Re: FW: Careful. This is for information only.
On 7 Aug 2001, John Hasler wrote:
> Ian writes:
> > Seems like a pretty grey area though. He is ultimately responsible for
> > it. There has been enough publicity about CR to ascertain that the
> > system admin was negligent in his duty.
>
> Someone on Advogato just pointed out another risk. What if you only popped
> up a message but someone else installed a nasty trojan? How do you prove
> that you didn't do it?
The burden of proof should be on the accuser, especially when dozens
(hundreds, thousands?) of computer owner's log files show the box was
engaged in a potentially damaging activity before the warning dialog
popped up. Perhaps checking with a registry of infected/infested
machines first would help.
If someone put a vermicide package in Debian, I would probably install
and use it... for sure if it had a sequence of actions that were
triggered by sucessive probes from the infested machine (ranging from
least to most intrusive, and taking steps to minimise the equivalent
of a DDOS attack on the infected machine).
I think the time is right for software antibiotic and vermicide
packages, and I think anything that helps stop the spread of
infectious agents would be welcome by everyone using the 'net for
legitimate purposes... as long as the steps taken are not proactive,
there should be little room for the owners of systems that get
medicated to accuse the users of such packages of engaging in
nefarious activities.
- Bruce
Reply to: