Symantec Tries to Censor Criticism 328
Let's first get the facts straight. Peacefire has not posted copyrighted material. It has posted code to decrypt I-Gear's encrypted blacklist. This is exactly like the DeCSS case, except the goal is criticizing a product instead of space-shifting movies.
The criticism here is that 76% of the .edu-domain blocks are wrong. This is a huge number. This suggests that, for every time the product blocks you from offensive material at an .edu Web site, there are three other times it blocked you from perfectly ordinary material.
While there are some people (like Bruce Taylor of the National Law Center for Children and Families) who would like to deny it, nobody's making this stuff up. Censorware really does suck. In fact, Peacefire did the same thing to X-Stop, another blocking package, two weeks earlier, and found a 68% .edu error rate. (But its maker hasn't threatened to sue. Yet.)
So what did Peacefire learn about I-Gear? A description of a milking machine system written in Spanish - blocked. Tricks for a flight sim game - blocked. A page entirely in Latin - blocked. Volumes 4 and 6 of "Decline and Fall of the Roman Empire" - blocked (but you can still read Volumes 1, 2, 3, and 5, go figure).
Furthermore, Peacefire revealed that Symantec is apparently violating its privacy policy by sending information to its servers without telling the user. Your Windows-registered "real name" and "company name" secretly get sent back to Symantec.
You may recall Haselton's Slashdot story "Keep it Legal to Embarrass Big Companies," from two weeks ago. He wondered if these kinds of pressure tactics would be the response to his efforts. It's already started.
The legal issue appears to be whether Symantec's End-User License Agreement (EULA) can contain a clause prohibiting reverse-engineering - and whether that clause can be enforced. UCITA will be the thousand-pound gorilla here, providing real legal muscle behind onerous EULAs. Fortunately, the current legal situation is more iffy, and cnet's story talks about that a little.
Symantec wants to distribute I-Gear only on the condition that nobody looks under the hood or says anything bad about it. And UCITA would back that up - by sending people like Haselton to jail for revealing products' flaws.
And then there's the question of why Symantec is using lousy crypto in the first place. As KnobDicker concludes: "Rather than being thankful that Haselton has conducted testing and work that they should have done themselves in the first place (for *free*), Symantec is crying in their beer and threatening to break out the lawyers to quash the bad press. Chalk up another one for the Open Source model's system of thorough peer review instead of development in a proprietary vacuum."
Nah! (Score:2)
Give a little, get a lot (Score:5)
----------
Fair Use (Score:5)
Remember when Sony filed suit against Connectix for essentially the same thing? End result was Sonly lost because the court of appeals stated that Connectix was in compliance with the DMCA and that this use of reverse engineering is protected under fair use.
Of course Latin is blocked (Score:4)
Eric
"lousy crypto" (Score:3)
>using lousy crypto in the first place
Because it's not possible to keep secrets on an untrusted computer that needs to access them. If the program needs to decrypt the URL list itself, than so can anyone with a copy of the program, if they spend the effort. You can sue the best crypto alogrithm in the world, but then they key is stored somewhere in the program, where the owenr of the computer can get at it.
This is a fancy version of copy protection and client-side security. It can't be made unbreakable.
Blocking Software, education, and me... (Score:2)
XXX Latin (Score:2)
As for the blocked Latin page, Courville speculated that the software's language-translation capabilities may have found something in the Latin text that qualified it under the pornographic categorization.
Haselton guessed that something may have been the high frequency of the Latin word "cum."
That's classic.
-josh
Honestly, no suprises... (Score:5)
Some of you may recall that Solid Oak Software has threatened Peacefire in the past. Hell, Solid Oak has even mail-bombed detractors and has recompiled their CYBERSitter software to generate a fake error message if it finds peacefire.org in your browser cache on install. Don't be suprised if Symantec does equally vile things to their consumers. After all, censorship is vile business. Certainly, there is no reason for this attack on Peacefire other than to "get even" for questioning their "moral" authority.
The only thing we can hope for is that this will result in a win for Peacefire. Otherwise, get ready for Big Brother in full effect...
Ludicrous License and Open Source (Score:2)
Come on... (Score:4)
If they can decode the list in it's entirety, why don't they do a little more analyisis of it... What is percentage of
How about an analysis of the first 1000 entries? EDU or not.
In direct marketing, people realize that a sampling of 10,000 people from a given list is generally the bare minimum to use in terms of being able to accurately predict response rates... For instance if mail something to 1,000 people from the same list and get a great response, you shouldn't go ahead and buy 100,000 more names fom that list, because you didn't get an accurate sampling...
The same goes with peacefires thing... They're using nearly enough information to give a real idea of what's happening... When you're able to skew data like that, you can show nearly any result that you want.
