer , chisel , icepick.
certainly true, but i'd wager there are more in-between people than there
are those who are truely bent on destruction...
Robert Moir
"Raid Slam" <soho20N...@hotmail.com.invalid> wrote in message
> In article <d5FS4.1476$16.51525@wards>, "Robert Moir"
> <mara...@bitey.force9.co.uk> wrote:
>
> >Yes.. I thought we'd danced that dance before. Like I said,
> >we'll have to agree to disagree.
>
> What dance Rob?
A rather "English" turn of phrase, sorry. It means that you and I have
already discussed that issue before.
> My point's quiet valid. Let's try to show this in
> another way then. Say your going to download an antivirus
> program. Is the website then, spreading the antivirus program to
> you? If not, why not? Whats the difference between it and my
> site? They both require your consent. Is the light coming on yet?
We've talked this out before. I see things differently from you here. I
think you are publishing this content and should therefore have at least a
moral responsibility for what happens to it. I respect your free speech
right to write what you like, just as I can write defamatory stories about
anyone I wish in the privacy of my own home but if I publish those words I
better be prepared to defend myself from any libel claims, and I think that
by publishing your viruses in an "uncontrolled" manner you are being
culpably negligent with regard to preventing their spread. I also think you
could take far better precautions to restrict the *uncontrolled* spread of
your viruses by others, and to enable the source of an outbreak to be
traced.
But you have a different opinion. Thats fine. Usenet would be much less fun
if we all agreed.
> The code is only malicious if used improperly. format.com is
> malicious if you don't use it properly. Not everyone finds
> viruses to be malicious. Some people earn a rather nice living
> off of their existance, I don't see too many of them complaining.
> (Or when they do, it's for free publicity).
Agreed. Of course, if you don't like it you could stop publishing your
viruses, in order to prevent the chance that some person of lower morals
than yourself would grab them and release them ITW and push the share price
of these companies up.
> And Rob, ever stop to think why it's called the peanut gallery?
Considering I introduced that derogatory term, and I was thinking of the
people who have never set foot in ACV before and steam in everytime
something like ILU happens and demand the immediate castration and hanging
of all virus writes, etc, I hope you can guess my opinion of such people.
Rob
Nemo Shadows
wrote:
[SNIP]
>
>certainly true, but i'd wager there are more in-between people than there
>are those who are truely bent on destruction...
>
True true but that's where integrity is suppose to come, you know
autonomy, self governing..
it is only by our individual actions that we are truly free, how we
conduct ourselves.
Just one opinion of many I'm sure...
Nemo Shadows
1982
You cannot save someone from themselves
All You can do is try and protect yourself
from their insanity....
Nemo Shadows
<ios...@voyager.net> wrote:
>
>As most Americans, not to mention Smith & Wesson, are aware, the government will
>keep trying to find ways around such obstacles.
It's not Americans that are the problem, but all those lunes that come
here with bags of cash and get "Rubber Stamped" as Americans to
influence the political system to thier own ends.
I view them more as Foreign Agents than Americans...
Just one opinion of many I'm sure....
Sharkman
your brevity and context...but I have a feeling this is going to
be interesting - or at least amusing.
In article <391c9311...@news.nidlink.com>,
-- Tom R. Earlywine
Posting e-mail address does not constitute request for Commercial Email.
Nemo Shadows
>My advice to Raid would be to go to the FBI and report that someone is
>trying to frame him for computer-related crimes. The FBI should take a
>case like this seriously (particularly in the current climate).
>
>Raid will be able to give them useful information about who he has given
>his viruses to, which may be a good lead to start off with.. Raid says
>he's taken expert legal advice on his activities, so he won't have
>anything to worry about regarding the FBI.
>
I think they would be after the QUICK FIX rather than the real
culprit.
framing people has apparrently become an art practiced by those
seeking revenge as well as a legal system that apparently is'nt
interested in the truth.
If one would wish to breed distrust in government one simply has to
pad it with ones own polical agenda buy destroying that trust in the
first place and framing people is a very good place to start simple
because it will sooner or later be made public, hence achieving the
agenda.
Organized Crime or Foreign Agents that is the question just who or
whom does such actions benefit and why...
Dis-trust ,fear and loathing these are the tools of anarchist and
terrorist not real governments....
ham...@cix.compulink.co.uk
> On 12 May 2000 16:53:51 GMT, sop...@cix.compulink.co.uk wrote:
>
> >My advice to Raid would be to go to the FBI and report that someone is
> >trying to frame him for computer-related crimes. The FBI should
> >take a case like this seriously (particularly in the current
> >climate). Raid will be able to give them useful information
> >about who he has given his viruses to, which may be a good
> >lead to start off with.. Raid says he's taken expert legal
> >advice on his activities, so he won't have anything to worry
> >about regarding the FBI.
>
> I think they would be after the QUICK FIX rather than the real
> culprit.
I don't know about that. Raid, have you taken legal advice on this person
who has been impersonating you and spreading your viruses in the wild? Is
there any kind of case you can bring against them? Seems to me like
they're trying to frame you.
ham...@cix.compulink.co.uk
> On Thu, 11 May 2000, PaX wrote:
>
> > >does sophos teach sophistry? raid distributed viruses, but
> > >dlsmith *spread* viruses...<<<<<<<<<<<<<<<
> >
> > There is a huge difference Kurt...
>
> i know, that's why i used very different words... and why i
> suggested that grahams use of the same word for both was
> sophistry...
I was probably just typing in a hurry. But is spreading a virus not just
another form of distribution?
