I love IP Tables....

David G. Miller dave at davenjudy.org
Wed May 30 14:02:16 UTC 2007 

Les <hlhowell at pacbell.net> wrote:

> One thing missing in this discussion is the scale of costs.  No
> individual, outside of maybe Bill Gates could begin to repay for the
> damage caused by a rogue computer spreading a virus.  Nor can one
> individual be even considered of being capable of patching a flaw in a
> piece of readily available software of proprietary nature (remember that
> "reverse engineering" is banned by most user license agreements.)  So
> lets say you get a law passed that puts the onus on an individual.  You
> get hacked, and the hacker uses a bit of code inside your system to
> "spiff up" his latest virus/worm program.  Your name is in the code
> (courtesy of the memory map when your bit was built).  Now that code
> breaks out and infects 200,000 systems, bringing them to their knees.
> You had all the good AV stuff installed, the system had a firewall, but
> this particular hacker managed to slip by
As I have mentioned several times in my postings on this subject, the 
law usually considers whether you have taken "reasonable and customary" 
measures to protect against such things.  Especially, see my previous 
posting regarding a joyrider stealing a car.

Self-propagating viruses act a lot like the real thing.  It doesn't take 
a 100 percent inoculation rate to stop a real virus from spreading; only 
getting enough of the population protected that the probability that the 
infection can spread is low. One of the problems is that way too many 
computer users don't understand their vulnerability and how harmful 
having a vulnerable system is.  This is what needs to change.

We've already seen a number of attack vectors go out of favor as a 
certain large software vendor has patched the security holes in it's 
operating system and other products.  If a significantly larger 
percentage of users were to install effective AV software, the problem 
would drop significantly.  I'm not saying it would go away but we would 
probably see the people who write such software look to other 
approaches.  Some of these might initially be successful but having a 
larger percentage of systems running effective AV software would mean 
that such problems would rapidly be contained.

It would be nice if that same software vendor were to tighten up their 
product rather than rely on after the fact patches like AV software.  
Being as how their behavior has barely changed in over 25 years, I'm not 
holding my breath.

Cheers,
Dave

-- 
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce

More information about the users mailing list