Computer Legislation

[Mr. Backup]

Computer Legislation



I am pondering the idea of computer legislation in light of all the new
exploits and damaging affects of spyware, malware, viruses and damages to
computers and systems today. We have all read and written at one point
about P2P and copyright laws, but I am not thinking of that at this point.
What I want to focus on is what my rights are as a computer user. If a
persons computer was to infect mine with a virus, can I sue you for my pain
and suffering, repair cost, etc. Will there be an insurance company that
will insure my computer and its data in the event that something such as
that happened?



What about the user; should the user be required to have a computing permit,
similar to a drivers permit, or even a computers license to be a user of any
computer. If you're thinking that's a crazy thought it isn't. Many
"skilled" computer users use their systems day to day warding off attacks
from compromised systems of users whom are clueless to what they are even
doing on the computer. Most of which do not even realize that they have been
infected. Where are the computer "police" to protect my systems?



I am sure if someone was to drive a car and hit parked cars on the streets
and crash into other cars they would soon be apprehended and penalized for
this. Should the same be applied to computer usage?

 

[Carey Frisch [MVP]]

"The intentional use of exploit code, in any form, to cause damage
to computer users, is a criminal offense. Accordingly, Microsoft
continues to assist law enforcement with its investigation of the
attacks in this case. Customers who believe they have been attacked
should contact their local FBI office or post their complaint on the
Internet Fraud Complaint Center Web site. Customers outside the U.S.
should contact the national law enforcement agency in their country."

Ref: http://www.microsoft.com/presspass/press/2006/jan06/01-03WMFUpdatePR.mspx

--
Carey Frisch
Microsoft MVP
Windows - Shell/User
Microsoft Community Newsgroups
news://msnews.microsoft.com/

-------------------------------------------------------------------------------------------

:

| Computer Legislation
|
| I am pondering the idea of computer legislation in light of all the new
| exploits and damaging affects of spyware, malware, viruses and damages to
| computers and systems today. We have all read and written at one point
| about P2P and copyright laws, but I am not thinking of that at this point.
| What I want to focus on is what my rights are as a computer user. If a
| persons computer was to infect mine with a virus, can I sue you for my pain
| and suffering, repair cost, etc. Will there be an insurance company that
| will insure my computer and its data in the event that something such as
| that happened?
|
| What about the user; should the user be required to have a computing permit,
| similar to a drivers permit, or even a computers license to be a user of any
| computer. If you're thinking that's a crazy thought it isn't. Many
| "skilled" computer users use their systems day to day warding off attacks
| from compromised systems of users whom are clueless to what they are even
| doing on the computer. Most of which do not even realize that they have been
| infected. Where are the computer "police" to protect my systems?
|
| I am sure if someone was to drive a car and hit parked cars on the streets
| and crash into other cars they would soon be apprehended and penalized for
| this. Should the same be applied to computer usage?

 

[David H. Lipman]

From: "Mr. Backup" <[email protected]>

| Computer Legislation
|
| I am pondering the idea of computer legislation in light of all the new
| exploits and damaging affects of spyware, malware, viruses and damages to
| computers and systems today. We have all read and written at one point
| about P2P and copyright laws, but I am not thinking of that at this point.
| What I want to focus on is what my rights are as a computer user. If a
| persons computer was to infect mine with a virus, can I sue you for my pain
| and suffering, repair cost, etc. Will there be an insurance company that
| will insure my computer and its data in the event that something such as
| that happened?
|
| What about the user; should the user be required to have a computing permit,
| similar to a drivers permit, or even a computers license to be a user of any
| computer. If you're thinking that's a crazy thought it isn't. Many
| "skilled" computer users use their systems day to day warding off attacks
| from compromised systems of users whom are clueless to what they are even
| doing on the computer. Most of which do not even realize that they have been
| infected. Where are the computer "police" to protect my systems?
|
| I am sure if someone was to drive a car and hit parked cars on the streets
| and crash into other cars they would soon be apprehended and penalized for
| this. Should the same be applied to computer usage?
|

YOU are the Police of your own computer.

Please practice Safe Hex !

http://www.claymania.com/safe-hex.html

 

[Roger Abell [MVP]]

It seems that the problem in all such efforts, that have been many,
comes down to the inability to establish the wrongdoer's identity.