And what about John Grahms who posted Irok to a usenet newsgroup. Was
that spreading, or distribution, or both?
I don't know if there's a legal definition of these terms yet when it
comes to virus writing.
larr...@grar.com
<ios...@voyager.net> wrote:
[snip]
>
>Aside from the fact that it would involve prosecution of the Gideon's for handing out
>hate literature.
Exactly what "hate literature" are the Gideons "handing out"?
LDH
Sharkman
the intent to do harm"
whereas "distribution" sounds more general, and could be passive
(the user who double-clicked a vbs attachment was a passive
distributor of the lovebug)
In article <8fjh2e$ijj$1...@plutonium.compulink.co.uk>,
kurt wismer
> g9k...@cdf.toronto.edu (kurt wismer) wrote:
> > On Thu, 11 May 2000, PaX wrote:
> > > >does sophos teach sophistry? raid distributed viruses, but
> > > >dlsmith *spread* viruses...<<<<<<<<<<<<<<<
> > >
> > > There is a huge difference Kurt...
> >
> > i know, that's why i used very different words... and why i
> > suggested that grahams use of the same word for both was
> > sophistry...
>
> I was probably just typing in a hurry. But is spreading a virus not just
> another form of distribution?
yes, and both require using their fingers... lets get 'em, they used
their fingers...
caro collectively distributes virus samples amongst themselves, this is
obviously not a bad thing... dlsmith distributed in such a way that
people became infected, that is a bad thing... it would be very
confusing to use the same word to describe both, ergo they deserve to be
distinguished from each other - using different words...
> And what about John Grahms who posted Irok to a usenet newsgroup. Was
> that spreading, or distribution, or both?
that was malicious spreading, just as dlsmith did it...
> I don't know if there's a legal definition of these terms yet when it
> comes to virus writing.
virus writing is a separate thing entirely... the act of writing does
not initiate infection, nor does it communicate an infectious program
with consenting recipients...
--
"i'm gonna break
i'm gonna break my
i'm gonna break my rusty cage
and run"
Nemo Shadows
<t.earlywi...@giantsfan.com.invalid> wrote:
>foreign agents? could you please clarify? You've lost me in
>your brevity and context...but I have a feeling this is going to
>be interesting - or at least amusing.
>
>
Too much foreign money in the political system, lobbyist, foreign
monies with an american face (former elected officials).
and manipulation by international corporate interest..
sorry to disappoint, you I am sure this is'nt as interesting as you
might have thought, you were expecting some sort of anti-foreigner
flame.
the fact is that virus writters and the release of such simply hinders
and and plays into the hands of those that feed on the confusion and
the uncertainty that fear brings, when one relies on a tool as much as
western societies rely on computers, for everything from simple
chat/Email to banking transactions and finacial stability, any assault
against said system deliberate or otherwise breeds fear and
uncertainty the prospect of finacial loss and ruin breeds a climate of
war,destabilize the economies shifts the finacial power bases..
whom does such an action benefit...
Just an opinion of many I'm sure....
Sharkman
Fear and uncertainty breeds the percieved need for regulation and
protection - justifying more power given to government and
politicians (directly or indirectly), and the justification of
spending my money on stuff that should be common sense and common
law.
I get it :)
In article <391e0872...@news.nidlink.com>,
-- Tom R. Earlywine
Opinions presented are just that: my personal opinions
Patricia A. Shaffer
<t.earlywi...@giantsfan.com.invalid> wrote:
>"spreading" sounds to me like "passing along malicious code with
>the intent to do harm"
>
>whereas "distribution" sounds more general, and could be passive
>(the user who double-clicked a vbs attachment was a passive
>distributor of the lovebug)
>
>In article <8fjh2e$ijj$1...@plutonium.compulink.co.uk>,
>ham...@cix.compulink.co.uk wrote:
>>g9k...@cdf.toronto.edu (kurt wismer) wrote:
>>
>>> On Thu, 11 May 2000, PaX wrote:
>>>
>>> > >does sophos teach sophistry? raid distributed viruses, but
>>> > >dlsmith *spread* viruses...<<<<<<<<<<<<<<<
>>> >
>>> > There is a huge difference Kurt...
>>>
>>> i know, that's why i used very different words... and why i
>>> suggested that grahams use of the same word for both was
>>> sophistry...
>>
>>I was probably just typing in a hurry. But is spreading a virus
>not just
>>another form of distribution?
>>
>>And what about John Grahms who posted Irok to a usenet
>newsgroup. Was
>>that spreading, or distribution, or both?
>>
>>I don't know if there's a legal definition of these terms yet
>when it
>>comes to virus writing.
If you want to keep the terminology simple, just use "to spread", as in
an infectious disease processes. What AV researchers do is techinically
not "spreading", but rather "sharing" samples.
--
Patricia
Proud Citizen of the Commonwealth of Virginia
"Anti-spammers are the immune system of the Internet." (CDR M. Dobson)
"The spam wars are about rendering email useless for unsolicited
advertising before unsolicited advertising renders email useless
for communication."(Walter Dnes/Jeff Wynn) Opt-out is cop-out! <http://www.cauce.org>
PaX
.... Royal Ball coming off Tuesday"!<<<<<<<<<<<
bwhahahahahahah there goes your MBE in the new years Honours Cos..=]
regards Dalt
larr...@grar.com
<ios...@voyager.net> wrote:
>The bible. It's definiton as hate literature is, of course, pretty much limited to
>those who would be the target of good old-fashioned stonings. Let's face it, the
>book is packed with hate, violence, genocide, etc.