Re:Of course Latin is blocked (Score:4)
-cpd
Re:Give a little, get a lot (Score:3)
As a similar note, I'm now going to be dropping my copy of Norton AV (Symantec's AV software, for those cave dwellers), and going and getting something else for my home network.
I mean, if I buy product from these companies, how can I really blame them for producing it?
I'm not a lawyer... (Score:2)
Symantec is pushing some crappy software in iGear.
OK, now let's sit back and see if I get sued. I'm waiting.
Still waiting...
Eric
There should be a law... (Score:3)
Every time a piece of censorware blocks a site, it sends the URL (with no information which could identify the user) back to the company which makes it. The companies must keep these lists of blocked URL's public and up-to-date.
Why do I think this should be done? Because it makes you see the censorware companies for what they are; people who compile blacklists of banned information. Not unlike book-burning (I hate to use this comparison so often, but there's nothing more appropriate), only on a scale not seen in the West since Hitler's time. The idea here is to get people to see filters for what they really are. No law is going to directly change the current situation of censorship. It takes a cultural shift to do something like that, to make the people see that censoring knowledge -any knowledge- is far worse than the information itself could possibly be. But for that to happen, people have to see censorship for what it is. Censorware companies have been using sneaky marketing tricks to confuse people for several years now, and the sad fact is that it's worked pretty damn well. So before we can set out to change attitudes toward censorship, we have to undo that confusion. It's the only way it'll ever work.
How about doing it right then?? (Score:5)
Then every week or so the HQ web site puts out a new blacklist. We can have all kinds of easy update utils to help those not squid-knowledgable, and some folks could make a Windows application to do it for those folks as well. Heck, if the existing censorware's methods are decrypted like this one, we could write utils to encrypt it again and drop it in to their directory.
I'm not going into whether you like blacklists or not, so let's keep these to ways of doing it correctly, since these other prorgams don't seem to do it very well. Using an open source list, and appropriate means of rectifying errors, we can do it properly.
Re:Nah! (Score:2)
Now, probably since there is no more competition, all they do is rip you off. Who does this remind [microsoft.com] you of?
I remember the day when buying something that said Norton on it meant that it would _reduce_ the chances of your system crashing horribly. I also remember when there was more than just two companies making anti-virus software (Let's not even get into McAfee).
I know I might sound really old and like I'm losing it but I feel like something should be done about this company. Before it's too late... what if Symantic discovers *nix?
Re:Why edu? (Score:5)
The reasons
1) k12.edu sites often have pages made for group projects by kids under 18, the ones who are supposedly being protected.
2) These same kids will probably end up looking at university sites (or the Smithsonian, if their project is on George Lucas's use of mythology...blah) for those same projects. Doing a report on Diocletian? Go to that Calvin College site and grep (or "find" in Netscape) for his name. Unless, that is, the pages are blocked.
3) The signal/noise ratio on
4) If you are out to Prove Something, like Peacefire, Greek and Roman histories/ literature translated into English SGML are valuable statistics-boosters. I haven't gotten to Vol. IV of Gibbon yet, but I would venture that any good translations of Sophocles's plays have frequent use of words like "bitch." Despite this, who's going to argue that high schoolers shouldn't read Sophocles? (Thomas Bowlder would, but he's dead.) It's very convincing to point a figure at the percentage of
Remember that, at least according to the Al Gore types, the Big Use for the Internet is
--Kevin T.
Re:Of course Latin is blocked (Score:2)
Eric (who knows nothing about Latin, so forgive my possible grammatical errors)
_Manga_ cum laude? (Score:2)
Manga cum laude? You're getting a degree in anime? Cool! Where can I sign up for that program??
-- WhiskeyJack
Woohoo :-) (Score:3)
Jeremy Allen
Disclaimer:This post was made from M14 (Mozilla Seamonkey!)
Re:Fair Use (Score:2)
Mirror it! And what about an open source system? (Score:2)
Obviously, what Symantec should have done is admitted the problem and fixed the software. In fact, they should just make the blocked list of URL's "open-source" in the sense that everyone could see the blocked list, contribute links that should be blocked, and correct things that are incorrectly blocked. Enough eyeballs makes all bugs shallow...
If I was a parent, and I felt I needed blocking software for my children, an open-source system is the only thing I would consider.
Torrey Hoffman (Azog)
Torrey Hoffman (Azog)
More proof that censorware does not work (Score:5)
Even if you had 95% accuracy (which is far, far better than anything on the market actually achieves), there would still be an unacceptable number of unblocked sites and mistakenly blocked sites. Let's assume there are 10,000,000 web sites; under a given rating system, 1,000,000 are blockable, and 9,000,000 are permissable. With 95% accuracy you would have 50,000 sites that should be blocked that are not, and 450,000 sites blocked that shouldn't be.
