RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

Besides which, there is a reason that the law is complex, and there are so
many legal concepts like "probable cause", and I'm certain there are plenty
compelling arguments and precedent supporting why I wouldn't get busted for
picking up a gun that was completely accessible to anyone on someone's front
lawn. However, the counter-worm, is completely against all legal precedent.
In order to convict someone of criminal activities, you need habeas corpus,
i.e., evidence of a crime, and in the case of hacked machines running
attacks, you'd probably have to prove intent, otherwise it's just
negligence, and becomes a civil rather than criminal case most likely.
Whereas if you release a fix-it worm, or manually hack in and patch someones
system, you are guilty, and can even be shown to have intent to commit a
crime, whereas a hapless system administrator whose box is hacked, doesn't
have any intent to do harm.

I realize that laws differ from country to country, but still, a
counter-worm would be illegal in any country in which the worm itself was
illegal, I would say. Finally, vuln-dev is not a legislative mailing list,
so I never thought for one minute we should or were discussing the changing
of laws, I simply thought we were discussing the pros and cons of worms that
patch vulnerabilities, specifically the so called Code Green worm. Now, I
don't think most people on this list are qualified to determine what laws
should and shouldn't exist, I know I'm not. I am, however, qualified, as I
suspect many on this list are, to speak about the technical, and common
sense aspects of a IT security related issue. That does include whether or
not it violates any laws that I am aware of. Also, I'm apparently qualified
to get in a silly flame war over a childish idea that most people out grow
at some point. Oh well. :>

To sum up my opinion on this idea:

1. It would be illegal (generally considered a bad thing) in most places.
2. It has a potential for doing harm to systems.
3. It would work largely without any of the clueless people it is helping
out's knowledge, and therefore they wouldn't learn anything.
4. It would still use up network traffic, and would in time be a problem in
and of itself to get rid of.
5. it could provide a nice bit of background chatter to distract IDS & NIDS
systems and folks, which could allow really malicious attacks to sneak in
under it's signature "noise".
6. It sets a very bad precedent, that it is ok to ditch communication and
cooperating, and just go fix someone else's system yourself... This carried
to it's logical conclusion turns the community of network and system admins
who control portions (however large or small) of the internet, from a mostly
cooperative group, into a armed camp. There is no highest law on the
internet, group cooperation and consensus are all we have. Rather democratic
and friendly most of the time. I'd hate to see that change.

Sincerely,

John R. Morris

P.S. Stanley, I know that what you said wasn't contrary to my opinion, I
just picked your message to jump back on this thread. I agree with you, of
course,
this isn't about guns or children, and when was the last time someone
vaccinated you without proper consent ??? Next they will drag out Nazis or
Communists, and some sort of holocaust or other horrible thing, and compare
our side to it. Ahh, just like the good old days on Usenet, before the great
renaming...

-----Original Message-----
From: Stanley G. Bubrouski [mailto:stan_at_ccs.neu.edu]
Sent: Friday, September 07, 2001 2:21 PM
To: David Schwartz
Cc: jrmorris; 'Jay D. Dyson'; 'Vuln-Dev List'
Subject: RE: CodeGreen beta release (idq-patcher/antiCodeRed/etc.)

On Fri, 7 Sep 2001, David Schwartz wrote:

>
> > I can't believe anyone honestly considers a "counter-attack" worm the
same
> > as self-defense. Deadly force, or otherwise normally illegal amounts of
> > force, is justified only in defense of your life, or the lives of
others,
> > your physical well-being, or the physical well-being of others. Defense
is
> > something done to prevent something from happening, retaliation
> > is something
> > done in response to a previous act. Furthermore, from what I gather,
it's
> > not even retaliatory, it's pre-emptive, being a automated worm like CR.
In
> > any case, it is illegal, and rather morally and ethically
> > suspect. Releasing
> > yet another worm that attempts unauthorized access to someone's
> > machine, and
> > then runs code on it is illegal.
>
> Say someone has left a loaded gun on their lawn, where anyone could pick
it
> up and shoot it at anything they chose. Is it morally justified to
trespass
> onto their property to remove and unload the gun? Do you have to wait
until
> you see a child nearby? Until a child picks up the gun?

This isn't about guns and it's not about children. If someone uses a
compromised system and does something destructive, it's in the hands of
the infected user or his or her company to deal with it. It's not up to
you or anyone else to decide what's best for other people's property.

>
> DS
>

Regards,

Stan

--
Stan Bubrouski                                       stan_at_ccs.neu.edu
23 Westmoreland Road, Hingham, MA 02043        Cell:   (617) 835-3284