In the presentation of its central message of salvation, the bible
touches upon a great deal of human history which includes hate,
violence, genocide, etc. The overriding theme of the bible, however,
is love - love for God and your neighbor as yourself.
>
>It is very dangerous to attempt to label any given idea as "hate speech". No one
>knows where it will end. But many are very clear on the fact that what is defined as
>hate speech will be determined by whoever is in power at any given moment.
Agreed.
LDH
Bart Bailey
"sharing" has a more altruistic connotation than "spreading" in this usage but when an
item, in this case a set of coded instructions, propagates from one person to another,
either term would be applicable.
Patricia A. Shaffer
wrote:
Umm, I don't think so ... propagation is defined as increasing the
numbers of, dissemination, or spreading; sharing is done with mutual
agreement, propagation is not.
Bart Bailey
>
> <~~~>
>
> >
> >> What AV researchers do is techinically
> >> not "spreading", but rather "sharing" samples.
> >
> >"sharing" has a more altruistic connotation than "spreading" in this usage but when an
> >item, in this case a set of coded instructions, propagates from one person to another,
> >either term would be applicable.
>
> Umm, I don't think so ... propagation is defined as increasing the
> numbers of, dissemination, or spreading; sharing is done with mutual
> agreement, propagation is not.
What about those who, through mutual consent, "share" bodily fluids and all the pathogens
contained therein? Or to be more germane to this group, would someone who requests a sample
app not be seeking a sharing relationship with whomever elects to provide such?
Additionally, what defines an AV researcher? the declaration of such status? There seems to
be quite a bit of semantic blurring in the arguments of this thread and I suspect several
of the parties might be more in agreement with one another if there were more precise
nomenclature.
Not trying to be pedantic, Just an ole pre-Nam hippie vet surfing away my golden years ;-)
73 de KM6RF
Nemo Shadows
They say in war the first casualty is truth because truth is a double
edged sword it cuts equally deep against both good and evil.
Truth is a light that neither good nor evil can bear for the fallicy
of both is revealed...
Just an opinion of many I'm sure...
Nemo Shadows
<ios...@voyager.net> wrote:
>On Mon, 15 May 2000 12:21:54 -0400, larr...@grar.com wrote:
>
>>On Mon, 15 May 2000 09:09:22 -0500, Eye of the Storm
>><ios...@voyager.net> wrote:
>>
>>
>>>The bible. It's definiton as hate literature is, of course, pretty much limited to
>>>those who would be the target of good old-fashioned stonings. Let's face it, the
>>>book is packed with hate, violence, genocide, etc.
>>
>>In the presentation of its central message of salvation, the bible
>>touches upon a great deal of human history which includes hate,
>>violence, genocide, etc. The overriding theme of the bible, however,
>>is love - love for God and your neighbor as yourself.
>
>That's just it. It depends on how you read the book. A Philistine might have a
>different interpretation.
>
HEAR HEAR...
And what of those that are not from the middle east and wish not these
teachings why should I be coerced into it by the point of a sword, and
please don't say it does'nt happen as I know differently from all
sides of these isssues..
Just an opinion of many I'm sure....
Patricia A. Shaffer
wrote:
>Patricia A. Shaffer wrote:
Sharing is sharing ... mutual consent, and hopefully, it is informed
consent. As for the definiton of AV research, I'll leave that to the
researchers, since they are the ones who decide who they will trust.
After all, sharing is not mandatory.
>Not trying to be pedantic, Just an ole pre-Nam hippie vet surfing away my golden years ;-)
>73 de KM6RF
And I'm just a pre-hippie generation nurse, doing my best to smooth out
a lot of tangled terminology so we can all discuss a topic with less
misunderstanding. <g>
Jeffrey A. Setaro
>
[Snip]
> Additionally, what defines an AV researcher?
A person actively employed in research by an anti-virus software
company... In reality a fairly small community.
> the declaration of such status?
See above. (You won't find legitimate AV researches soliciting samples
in this group BTW).
> There seems to
> be quite a bit of semantic blurring in the arguments of this thread and I suspect several
> of the parties might be more in agreement with one another if there were more precise
> nomenclature.
>
There always is... The VX community consistently trys to blur the
lines between itself and the legitimate anti-virus research
community... It's usually something along the lines of "we're not
doing anything they're not... After all they
share/distribute/exchanges samples to".
The reality is the anti-virus research community bears little
resemblance to the virus exchange community... The legitimate research
community:
1) Legitimate anti-virus researches DO NOT maliciously
spread/distributed malicious code.
2) The legitimate AV research community does not post malicious code
in publicly accessible places.
3) When samples are exchanged between legitimate AV researches it's
done via secure means (either via encrypted e-mail or the REVS
system).
[Snip]
HTH.
--
Cheers-
Jeff Setaro
jase...@sprynet.com
http://home.sprynet.com/~jasetaro/
PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99
PaX
spread/distributed malicious code.
2) The legitimate AV research community does not post malicious code
in publicly accessible places.
3) When samples are exchanged between legitimate AV researches it's
done via secure means (either via encrypted e-mail or the REVS <<<<<<<<<<<<
Jeff,
Not always the case....
Ill approach your points one at a time...
>1) Legitimate anti-virus researches DO NOT maliciously
spread/distributed malicious code. <
A:neither do many collectors or VX community people...
>2) The legitimate AV research community does not post malicious code
in publicly accessible places.<
A:Have you ever seen code or source posted anywhere from the likes of Tally
or Virusbuster to name just 2 ?