What really makes me scratch my head is why adult-oriented sites provide links to the various censorware sites. Webmasters, particuarly adult webmasters, should be the LAST people on the planet to lend legitimacy to these snake-oil salesmen and wanna-be thought police.
The internet is an amazing resource. Like the real world, cyberspace has much to offer; some of it appropriate for children, some of it not. Parents need to be educated that they need to supervise their children in cyberspace just as much as they do in meatspace. If people spent half as much money and effort promoting parent education as they did promoting ineffectual censorware, they might actually achive their stated goal of protecting the children. Unfortunatly, for most of these people "protecting the children" is a merely convienient cover for their real agenda of forcing their religious beliefs down everyone else's throats.
"The axiom 'An honest man has nothing to fear from the police'
pron.edu? (Score:4)
http://www.peacefire.org/
March 2, 2000
Download IGDecode, a program that can decrypt the list of sites blocked by I-Gear. We decrypted I-Gear's list and determined that of the first 50 URL's in the
...
So, uhh...12 of the first 50
I don't get the nature of the suit. (Score:2)
secret rights,
What?
They are links. Not ideas or anything intellectual. How can you copywrite this?
How are they trade secrets? Links to porn sites are a secret? These are sites dying to get hits.
I just don't get it. Its like calling my "spots in Lake Ontario to catch the best fish" a copywrited material.
An offtopic anecdote re: cum (Score:5)
(I know, it's miles off-topic, but still a good story.)
Hey, Symantec can do it, too. (Score:2)
And, if Peacefire had numbers like "76% of .edu blocks are incorrect", why doesn't Symantec respond by questioning their methodology, or providing statistics of their own about precision and recall in their filtering software?
Either they have the data, and would rather resort to lawsuits instead of defending their product, or they don't even bother to do the most basic quality control on their product. Either way, that's a really friggin' lazy corporation.
Nope, it's fair (Score:4)
Doing this to EVERY site would simply take too long. In fact, this is how these idiot filter companies get bogus entries to start with -- they just look at the name, don't even bother to read the page itself.
Secondly, this is the TOP 50 sites, presumably the worst offenders. It's as if you were verifying the FBI top most wanted criminals, and found 76% who were in fact not criminals, just ordinary professors or students. Why bother checking the rest? If the so-called worst offenders are 3/4 wrong, why even bother with the rest? If they can't even get the worst offenders right, what does it matter how right the rest are? If Symantec can't be bothered to verify even the worst offenders, what makes you think they are going to verify the small fries?
--
I doubt this will go far (Score:2)
Re:How about doing it right then?? (Score:4)
http://www.microsoft.com (0, Overrated)
http://www.freebsd.org (3, Underrated)
http://www.linuxone.com (-1, Troll)
http://www.debian.org (4, Insightful)
and of course:
http://www.whitehouse.gov (0, Redundant)
;-)
Re:How about doing it right then?? (Score:2)
Personally I wouldn't block anything. However I can see the need for it.
-cpd
Re:Come on... (Score:5)
Maybe they do have something to hide?
Did you read Peacefire's site? According to them:
And the pro-censorship response [cnet.com]?
Oh, God, what an idiot. There are so many things wrong with that statement, I don't know where to begin!
There is no Open Source way to "do it right." (Score:2)
The idea behind Open Source is that code and information should be free. Not just free as in "at no cost," but free as in "free flowing." But the Open Source mindset that is required to have a successful project can't also agree with the idea of censorship in the first place. They are contradictory ideals.
The whole reason censorship is wrong is that no two people can agree on what should or should not be censored. The reason OS works for software is that a bug's discovery or feature's implementation will be obvious to someone, given a large enough sample set. An open source censorware program would have people simultaneously working towards contradictory ends -- every site will offend someone, and every site should be read by someone. So the sum total of all people will want to block everything, while the rest are trying to unblock everything!
This is why we must defend everyone's right to say whatever they want to say, no matter how much we detest it -- including things said by those who support censorship. It's why the price of freedom is ever-present vigilance.
Censorship and Open Source are contradictory aims and an Open Source censorware program could never succeed. Censorware itself is a "Cathedral" mindset -- where the "priests" hand down to us "laypersons" what is and is not acceptable, and if we don't like it, the best we're allowed is to hope for a change in the next revision.
The best way to fight back, if you ask me, is to use this fact to our advantage: No two censors agree on what should be censored, and what should not be censored. A house divided against itself cannot stand. This is, ultimately, why we will win the battle against censorship -- even though today things look bleak.
Re:pron.edu? (Score:2)
You got ME confused for a second, there... Yeah, 12 of the first 50 edu sites that are on the blacklist, not 12 of the first 50 random .edu pages.