I witnessed a car accident, and the policeman took down the
description of the auto that did it and speeded off, but was not
really too interested. What he was interested in was my ability
to describe the driver and the certainty I had about whether I
could or could not recognize the individual.

It is much the same with the internet which was (intentionally or
not) designed so that network traffic is anonymous as to the
person ultimately responsible.

In your examples, if your neighbor's computer is found to have
been the one to which your financial data was transferred, is it
your neighbor that gets arrested? What if they, as you observed,
have no clue that their machine was a bot in a data collection
network? What if that machine was actively being used by a
person who directed step-by-step the actions that resulted in
your data being copied out? etc. etc. etc.

About the only way to make what you propose actually
enforcable is to have an audit trail which cannot be tampered
with and it would need to be about everything that happens.

Is that sort of Orwellian approach what you are after?

But, without the actual tangibles to establish who the crimial
was, what one would instead see is an ever growing number
of laws (many not clearly enforcable) each attempting to
tighten the noose, but actually each likely just increasing the
burden on the average, well-intended and fully lawabiding
computer user.

 

[Michael D. Ober]

Why not treat virus creators as terrorists? After conviction in any country
on writing and releasing the virus, find the country with the most sever
penalty and turn them over for the punishment. I'm positive if we publicly
execute a few virus writers, the number of new virii will drop dramatically.

Oh, and by the way, I can almost guarantee your name isn't "Mr. Backup" Use
your real name when posting this type of crap.

Mike Ober.

 

[Bruce Chambers]

Computer Legislation



..... If a
persons computer was to infect mine with a virus, can I sue you for my pain
and suffering, repair cost, etc. Will there be an insurance company that
will insure my computer and its data in the event that something such as
that happened?

I don't see how. After all, the infection would be pretty much your
own fault, for not taking adequate precautions. After all, if you were
to step into a busy street without bothering to look for oncoming
traffic and subsequently get struck by a car, it's hardly the fault of
the driver who hits you.

What about the user; should the user be required to have a computing permit,
similar to a drivers permit, or even a computers license to be a user of any
computer. If you're thinking that's a crazy thought it isn't. Many
"skilled" computer users use their systems day to day warding off attacks
from compromised systems of users whom are clueless to what they are even
doing on the computer. Most of which do not even realize that they have been
infected. Where are the computer "police" to protect my systems?

There have certainly been times when I've thought that this would be a
fine idea. There are some people who simply should not be using
computers. However, I don't see any practical way of implementing any
such program, and we already have far too much of governments' delving
into private areas where they don't belong, as it is. It's up to you to
protect yourself and your own computer.

I am sure if someone was to drive a car and hit parked cars on the streets
and crash into other cars they would soon be apprehended and penalized for
this. Should the same be applied to computer usage?

No, we really don't need any more of a "nanny" society; people need to
learn to rely upon themselves, rather than expecting impersonal
governments to babysit them through life.

There are several essential components to computer security: a
knowledgeable and pro-active user, a properly configured firewall,
reliable and up-to-date antivirus software, and the prompt repair (via
patches, hotfixes, or service packs) of any known vulnerabilities.

The weakest link in this "equation" is, of course, the computer
user. No software manufacturer can -- nor should they be expected to --
protect the computer user from him/herself. All too many people have
bought into the various PC/software manufacturers marketing claims of
easy computing. They believe that their computer should be no harder to
use than a toaster oven; they have neither the inclination or desire to
learn how to safely use their computer. All too few people keep their
antivirus software current, install patches in a timely manner, or stop
to really think about that cutesy link they're about to click.

Firewalls and anti-virus applications, which should always be used
and should always be running, are important components of "safe hex,"
but they cannot, and should not be expected to, protect the computer
user from him/herself. Ultimately, it is incumbent upon each and every
computer user to learn how to secure his/her own computer.


To learn more about practicing "safe hex," start with these links:

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

Home Computer Security
http://www.cert.org/homeusers/HomeComputerSecurity/

List of Antivirus Software Vendors
http://support.microsoft.com/default.aspx?scid=kb;en-us;49500

Home PC Firewall Guide
http://www.firewallguide.com/

Scumware.com
http://www.scumware.com/

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Mr. Backup]

Just as you said "After all, the infection would be pretty much your own
fault, for not taking adequate precautions." So based on that, the users
fault not securing or having their system secure, can they also be at fault
for their computer damaging another's computer system. Well if I didn't put
my parking break on my stick shift car and it rolled backwards down a hill,
and smashed into a few cards I am at fault for the damage as I didn't
perform the task of ensuring my card was parked correctly.

