[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bernstein ruling meets the virus law
On Mon, 22 Apr 1996, Mark Aldrich wrote:
> On Mon, 22 Apr 1996, Bruce Marshall wrote:
> > Several other countries have very similiar laws. However, I had
> > heard a somewhat unproven rumor that a U.S. state had actually made the
> > writing of programs with malicious purposes illegal. Basically meaning
> > that if you write a virus you have committed a crime. Like I said
> > though, this was just a statement in a message so I can't vouch for the
> > accuracy.
> But, define "malicious purpose." One man's low-level format is another
> man's desired application of the moment.
There usually is a pretty apparent line between authorized and
unauthorized functions in regards to computer programs. I don't think
that even Microsoft with their pages of disclaimers could release software
that, unbeknownst to its user, destroyed data.
> I hate to paraphrase a tired
> line, but "self-replicating programs don't hurt computers - mean people
> do."
I have heard AV people argue that regardless of its purpose
(malicious/destructive or not) all viruses can be harmful. Whether this
is simply running the computer out of memory or using bad system calls that
result in data loss is irrelevant to them. I don't quite buy into that
argument since we can find the same flaws to be inherent in any software we
run. However, since you haven't really consciously allowed the program to do
whatever it is doing, the person who infected your machine is typically to be
held responsible for unauthorized access at a minimum.
> The term "virus" connotes a pathogenic quality in the mind of
> many. Unfortunately, this tendency continues in the use of the word
> 'virus' within our community.
Personally, I can see many useful functions for viruses. But I find the
viruses that simply destroy data--which tends to be the majority--to be
quite boring and childish. A non-destructive and innovative virus is
very interesting and comparable to any good software hack in my eyes.
> While I understand that "intent" is something with which lawyers have to
> contend when they defend or prosecute a case, I don't think that the
> notion of intent to commit harm extrapolates correctly into the field of
> virus writing.
These were not my thoughts as I was only commenting on a alleged law
that had been passed. I agree that we can't look into our crystal ball
and see whether Mr. McViruswriter had really intended for his virus to
wipe out part of the Secret Service's computer network. I would wager
that if legislators did indeed pass such a law in the U.S., they probably
were hammered with the same type of anti-virus propaganda that AV people
always seem to be throwing out.
Bruce Marshall