You know, "4 out of 5 dentists recommend foobar for their patients who chew gum"
CRAP! Wrong one... (Score:2)
http:// service1.symantec.com/DISCUSS/SUPPORT/feedback2.n
Now, I'll hit the "preview button"...
Re:More proof that censorware does not work (Score:2)
- What really makes me scratch my head is why adult-oriented sites provide links to the various censorware sites. Webmasters, particuarly adult webmasters, should be the LAST people on the planet to lend legitimacy to these snake-oil salesmen and wanna-be thought police.
Why, for the same reason strange and bizarre things are always done: fear of lawsuits. Adult sites are under constant threat of lawsuits from parents. Those parents will blame the sites for every antisocial behavior of their unsupervised children. (We all know how nudity turns children into murderous psychopaths.) So as a defense, these sites can say "But why didn't you use some kind of filter software? Look, we even provide a link to it!" Adult sites don't make any money off of children anyway (no credit cards!) and the adults who regularly visit those sites aren't going to be using filters in the first place (they don't download their porn at the local library). Really, what have they got to lose? As long as filter programs exist, they don't have to worry about the government just up and banning adult sites completely (or they hope).Lies, lawsuits and censorship (Score:3)
I want to go through the banned sites to see if any of my domains are in it. What are the legalities if your site is included? Can one sue because of mistakes made by Symantec? Isn't that lost revenue, the same as if someone cracked into your web server and deleted the site? The results are similar.
As far as threatening Peacefire, they are now in the league of bullying companies that threaten rather than fix. It's surely easier (and cheaper) to threaten lawsuits than it would be to fix the problem. Distributed-checking the URLs, as someone here has already suggested, would allow blocking of real porn sites from kids yet not have stupid blocks against items like Latin language texts. Hell, have URL's checked by at least 5 independent folks to eliminate biased censorship. This would give Symantec an edge over the other censorwares (we check so you don't have to, and we can PROVE it). If their encryption was poor, fix it... but why censor their lists? Is it because they're afraid that bona-fide non-offensive sites will sue? Open the lists. Put in seeded fakes so they can check if other companies are stealing their work.
As an aside, I've always supported Peacefire. I've had a link off of warpedreality.com since I put it online. Isn't it worth a line if text off of your page too?
Re:An offtopic anecdote re: cum (Score:2)
To bad I don't belive in that whole women are equal thing, but what the hell....
Re:pron.edu? (Score:3)
You need to do better than that (Score:3)
How does Haselton's cracking honestly fall under the definition of "interoperability" or "testing computer security systems"? Any definition I can think of where Haselton's actions would be considered "testing security" would be so tortuous as to render the phrase meaningless. "No sir, I wasn't hacking the encryption, I was just testing security systems" isn't going to fly without additional credible indication of intent. Mr Haselton's publication of the encrypted contents along with an analysis of the contents, (not just publishing the fact that the security was weak like 99% of security alerts) suggests quite strongly that his goal was *not* testing security methods but gaining access to secured content. The interoperability argument in this case is even more specious-- what two pieces of software was Mr. Haselton trying to make interoperate?
IANAL, but Haselton looks like he's standing on shaky ground, even assuming a noble purpose. Looks to me like a classic case of thinking that the ends justify the means. I welcome rational counterarguments; perhaps I'm missing something?
--LP
Re:What if... (Score:3)
<p>I hate to disagree, but 'negative mindshare' with who? With the people who have let eBay get away with appalling uptime? With the majority of the public who think MS and Bill Gates personify Noble American Ideals(tm)? With the people who support RealTrojan Theftware, the Spamazon Patent and Lawsuit Company, and DoubleCross?
The general public doesn't care about this sort of stuff. No matter how much they talk about censorship and privacy online, they don't understand the issues, nor do they _want_ to, unless their credit card number is stolen. Fair enough--people don't care about the details of how their power gets to the light switch either. BUT, the end result is that only a tiny minority--us--will give a rat's ass about ANY level of corporate abuse as it pertains to the internet.
Or in short, it's nigh impossible to generate negative mindshare in a flock of sheep.
parent: +1 Funny (Score:3)
Of course, there's always...
http://www.userfriendly.org (3, Funny)
http://slashdot.org (-1, Flamebait)
[TMB]
Re:Fair Use (Score:2)
The DMCA does permit cracking devices to conduct encryption research for the purpose of interoperability and to test computer security systems. Fair Use. This is what Haselton has done, plain and simple. Reverse engineering is addressed in the DMCA for certain areas. Haselton was fully within the realm of information security validation.
Once again, the DCMA and UTICA are at odds... What a world.
