[NTLUG:Discuss] New IIS Virus
Steve Baker
sjbaker1 at airmail.net
Wed Sep 19 23:58:45 CDT 2001
Mike Hart wrote:
> What if the counter attack were only launched on sites
> that tried to load stuff onto your box? that is, if a
> webserver tried to hand you readme.exe, you go in and
> wipe the nimba clean. That could legally put you more
> into an active defense of your own site, rather than
> intruding into others.
IANAL - but...
The trouble is that the only way to find out whether
an "active defense" to a virus attach is legal or not
is to try it and let yourself become the test case.
So you try this - and maybe get dragged into court and
test your defense....if the decision is made by a 70 year
old judge who's never used a computer, you might as well
flip a coin:
If you win, it's a good thing, we all cheer, this becomes
"case law" and we wipe out the problem of badly configured
Windoze machines overnight.
If you lose, it's 5 years in a Texas jail and a ban
on being left along with a computer for another 5...
with the small consolation of getting your name mentioned
a LOT on Slashdot. :-)
> That is, the software pretends to be a 'stupid'
> microsoft server, and gives the answers that an
> unprotected microsoft box would. The counter attack
> waits until an illegal activity has occured before it
> initiates a wipe sequence. Would this still be an
> illegal program?
Maybe, maybe not - but without some REALLY clear assurance
that it is, I wouldn't want to become the next Kevin Mitnick.
----------------------------- Steve Baker -------------------------------
Mail : <sjbaker1 at airmail.net> WorkMail: <sjbaker at link.com>
URLs : http://web2.airmail.net/sjbaker1
http://plib.sf.net http://tuxaqfh.sf.net http://tuxkart.sf.net
http://prettypoly.sf.net http://freeglut.sf.net
http://toobular.sf.net http://lodestone.sf.net
More information about the Discuss
mailing list