>3) When samples are exchanged between legitimate AV researches it's
done via secure means (either via encrypted e-mail or the REVS <
A:Pretty much the whole of the VX community use PGP with huge DSS keys far
higher than many security agencies use.
I dont feel its a case of VX trying to blur the line between AV+VX its a
case that the line is blured already.For example I know of at least one
instance where code that was ONLY ever shared with an antivirus company
turned up in another colectors inventry.I've certainly never seen anybody
try and quote how many VXers there are...I would be very supprised if many
people actually had much idea,outside of the community itself.Therefore to
make wide ranging staements that include so many people is unwise to say the
least.
best wishes Dalt
larr...@grar.com
Shadows) wrote:
>They say in war the first casualty is truth because truth is a double
>edged sword it cuts equally deep against both good and evil.
>
>Truth is a light that neither good nor evil can bear for the fallicy
>of both is revealed...
What? Truth is not the antithesis of good. They go together hand in
glove.
>Just an opinion of many I'm sure...
Maybe not.
LDH
Sharkman
do so in another group)
In article <56t2isohfqm756kia...@4ax.com>,
Sharkman
I am not a legitimate anti-virus researcher? I have to be
employed by an anti-virus company? That's like saying a
home-astronomer isn't an astronomer unless they're employed by
the government or a university.
In article <MPG.138b12355...@nntp.sprynet.com>, Jeffrey
>1) Legitimate anti-virus researches DO NOT maliciously
>spread/distributed malicious code.
>
>2) The legitimate AV research community does not post malicious
code
>in publicly accessible places.
>
>3) When samples are exchanged between legitimate AV researches
it's
>done via secure means (either via encrypted e-mail or the REVS
>system).
>
>[Snip]
>
>HTH.
>
>--
>Cheers-
>
>Jeff Setaro
>jase...@sprynet.com
>http://home.sprynet.com/~jasetaro/
>PGP Key IDs DH/DSS: 0x5D41429D RSA: 0x599D2A99
>
>
Jeffrey A. Setaro
t.earlywi...@giantsfan.com.invalid says...
> so if I am working on a writing a personal virus scanner at home,
> I am not a legitimate anti-virus researcher?
Correct. Simply saying "I'm an anti-virus researcher" isn't sufficient
to be called one.
> I have to be
> employed by an anti-virus company?
Correct you want the tittle of anti-virus researcher you have to be
employed by a professional anti-virus research organization.
> That's like saying a
> home-astronomer isn't an astronomer unless they're employed by
> the government or a university.
>
Not at all... A person actively employed the government or university
as an astronomer is a professional astronomer. A person who enjoys
"star gazing" as hobby can rightly be called an amateur astronomer.
Both are astronomers but the professional researcher enjoys additional
privileges by virtue of occupation.
You want to call yourself an anti-virus researcher fine... Just don't
expect to have the same privileges as a researcher employed by an
anti-virus software company.
Steven Dasheiff
They might as well try to try to pass legisration against writing code.
1) You can't make laws for thing you can't enforce.
2) Abmivelent words like Malicious cannot be used in law making.
3) Hell forget all of this, they would make a law so that you can't make or
spead biological virus from your body.
Hey, Why Not?
Robert Green
<ios...@voyager.net> wrote:
>On Tue, 16 May 2000 15:46:48 -0400, Jeffrey A. Setaro <jase...@sprynet.com> wrote:
>
>>In article <2576e088...@usw-ex0105-035.remarq.com>,
>>t.earlywi...@giantsfan.com.invalid says...
>>> so if I am working on a writing a personal virus scanner at home,
>>> I am not a legitimate anti-virus researcher?
>>
>>Correct. Simply saying "I'm an anti-virus researcher" isn't sufficient
>>to be called one.
>>
>>> I have to be
>>> employed by an anti-virus company?
>>
>>Correct you want the tittle of anti-virus researcher you have to be
>>employed by a professional anti-virus research organization.
>
>That is ridiculous.
Not really. I think Jeff is talking about a claim of membership in the
professional antivirus research community and the privileges that
membership confers, ie, access to collections, to the work of others,
etc.
>>You want to call yourself an anti-virus researcher fine... Just don't
>>expect to have the same privileges as a researcher employed by an
>>anti-virus software company.
>
>Luckily, since the internet is still free, an "amateur" anti-virus researcher has
>virtually all of the same "privileges" as a professional anti-virus researcher. In
>this case information, like the Colt .45, makes men equal.
Agreed, its perfectly possible to be a serious independent researcher.
Research materials are not too hard to come by these days ;-).
The quality of independent research is another matter, of course.
Bob
LHigdon
<ios...@voyager.net> wrote:
>
>Actually we do have such laws in the U.S. Someone who is found to be knowingly
>spreading AIDS, for instance, can be, and have been, prosecuted.
>
>It's all based on intent. It can be reasoned that someone who knows they are HIV
>positive, and doesn't tell their prospective sexual partner, is committing a crime by
>willfully exposing another person to the risk.
No, no, no, no,no. You're missing something. It cannot be reasoned, it
has to be PROVEN that someone actually knew they had HIV and purposely
failed to tell a prospective partner. The rest I agree with.
Intent is tricky stuff.
PaX
professional antivirus research community and the privileges that
membership confers, ie, access to collections, to the work of others,
etc.<<<<<<<<<<<<<<<<
This is all well and good,however where does the line get drawn??