Re:How about doing it right then?? (Score:2)
Unfortunately, it won't work.When you have a (self-appointed?) group of people deciding these things, it's going to get skewed towards their own personal biases. Unless you take an open, /. model, you can't avoid it. Even with 'meta-moderating' on the website like you propose, you're going to get a disproportionate amount of certain site content that the main moderators dislike to wade through.
And even then, the /. style of moderation depends on the honesty of its users... now how honest do you think the meta-moderators are going to be about adult sites?
For one thing, who is actually doing the moderating? It's basically two camps: the 'net savvy geeks, and the casual users who just point and click. Most of the point-and-clickers won't want to spend time doing this, so we're down to the geeks and the end-user protectionists. I think we've seen how all the geeks tend to respond to this on these boards, and with situations like Holland, we know how the protectionists work. So, where do we end up?
We end up with people who don't want to see porn either having to view it to verify those sites, or just trusting what's already been submitted and clicking 'Fair'. On the other side are the people with more liberal views of porn, who will mark such things 'Unfair' even if they may be rather graphic to others. Then we have the very few who will actually check out the sites, think it through, and then moderate appropriately once they've considered what they believe is 'acceptable' to the 'majority'. Of course, their own views on what the 'majority' finds acceptable are based on their own personal biases...
It's way, way too fuzzy. Is there a limit to how many times a site can be submitted as porn? What about subsites? What about old sites that change from porn to non-porn, or vice versa?
This would require tremendous amounts of people, or tremendous amounts of time for a small group (who would be much more likely to skew the results just based on sample size). I don't see either way as practical.
And to top it off, you have to educate people to use the end-software. It either has to be built into the web browsers (and we know how quickly things become non-standard that way), or a seperate program that has to be downloaded, installed, and set up. And yes, you have to make it cross platform (open source?), or it's useless to a majority of Internet users (not just Windows, but MacOS, *nix, and even BeOS). Otherwise you're only catering to a specific subset of the users, which is just as ineffective as having no blocking at all.
Won't it be fun if someone implements a non-standard blacklist in addition to the 'official' one for the blocker program, or even writes their own version of the blocker program? I'm sure we'll have many seperate organizations popping up with their own lists, just as we have many different blocking programs right now. We'll have the offical OpenBlock list, Anti-Gay Block list, No-Bare-Skin-At-All-Even-For-Medical-Sites Block list, etc... And you can bet people will be downloading the more strict versions based on their own preferences, meaning they may be stuck with blacklists as erroneous as the commercial ones are now. Back to square one...
So far the only method I've seen that's even halfway effective is the RSAC rating system. The only downfall has been that it's completely voluntary, and most commercial porn sites aren't going to bother with such things (either because they don't care, or because it would lower their hits which means lower ad revenue). I don't know how to make it more useful without legislation requiring rating every time you put up a new/altered webpage though. And we all know the pace of web development is too fast for such a thing.
I just don't see blocking software as effective in any form, because of its inherent flaws in determining what is or is not porn, and the personal choices of the companies/moderators as to what is appropriate for viewing. Even with your open content model, it's brought to its knees by the sheer numbers necessary for a fair moderation of content, or by other groups making competing (and error prone) alternate lists.
I actually like your idea, I just can't see a way for any central blocking system to work practically with web content.
______________________
Some insight into the subject..... (Score:3)
What pisses me off, however is the fact that in the product advertisements they say that they list is constantly updated by humans. Now I am lead to believe this is bullshit.
I still am not *completely* opposed to filtering... there are sooo many people out there whom are so terrified that their kids will *gasp* find a nude picture on the net, or they might come across something that implys that there may in fact not be a god, or whatever, and these people would not allow their children to use the internet if it weren't for this sort of option.
I think that the guys at peacefire are generally doing a good thing here, but they still kinda need to get a clue. There is more to this software than they are letting on. First of all, the software allows two accts, one filtered and one not filtered. If a kid says that a site is ok, but the software is blocking it (I had this happen with a greeting card site once-- completely clean FYI) the parent can log on, check it out, allow the child to see the site for 5 minutes (i believe) and then email the admin, who can make the page always allowed.
How bad is that?
Please also keep in mind that the site is very unscientific and could possibly be very misleading. They only showed the first 50 of the
Just keep that in mind.
And as for people blaming all of this on Symantec... It has little to do with them. They just recently bought the company that used to make I-Gear... UR-Labs.
Just trying to set things a little straight --
-- Kneel (uber-geek)
Peacefire blocked by our filter... (Score:4)
We use a Sonicwall [sonicwall.com] unit for DHCP/VPN/filter here at work, and it blocks the peacefire.org site with the following codes:Code:abcdefghijkl - 00.C0.F0.48.51.E0 - www.peacefire.org
Here's the breakdown on what those letter codes mean
Time to let their filter people know about this "oversight"...
