Full Disclosure mailing list archives
Re: This crap needs to stop
From: Eliah Kagan <degeneracypressure () gmail com>
Date: Mon, 28 Nov 2005 19:12:55 -0500
Paul Schmehl wrote:
Well, that's not what I said, but doesn't a company have a responsibility to virus-check any software they ship *before* they ship it? It's not like this is something so new that a normal check wouldn't have found it. And isn't the *effect* on the end user the same? Yes, the motivation was perhaps different, but how does that matter to the customer whose computer is now trojaned? Does "we didn't mean to do it" excuse them?
doesn't a company have a responsibility to virus-check any software they ship *before* they ship it?
Yes. I hope I didn't imply otherwise, or that it's OK to sell hard drives that are infected by trojans.
And isn't the *effect* on the end user the same?
No. Sony is making war against its customers. They apologized primarily because their spying technique caused harm to the day-to-day operation of their customers' computers--you can see that in their official statements. They are only sorry because their spying technique was not effective enough. I-O Data recalled the hard drives immediately--compare this to Sony's reaction. (If you want to remove the rootkit, you have to give Sony your personal information. Sony has yet to release an official removal tool similar to Sophos's--that you can download anonymously.) There is backlash against Sony right now, but it's not clear that that will continue. For quite some time large corporations have been intruding on the rights of users to control what their own computers are doing. That's fundamentally what spyware is about, and that's why Steve Gibson (GRC.com) has been so successful with his trademarked phrase, "IT'S MY COMPUTER!" Many people think DRM and other things designed to stop people from controlling the operation of their computers are OK. For quite some time, large (and small) corporations have been intruding on the rights of their customers to keep their personal information private. This is what spyware is about, secondarily. Sony got burned because they did this in a politically gauche way. It's not as if we're not going to see this again. When we do see it again, I think it's important that we differentiate it from really embarrassing mistakes, like the one made by people at I-O Data, or we're not going to be able to fight it effectively. The effect to end users of an act carried out in maliciousness as part of a targeted, coordinated effort to violate their privacy and prevent them from controlling the behavior of their own computers is worse than an isolated error that is quickly addressed. -Eliah _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- This crap needs to stop Paul Schmehl (Nov 28)
- Re: This crap needs to stop Michael Holstein (Nov 28)
- Re: This crap needs to stop\ Steve Friedl (Nov 28)
- Re: This crap needs to stop\ Nick FitzGerald (Nov 28)
- Re: This crap needs to stop\ Steve Friedl (Nov 28)
- Re: This crap needs to stop Nick FitzGerald (Nov 28)
- <Possible follow-ups>
- RE: This crap needs to stop Todd Towles (Nov 28)
- Re: This crap needs to stop Eliah Kagan (Nov 28)
- Re: This crap needs to stop Paul Schmehl (Nov 28)
- Re: This crap needs to stop Eliah Kagan (Nov 28)
- Re: This crap needs to stop Goetz Von Berlichingen (Nov 29)
- Re: This crap needs to stop Eliah Kagan (Nov 28)
- Re: This crap needs to stop Michael Holstein (Nov 28)
- Re: This crap needs to stop Eliah Kagan (Nov 28)
- Re: This crap needs to stop Stephen Johnson (Nov 28)