Ok so I send Pierre V an executable of say a polmorphic vxd
infector...within a matter of minutes he's going to have it apart and tell
me exactly what every line of code does.Hence he could be said to be a
professional.
Send same code to Pete Szor,again its comming apart and an explanation is
going to be soon forthcomming....same for many "AVers"...ok so now i send
the same code to Nick...(no offence intended)..is he going to have any idea
where to start?? the same would apply to many "AVers" ...maybe the term
"AntiVirus" should mean those that can understand and effect a solution to
the prblem...not those that simply are trying to sell products..
Again the same code could be sent to Darkman of 29a...hes going to have it
apart and used as wallpaper before the email is dry...does that make him a
professional...
As I have said here many times ..it has become a very blurred line...
regards Dalt
Sharkman
researcher" in the light of the discussion of who should be
*allowed* to share malicious code. In this case, I don't think
"virus researcher" should be limited to those who "work for an AV
company". Next we're going to say that only those who work for
"security companies" should be able to share information on
exploits? The amateur should have as much right to share code as
the professional. The problem is in the malicious spreading of
viral code, not in the sharing of viral code.
In article <MPG.138b12355...@nntp.sprynet.com>, Jeffrey
A. Setaro <jase...@sprynet.com> painted with a very large brush:
------------------------------------------------
In article <3922ae95...@news.mindspring.com>,
rgr...@avana.net (Robert Green) wrote:
>On Wed, 17 May 2000 08:39:41 -0500, Eye of the Storm
><ios...@voyager.net> wrote:
>
>>On Tue, 16 May 2000 15:46:48 -0400, Jeffrey A. Setaro
<jase...@sprynet.com> wrote:
>>
>>>In article <2576e088...@usw-ex0105-035.remarq.com>,
>>>t.earlywi...@giantsfan.com.invalid says...
>>>> so if I am working on a writing a personal virus scanner at
home,
>>>> I am not a legitimate anti-virus researcher?
>>>
>>>Correct. Simply saying "I'm an anti-virus researcher" isn't
sufficient
>>>to be called one.
>>>
>>>> I have to be
>>>> employed by an anti-virus company?
>>>
>>>Correct you want the tittle of anti-virus researcher you have
to be
>>>employed by a professional anti-virus research organization.
>>
>>That is ridiculous.
>
>Not really. I think Jeff is talking about a claim of membership
in the
>professional antivirus research community and the privileges
that
>membership confers, ie, access to collections, to the work of
others,
>etc.
>
>>>You want to call yourself an anti-virus researcher fine...
Just don't
>>>expect to have the same privileges as a researcher employed by
an
>>>anti-virus software company.
>>
>>Luckily, since the internet is still free, an "amateur"
anti-virus researcher has
>>virtually all of the same "privileges" as a professional
anti-virus researcher. In
>>this case information, like the Colt .45, makes men equal.
>
>Agreed, its perfectly possible to be a serious independent
researcher.
>Research materials are not too hard to come by these days ;-).
>
>The quality of independent research is another matter, of
course.
>
>Bob
>
>
>
>
- Tom R. Earlywine
Opinions presented are just my personal opinions.
Neighborhood watch member #10 - Junior Lumber cartel member #1010
http://geocities.com/tearlywine/dearspammer.txt
Robert Green
wrote:
>>>>>Not really. I think Jeff is talking about a claim of membership in the
>professional antivirus research community and the privileges that
>membership confers, ie, access to collections, to the work of others,
>etc.<<<<<<<<<<<<<<<<
>
>This is all well and good,however where does the line get drawn??
Between those who are members of that community and those who aren't.
>Ok so I send Pierre V an executable of say a polmorphic vxd
>infector...within a matter of minutes he's going to have it apart and tell
>me exactly what every line of code does.Hence he could be said to be a
>professional.
Sure, if he had the time and was so inclined.
>Send same code to Pete Szor,again its comming apart and an explanation is
>going to be soon forthcomming....same for many "AVers"...ok so now i send
>the same code to Nick...(no offence intended)..is he going to have any idea
>where to start??
Again, its probably a question of time and inclination. If you are
implying that Nick lacks the skills to disassemble a virus, I believe
you're wrong.
> the same would apply to many "AVers" ...maybe the term
>"AntiVirus" should mean those that can understand and effect a solution to
>the prblem...not those that simply are trying to sell products..
The're called marketroids ;-).
>Again the same code could be sent to Darkman of 29a...hes going to have it
>apart and used as wallpaper before the email is dry...does that make him a
>professional...
No. There's much more to professionalism than a set of technical
skills.
But there _are_ competent researchers in the Vx community. Just no
professional ones.
>As I have said here many times ..it has become a very blurred line...
Consider ethical standards. That may help you put it back into focus.
>regards Dalt
Bob
Robert Green
<ios...@voyager.net> wrote:
>On Wed, 17 May 2000 14:50:39 GMT, rgr...@avana.net (Robert Green) wrote:
>
>>On Wed, 17 May 2000 08:39:41 -0500, Eye of the Storm
>><ios...@voyager.net> wrote:
>>
>>>On Tue, 16 May 2000 15:46:48 -0400, Jeffrey A. Setaro <jase...@sprynet.com> wrote:
>>>
>>>>In article <2576e088...@usw-ex0105-035.remarq.com>,
>>>>t.earlywi...@giantsfan.com.invalid says...
>>>>> so if I am working on a writing a personal virus scanner at home,
>>>>> I am not a legitimate anti-virus researcher?
>>>>
>>>>Correct. Simply saying "I'm an anti-virus researcher" isn't sufficient
>>>>to be called one.
>>>>
>>>>> I have to be
>>>>> employed by an anti-virus company?
>>>>
>>>>Correct you want the tittle of anti-virus researcher you have to be
>>>>employed by a professional anti-virus research organization.
>>>
>>>That is ridiculous.
>>
>>Not really. I think Jeff is talking about a claim of membership in the
>>professional antivirus research community and the privileges that
>>membership confers, ie, access to collections, to the work of others,
>>etc.
>
>I'm not aware of any existing professional organizations for anti-virus research
>(i.e. between AV vendors).
CARO?
> But it doesn't matter. "Anti-Virus Researcher" is not
>any sort of professional, licensed title that I'm aware of.
Correct.
>Perhaps the problem is the term itself. "Anti-Virus Researcher" implies that a
>person is studying viruses with the intent of developing some method of counteracting
>their effects. Why not just say "Virus Researcher", which imples that some people
>simply enjoy taking the little buggers apart to see what makes them tick.
Whatever.
>Is there a valid reason to do that? In America the answer is simple: yes, because
>they want to.
No argument.
>>>>You want to call yourself an anti-virus researcher fine... Just don't
>>>>expect to have the same privileges as a researcher employed by an
>>>>anti-virus software company.
>>>
>>>Luckily, since the internet is still free, an "amateur" anti-virus researcher has
>>>virtually all of the same "privileges" as a professional anti-virus researcher. In
>>>this case information, like the Colt .45, makes men equal.
>>
>>Agreed, its perfectly possible to be a serious independent researcher.
>>Research materials are not too hard to come by these days ;-).
>>
>>The quality of independent research is another matter, of course.
>
>True, but quality, when measured by a single person seeking information for their own
>enlightenment, has little meaning in this case.
Well, does "quality of englightenment" have meaning?
PaX
implying that Nick lacks the skills to disassemble a virus, I believe
you're wrong.<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Im saying that for example Nick may well be able to give chapter and verse
on any Macro code but could he for example cope with something such as
CiH...not to dissasemble it but to diss it and understand what the code does
and where..
I was just using Nick as an example not because I have doubts regarding his
skills..JUST an example.
>>>>Consider ethical standards. That may help you put it back into
focus.<<<<<<<<<<<<<
humm difficult one again Robert,
Rod Fewster represents to me
the ideal of a professional..speaks his mind,has a wealth of information and
does not sit in judgement over others.Pierre,Pete Szor,Vess etc ..all very
knowledgable people in their field.You used the term "marketiods"..thats
where the line is...I would not personally trust a marketoid with any of my
own code as profit often comes before integrity.
From the VX side of the coin..(I wont mention names as they may not wish
it).
The team leader of one VX team...V****** D*****.. you wont meet a nicer
guy,helpful,honourable and more morals than many of the "Marketoids" and he
is just one of many.Very often the perception of Virus Writers is given by
the few of the many..
Sometimes the "Holier than thou"attitude of some AVers can get a little
grating but I guess the freedom to be different is a freedom paid for in
lives ...and one well worth protecting..
best wishes Dalt
Robert Green
wrote:
>>>>>>Again, its probably a question of time and inclination. If you are
>implying that Nick lacks the skills to disassemble a virus, I believe
>you're wrong.<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>
>Im saying that for example Nick may well be able to give chapter and verse
>on any Macro code but could he for example cope with something such as
>CiH...not to dissasemble it but to diss it and understand what the code does
>and where..
>I was just using Nick as an example not because I have doubts regarding his
>skills..JUST an example.
OK.
>>>>>Consider ethical standards. That may help you put it back into
>focus.<<<<<<<<<<<<<
What I really meant there is a canon of professional standards.
Independent, non-professional researchers in the virus field can also,
obviously, have standards. A good number of Vx people display a mature
awareness of the ethical pitfalls involved in activities like virus
collecting and exchanging, and have obviously thought about the
problems. How well they do in solving the problems can be debated
about, of course :-).
>humm difficult one again Robert,
> Rod Fewster represents to me
>the ideal of a professional..speaks his mind,has a wealth of information and
>does not sit in judgement over others.Pierre,Pete Szor,Vess etc ..all very
>knowledgable people in their field.
Agreed.
> You used the term "marketiods"..thats
>where the line is...I would not personally trust a marketoid with any of my
>own code as profit often comes before integrity.
Are marketroids necessarily without integrity?
>From the VX side of the coin..(I wont mention names as they may not wish
>it).
>The team leader of one VX team...V****** D*****.. you wont meet a nicer
>guy,helpful,honourable and more morals than many of the "Marketoids" and he
>is just one of many.
I won't deny that there some basically good guys in the Vx scene.
> Very often the perception of Virus Writers is given by
>the few of the many..
Yeah, there's always the Raids of the world, huh?
>Sometimes the "Holier than thou"attitude of some AVers can get a little
"Seriously pissed off" may be better than "Holier than Thou." Try
jumping in and giving some help to people who post here after loosing
their data. Some of them experience real anguish over what has
happened. It can give you an interesting second perspective on virus
writing. That kind of experience surely changed the thinking of Mike
Ellison.
>grating but I guess the freedom to be different is a freedom paid for in
>lives ...and one well worth protecting..
You are right. Our freedoms were paid for by the blood of others. We
should use them responsibly and respectfully.
Bob
Nemo Shadows
>What? Truth is not the antithesis of good. They go together hand in
>glove.