Re:Nope, it's fair (Score:2)
"Again, we looked at the first 50 sites extracted from the file in order, to avoid
people accusing us of "stacking the deck"."
If they just picked the worst offenders they'd have 100% wrong blocks with a sample of 50 (and probably with a sample of 10000).
Re:This is a benchmark- see the peacefire site (Score:2)
Note: 1. Peacefire does not claim the whole block list is inaccurate at 76%. 2. They note upfront in the first paragraph that they only test the first 50 reachable
Peacefire isn't a competitor claiming better performance than Symantec. They are claiming that this(symantec's product) cannot substutite for direct supervision. This is a simple proof by counterexample and one exception is all that is required.
Duncan Watson -Rock climbing, Encryption, privacy
PGP Fingerprint -PGP Key on www.keyserver.net
Re:I doubt this will go far (Score:2)
St. Augustine is apparently smut!!! (Score:5)
Repugnantia est Futilis! (Score:2)
Yes, we know that its a perfectly innocent word in Latin (meaning with, when, as, while, since, and although - depending on context), but if they scan the text of pages for keywords, I'm sure "cum" would set off a flag somewhere.
Just a thought. Not so much a defense, as the author said, if they had paid some bloke $10 to just check the blocked sites, they would do a far better job of convincing people they actually care about the quality of their product, which apparently they don't. They're willing to spend more money covering the fact that they don't care about its quality then they probably will on actually improving it.
Typical...sadly.
Re:Fair Use (Score:5)
True. So far so good.
Fair Use. This is what Haselton has done, plain and simple.
That's not a question of fair use. It is explicitly permitted to sue people under DMCA even if there was no copyright infringement whatsoever. Yep, that's one of the beauties of DMCA: the act of breaking protection is the offense in itself, regardless of the rights that you might have with regard to the protected copyrighted material.
So fair use doesn't fly here.
Reverse engineering is addressed in the DMCA for certain areas. Haselton was fully within the realm of information security validation.
See, the problem is that judges (with some notable exceptions) are not stupid. They can understand why Haselton broke the encryption just as well as we all do. There is no interoperability issue (interoperability with what??) and the "testing security" defence looks *very* shaky to me.
I'm getting tired of pointing out that DMCA does, really really does criminalize standard actions that we all take for granted. It's not the case of some judge "not getting it", it the case of a very bad law that must be repealed or at the very least castrated.
Remember when Sony filed suit against Connectix for essentially the same thing?
Not the same thing. Connectix did the full-blown clean-room reverse engineering thing and they were able to show and document that the room was "really clean". That's why they won. Besides what Connectix was doing was a straight interoperability example.
You've been warned: until something is done about DMCA we are going to see uglier and uglier applications of it.
Kaa
Re:More proof that censorware does not work (Score:2)
As soon as I get finished writing that subject-general Turing Test program, I'll put it right to work on running a blocklist :) (er, or should that be bl a cklist? HH1/2J)
--
Make Money on the 'Net [geocities.com]
Re:How about doing it right then?? (Score:2)
Unfortunately, I started a new job with a startup company two days after I registered it, so I haven't made much (~ zero) progress.
LetterRip
What does this software block, again? (Score:3)
"Install our software! It blocks bad sites!"
"Which sites in particular does it block?"
"Bad ones!"
"Which bad sites?"
"We can't tell you which ones, because then someone else might come along and block the same sites."
*wince*
Re:You need to do better than that (Score:3)
security and/or operability testing is not
what he was doing.
> IANAL, but Haselton looks like he's standing on
> shaky ground, even assuming a noble purpose.
> Looks to me like a classic case of thinking
> that the ends justify the means.
Here I disagree. You seem to imply that his means
are not justifiable by any other rational. Is it
not possible that he believes that his means are
justified?
I can not speak for Mr Hassleton myself (though
I am wearing my PeaceFire T-Shirt here at work
today), I personally think that what he did was
perfectly justified, no matter what the law may
say.
In fact, I would go as far as to say that
any law which would allow companies to sell
a product to a consumer, and allow the company
to take away the consumers right to take it apart
and see exactly how it works and what it does, is
an unjustified law.
I think a consumer has a RIGHT to do whatever
they wish to a product that they purchase. I think
that if a consumer takes apart a product, and
finds out that it does things which the producer
was trying to hide (like sending off info to
the company, or blocking sites that should not
be blocked) then that consumer has not only the
right, but the DUTY to expose these facts.
The simple fact is that he took this product. he
opened it up. He found out that it does NOT
work as advertised. It does things that consumers
should be aware of.