So again was I am getting at is, why haven't there been lawsuits against
people whom are infected and whom spread the infection. I know there are
laws in the non cyber world that if I had a virus e.g. HIV, and I went
around having sex with others and not warning them I would be brought up on
charges, wouldn't I not?

 

[Jon Phipps]

the solution, as far as I can see is to get rid of gui operating
systems(these are what allowed all the script kiddies and other wannabes in
to the computer field) and go back to the days of mainframes(limited user
access) or command line unix/linux. But personally I would rather keep my
WinXP and make sure it is secured.

Jon

 

[Mike Fields]

Just as you said "After all, the infection would be pretty much your
own fault, for not taking adequate precautions." So based on that, the
users fault not securing or having their system secure, can they also
be at fault for their computer damaging another's computer system.
Well if I didn't put my parking break on my stick shift car and it
rolled backwards down a hill, and smashed into a few cards I am at
fault for the damage as I didn't perform the task of ensuring my card
was parked correctly.

So again was I am getting at is, why haven't there been lawsuits
against people whom are infected and whom spread the infection. I
know there are laws in the non cyber world that if I had a virus e.g.
HIV, and I went around having sex with others and not warning them I
would be brought up on charges, wouldn't I not?

A while back while I was reading the Comcast AUP (really !!
I did read it ... once ), I remember seeing something to the
effect that you were responsible for maintaining your computer
so that it did not cause problems like spam etc (don't remember
the exact wording) and that if you did not, they could terminate
your account. Don't know if they really have done that to
anyone, but it was there.

mikey

 

[Roger Abell [MVP]]

There are a lot of things that really do not follow the model found with
other aspects of our society. Consider, the recent patch that was
circulated was "leaked", not "stolen", at least in the terminology used.

 

[Mr. Backup]

YES
Cablevision has done this. Mother In-law's computer infected with a type of
bonnet and was being used as a server.
They killed her account because of prolonged bandwidth usage (exact
wording).
This is part reason why they not block ports for USENET SMTP AND Soon IRC.

Read the TOS from time to time. Many Cable ISP's are now blocking NNTP from
3rd party, thus news.Microsoft.com becomes unreachable.. I don't know if
they news.Microsoft.com have an alt. port to use. If not users are out of
luck.
Also they have started blocking IRC and ports such as 8000, 7000 , 7070,
8080, because they are used for media services, and if you need to use them
you should pay for an upgraded account. "business services".

 

[Jon Phipps]

btw 8080 is the socks firewall port, irc are 6667-7000. As to blocking the
news servers many ISP's carry their own news feeds, mine does but I dont use
it they have, however blocked smpt access via servers other than their own,
which means I cannot easily get my work email from home. If your mother
inlaw's computer is infected then I suggest you take some of the advice and
tools from this group and clean it up. News can be access from google, yahoo
and other places although the content filters insisted on by my states dept
of ed block some of the sites.

Jon

 

[Mr. Backup]

So the term unlimited internet is no more.
I know all the ports and protocols and what they are defined as in the
RFC's.
What is wrong is that ISP's have take up being the police for the users
under them.
The net has become such a welfare state at this point that its almost
sinking.

Soon Like how I started off posting , we will be giving out computer
registrations and computer user licenses and ticketed and fined for our
computers misuse, need be by our hand or the hands of a hacker.
Another example: Car is stolen (same as computers services being hacked into
remote), the thief (hacker) kills someone with your car or causes damage
with your car, then ditches the car (the hacker would unregistered his
rootkits). Who will answer for this crime?
Your damn right "YOU WOULD". Why? cause you never reported it, this makes
you the responsible one.
What I am driving at here is this. Its all about accountability. Most
people don't account for any action they perform on their computers. You
have users whom firewall them self in using an application firewall and then
blame the ISP for their problems.
You have users infect themselves with a viruses from email and then again
BLAME the ISP for not cleaning their email for them.