>
You are mis-taken for years THE TRUTH (PROFESSED) was that the world
was flat and many did as much as they could to keep it that way
including torture and murder under many banners of the faithful, being
the defenders of TRUTH when infact they were the defenders of false
belief.
FACT=THE TRUTH and that is something few can stomach especially those
whose power base is created and maintained on a deception, because it
destroys the fallicy of these false beliefs which is mistakenly
healrded as TRUTH...
Good and Evil do not exist outside ourselves, it is a mental illness
generally self induced but not always so since one can be coerced and
tortured into any belief system that one wishes to impose upon another
and the belief becomes REAL a form of a truth but not a fact truth.
Need I say more ??
Besides this is not a group for such discussions and I humbly
apologize to the group for continueing it..
and as I said just an opinion of many I'm sure...
Raid Slam
<fbo...@mail.dotcom.fr> wrote:
>Blah blah blah.
>
>Why don't you simply answer his questions.
I was pretty sure I did frederic.
>1. Who spread Irok under your pseudonym?
And I'm supposed to know this how exactly?
>2. What are you going to do to avoid this in the future?
I don't follow what your meaning is with this question. It's not
my responsibility to babysit people.
>You have been asked these questions so often and you have yet to
>provide concrete responses. You are just quibbling here, as
>usual.
I had thought i was providing accurate responses to the questions
asked. I don't see how I've avoided answering them?
Regards,
Raid [SLAM]
Raid Slam
sop...@cix.compulink.co.uk wrote:
Mr Sophos Toadie,
>And why (although Raid claims to have communicated with the
>person who spread his virus) didn't Raid notice that said person
>was using one of Raid's pseudonyms?
It's not a claim if it's true. How else would get the emails I
got from him? Unless your going to claim I hacked into his email
account, or forged the emails entirely or some other inane shit.
Further, I don't recall John Grahms beind solely my property.
It's not as if it's a trademark or something. I know, it's these
little details you have such a hard time with. if you would stop
feeding your face with huge amounts of donuts (or whatever the
hell you eat to stay so damn fat) you might have better brain
function. (That is, when it's done buring your calories off).
> You would have thought Raid would
>have noticed.
Raid has other things on his mind... Who's claiming to be who,
who's fucking who over aren't one of those things.
>As it was we had to point it out to him.
Actually, You implied I had spread the virus. But now we see
you've changed the opinion "pointing it out to him."
Your a funny pig.
Raid Slam
sop...@cix.compulink.co.uk wrote:
>The organisation is multi-national. I happen to know for a fact
>that they have offices in the USA too. In fact that may be
>their head office. I don't know if their US branch got infected
>too, but it might not matter.
Regardless, I didn't spread the virus. You have no proof that I
did, hell you can't even link the virus and myself to a common IP
range. Your pissing in the wind.
>And we know someone was distributing Raid's viruses by posting
>infected files (which did not declare that they were infected)
>to the net.
Correct me if I'm wrong, but isn't that how MOST viruses get
spread to begin with? Via usenet? When you can prove that I
spread it, then you have something to whine about. But since I
didn't spread it, and nothing you say is going to change that,
you and sophos and your other toadie friends can all FUCK OFF.
>I don't know if the person who did this used one of Raid's
>pseudonyms when they did this, like they did with Irok.
Gee mr detective, Why don't you call em and see?
sop...@cix.compulink.co.uk
soho20N...@hotmail.com.invalid (Raid Slam) wrote:
> In article <391C30FB...@mail.dotcom.fr>, Frederic Bonroy
> <fbo...@mail.dotcom.fr> wrote:
>
> >Blah blah blah.
> >
> >Why don't you simply answer his questions.
>
> I was pretty sure I did frederic.
>
> >1. Who spread Irok under your pseudonym?
>
> And I'm supposed to know this how exactly?
Well, we know it was someone calling themselves John Grahms. So that's a
good clue.
> >2. What are you going to do to avoid this in the future?
>
> I don't follow what your meaning is with this question. It's not
> my responsibility to babysit people.
But don't you think you should stop people pretending to be you from
spreading your viruses? After all, John Grahms is one of your pseudonyms
right?
--
Graham Cluley, Head of Corporate Communications, Sophos Anti-Virus
email: gcl...@sophos.com http://www.sophos.com
US Support: +1 888 SOPHOS 9 UK Support: +44 1235 559933
Raid Slam
rgr...@avana.net (Robert Green) wrote:
>Again, its probably a question of time and inclination. If you
>are implying that Nick lacks the skills to disassemble a virus,
>I believe you're wrong.
Well, technically Pax is correct. Nick does not possess assembler
knowledge, and by his own track record, won't even attempt to
disect an executable virus. He seems to stick to word macros, or
vbs script viruses; Which does not mean he has any skills in
disassembling anything. So how exactly is he an expert then, if
his very programming skills are so lame? He knows a bit about
stattics and theories, and this qualifies him as an expert?
>But there _are_ competent researchers in the Vx community. Just
>no professional ones.
Rather broad statement to make, considering you don't know first
hand for sure do you?
Frederic Bonroy
> >1. Who spread Irok under your pseudonym?
> And I'm supposed to know this how exactly?
That is not too hard to find out. It must be one of those with whom
you shared samples of Irok. But I have the impression that you
actually don't want to know who did it.
> >2. What are you going to do to avoid this in the future?
>
> I don't follow what your meaning is with this question. It's not
> my responsibility to babysit people.
You are struggling here to persuade us that you haven't spread Irok.