Re:Peacefire blocked by our filter... (Score:3)
;-)
Eric
Re:How about doing it right then?? (Score:2)
In an ideal world, the parents that are worried about their children browsing "inappropriate" material would be watching their children and keeping tabs on them. That's not to say that censorware and Bess proxy filtering and the like are good. Any type of censorship is bad to me, although I see no reason why the Web and the Internet in general are any worse than MTV, a channel that coerces (through the videos, the really pointless shows, and the commercials) kids into buying products that they might normally avoid like the plague. Thus, children are going to become corrupt, so to speak, even if filtering mechanisms are installed. I don't think there is any perfect solution to this; censorware doesn't necessarily filter content correctly (although the original poster's idea is an improvement), and kids will find a way to access "inappropriate" material. Censorware is pointless, and it gives a false sense of security. It should either be improved in a drastic way, or it should be scrapped altogether.
Re:Why Encrypted Anyway? (Score:2)
Because they only enjoy lawsuits when they're the plaintiffs.
--
Re:Why Encrypted Anyway? (Score:2)
> to be constantly updated, so what they should be
> selling is a filtering service.
They are encrypted to stop people from reading
them. The idea is to hide their mistakes. If
anyone could quickly glance at the file and find
blocked sites....or edit the file (and not pay
for updates or a subscription) then it would
mean eithe rbad PR or less money.
(assuming they sell updates...I really am just
guessing).
Remember...you can xor a file with "Hi mom" and
effectivly block 99.9% of consumers from
reading it. (a good atacker would have it in
no time).
It also stops someone who makes a quick and
simple filter proxy at home...and plans to just
steal their list for his product harder.
Now he has to know how to decrypt it first.
They must be assuming "if I can't break this
encryption or easily find the key in the binary,
then I bet noone else will either".
remember...decisions are often made by managers
rather than technical people.
> This is also why there aren't more filters for
> Linux.
you mean like an httpd.conf for apache with
proxy on and mod rewrite?
in about an hour I setup an apache proxy which
filters out all banner ads (at least ones I
know about...like the ones on slashdot) and
replaces them with a local picture
(see linux journal article on this subject)
-Steve
Re:Why then this lawsuit and not for defamination? (Score:2)
> working with Peacefire instead of against them.
> You can even say "The only censorware approved
> by anti censors." or something catchy like that.
While I am wearing a Peacefire T-Shirt today, I
do not speak in any way for Peacefire....
I think the only way Semantic could possibly
"Work with peacefire" would be if they would
chuck their product alltogether.
IMHO it is about rejecting censorware period. The
end. The very idea that some 3rd part can decide
ahead of time "whats ok" and "whats not" and then
wholesale aplying it to kids as a replacement for
parental supervision...or in libraries etc is
offensive, and unacceptable.
Their entire concept is unacceptable to me. I
think you will find it is unacceptable to many
who are against censorware.
One more great Taylor-ism ... (Score:3)
No, but it is equivalent to allowing anyone to hire chemical engeineers to figure out the formula. And I believe that this is perfectly legal. In fact, it's the basis for the Designer Imposters perfume line (assuming all liquids are entitled to equal protection under the law).
Why porn sites link to censorware sites.. (Score:2)
The censorware is not very good, but letting the government regulate is worse!
Re:Why you should always fill in SW reg with "n/a" (Score:2)
Now admittedly you could have made that bogus as well, but presumably you weren't expecting it to be used like that. And the Windows install might have been far back in the depths of time. Or something.
Slight clarification, reiteration (Score:2)
--LP
Re:Peacefire blocked by our filter... (Score:4)
am against censorware in libraries btw (or
anywhere else). Simple fact: They do NOT just
block porn.
Think about it...the entire argument for
censorware revolves around porn...but they
block so much more...the worst of which is
of course...they block dissenting opinions.
but...
> g = Satanic/cult
Nice...and who decideds what is "Cult". From my
point of view the catholic church would be a
cult...so would any other church or religous
group (except maybe the wiccans and a few others)
WHo are these people to draw the line between
religion and cult. I know I am not qualified (as
I just admited above).
> h = Drug culture
So I supoe that means DARE and other organizations
who teach nothing, yet expose kids to drugs (and
have been linked to INCREASE in drug use...as
exposer makes kids curious)...would be OK
However lycaeum or some harm reduction site that
actually EDUCATES and tells people things like
"Mixing A and B could kill you"...are probably
not ok, since they "condone use"
-Steve
Blocking software (Score:2)
*.freshmeat.net
*.sourceforge.net
Note, www.sourceforge.net and sourceforge.net were not blocked. However, anything else in the sourceforge domain such as mesa3d.sourceforge.net was blocked by the software. There is no wildcard expression in the sites.allow list to let you unblock an entire domain. This has really given us fits with things like x*.deja.com. It's a real pain in the ass to type
x1.deja.com allow
x2.deja.com allow
etc.......