Fine, assuming you really haven't - don't you see that the real
culprit makes you look like a liar here? Worse even, he could use
your pseudonym again to praise Invircible to the skies or even post
apologies for having written viruses. Wouldn't that just piss you
off? Don't you want to avoid that?
Raid Slam
sop...@cix.compulink.co.uk wrote:
>Well, we know it was someone calling themselves John Grahms. So
>that's a good clue.
Enlighten me Toadie, What is the clue? I'm missing it.
>But don't you think you should stop people pretending to be you
>from spreading your viruses?
This is the internet, I have no more control over what others do
on it then yourself. I have every right to write software as I
see fit on my own machine, and I have the fucking right to offer
it to others on my website IF they want it. the only difference
between us graham is you sell your shit online, and mine's free.
Mine does have the ability to self replicate, but that doesn't
mean it doesn't deserve to be hosted on the net.
You seem to be trying to confuse people into thinking putting a
virus on a virus related website is the same as maliciously
spreading a virus. if you cannot tell the differences between
those two actions, I for one must question your competence in
this chosen field.
>After all, John Grahms is one of your
>pseudonyms right?
In a sense, it is a name I use from time to time, But I cannot
claim full ownership of it. I can only claim full ownership of my
own real name, and that's only because it's documented. I can't
even claim "raid/slam" as my handle, because nothing is stopping
anybody from borrowing it, the same as with happened with John
Grahms. Maybe somebody else thought the name sounded realistic
enough to use as well? One can only wonder. I suppose what it all
boils down too, only God knows who I am, and that's providing
that he exists.
If there's nothing else to address mr Toadie, I'll be going back
to lurk mode now.
sop...@cix.compulink.co.uk
soho20N...@hotmail.com.invalid (Raid Slam) wrote:
> In article <8g14ko$72p$1...@plutonium.compulink.co.uk>,
> sop...@cix.compulink.co.uk wrote:
>
> >Well, we know it was someone calling themselves John Grahms. So
> >that's a good clue.
>
> Enlighten me Toadie, What is the clue? I'm missing it.
Well, he's using one of your pseudonyms. And we've already confirmed that
it's not a name that many people use. So he possibly knows you and is
trying to frame you! Can you think of anyone who might want to use one of
your pseudonyms?
> >But don't you think you should stop people pretending to be you
> >from spreading your viruses?
>
> This is the internet, I have no more control over what others do
> on it then yourself.
But you could stop distributing your viruses to people who clearly aren't
trustworthy. Like this guy "John Grahms" who appears to be pretending to
be you for instance.
Randy Abrams
Frederic Bonroy <fbo...@mail.dotcom.fr> wrote in message
news:39241950...@mail.dotcom.fr...
<snip>
> You are struggling here to persuade us that you haven't spread Irok.
> Fine, assuming you really haven't - don't you see that the real
> culprit makes you look like a liar here? Worse even, he could use
> your pseudonym again to praise Invircible to the skies or even post
> apologies for having written viruses. Wouldn't that just piss you
> off? Don't you want to avoid that?
And the fact that Irok got out demonstrates extreme computer incompetence
after he told Dr. Costas that he could prevent anymore of his viruses from
getting out. Sounds like he can't handle a PC. Something so simple as
keeping a program on your own hard drive.
Regards,
Randy
--
--
The opinions expressed in this message are my own personal views
and do not reflect the official views of the Microsoft Corporation.
sop...@cix.compulink.co.uk
soho20N...@hotmail.com.invalid (Raid Slam) wrote:
> You seem to be trying to confuse people into thinking putting a
> virus on a virus related website is the same as maliciously
> spreading a virus. if you cannot tell the differences between
> those two actions, I for one must question your competence in
> this chosen field.
No no no.. I'm not interested in all that right now. What I'm interested
in this. Here's the facts we know:
1. You said you would spread Irok in the wild.
2. Irok is spread in the wild.
3. The person who spread Irok in the wild is revealed as someone calling
themselves "John Grahms".
4. You say you have had email conversations with Mr Grahms.
5. It's pointed out to you (you didn't seem to have noticed) that John
Grahms is one of your pseudonyms.
6. You got very angry.
7. You're reminded that you said you would spread Irok in the wild.
8. You got very angry again.
9. You said that you'd changed your mind about that, and that we shouldn't
believe everything you say.
19. We asked if you were going to do anything about this John Grahms guy
who seems to be trying to frame you by spreading your viruses in the wild,
using one of your pseudonyms.
This is much much more interesting than talking about viruses spread from
your website.
So, we want to know, what are you planning to do about this guy who is
trying to frame you?
PaX
who is
trying to frame you?<<<<<<<<<<<<<<<
Hi my name is John Grahams and so is my daughters and my pet CAT..not to
mention my next door neighbour and the guy across the street.
Well seeing as RaiD is approx 6000 miles from me I guess hes not going to be
doing too much in the near future..
Joking aside...you and I both know Graham that there is NOTHING that can be
done about any person using an assumed name.
However the intense provocation of RaiD looks like an attempt to get him to
do something stupid(yes anybody is capable of doing dumb things including
RaiD) so that any number of individuals IE:Pleb Cohen and his buddies can go
running to the FBI and have RaiD busted.Yup I know RaiD can have a short
fuse...Ive been on the receiving end of it a few times however his is
intelligent enough to see a set up when one lands in his lap.
Why do you continue to bother aski9ng the same questions when answers have
been provided by a number of people (including RaiD)??
Regards Dalt
PS:Tell Cohen I hope summit real nasty happens to him in the near
future...never liked the guy anyway...