The one thing that ANS appears to be good at finding is anonymizer sites. Those get blocked about a week after they pop up. Damn, I hate our corporate insecurity policy.
Just talked to Semantec VP (Score:3)
Re:You need to do better than that (Score:2)
Neither the DeCSS guys nor Mr Haselton appear to have given careful thought as to how to avoid prosecution under statutes like DMCA; if Mr Haselton had taken more care to avoid posting decrypted contents and had started out designing a third-party software package that would require decrypting iGear's list, he might have had a much better legal defense, but right now, it looks pretty weak to me given the existing language of the law.
(Of course, I agree that the existing law should be changed. I don't like DMCA either. But it still looks pretty cut-n-dry to me that Mr Haselton broke it. I guess time will tell.)
--LP
Re:There is no Open Source way to "do it right." (Score:2)
Anyway, there are legitimate uses for filtering, but the companies offering such software now are doing the genre more harm than good. I currently have one domain that I want blocked on my system at work, and I don't need commercial software to block it. I just tell Internet Exploder to not use the proxy for *.doubleclick.net. Works like a charm!
Re:You need to do better than that (Score:2)
(Which is putting aside the fact that the DMCA hasn't got a constitutional or ethical leg to stand on and is null and void from the start.)
igear "errors" (Score:2)
Re:You need to do better than that (Score:2)
I agree with you that we *should* have those rights. Legally, we don't though.
I'd point out a minor expansion of your comment; we don't just need those rights for product we purchase, we need those rights for any product we license a right to use (since that is how most software is "sold"-- as a license to use rather than an outright purchase.) Again, IANAL, but these rights would have to be strong enough to override normal rights of two parties to enter into a contract. It will take a substantial excercise of political power to get such rights passed in the face of entrenched corporate interest.
--LP
Re:Fair Use (Score:2)
Couple of thoughts,
1) Under DMCA I thought that the breaking of the ecription was permitted as in the Connectix case. Although the physical apps were different, the reverse engineering aspect was the same. I do agree however that in the Sony vs. Connectix case, Connectix seemed to have thought the implications through prior to their interoperability efforts.
2) Haselton was performing interoperability testing. Interoperability with what?, misc. everyday sites on the web, hence all the .edu and such. Although I'd be curious to know how many worked correctly, and what metrics were used as a baseline. Numbers can be misleading when tweaked this way or that.
3) DMCA does criminalize action we take for granted. You put it plain and clear. Very scary stuff if we don't get the law changed soon.
Regards,
Ernie
Re:Give a little, get a lot (Score:5)
(1) We need to get as many people as possible to link to peacefire.org and censorware.org. Actually, we need an XML blocked site of the day list which people can display on their web pages (ala a slashbox). Banned book lists are very effective in raising awairness of printed media censorship, but only when everyone displays the banned book list. Plus, this convinces members of special interest groups that their sites are being blocked.
If we could really get a campaign going to link to peacefire and mirror peacefire's info on banned sites and instructions for disabling the software.
(2) We need a Perl/CGI module to identify any blocking software that the person viewing your page is using. This allows your page to react diffrently depending upon wether it's viewer is using censorware or not. This could have a variety of intersting effects including:
(a) People putting up pages which turnned into pornography when viewed via censorware. This would be funny as shit; and lots of people doing this would mean that the chances of accedentally viewing porn would go way up when you install censorware.
(b) Technically, pedofiles could use these types of CGIs to identify children browsing the internet, so censorware could be accused of *possibly* attracting pedofiles to kids! More realistically advertisors would use the script to make advertisments which exploited children more effectivly and further endangered privacy.
(3) We need ActiveX controls which disable censorware! I know peacefire has instructions on disabling censorware, but an ActiveX control would be simple and lots more people would put it on their web pages.
There are a lot of other purely code / web projects which need people to work on them (like finding flaws in censorware).. these above projects are just the most obnoxious.. so they seem like fun to discuss.
this irritates me (Score:4)
Um, not to get off topic, but could we please stop pretending that porn is nothing but "nude pictures"? I have heard people compare the range avalible on the internet to a kid being able to read "our bodies our selves" and other such silliness.
If you are pro-porn-choice, be honest about what you are talking about. On line porn includes (but is not limited to) stuff which can be 1. graphicly disgusting (a picture of a man shitting into a woman's mouth) 2. emotionally disturbing (B&D S&M) or 3. humiliating or frightning to those who identify with the subject (teen, pre teen or "oops" sites.)
You do not need to be a puritan to imagine that a kid particularly could be confused or disturbed by such things, especially if they don't have the sort of relationship with their parents which allows them to ask about it and sort out why it makes them feel that way. Now we can argue about what the best way to deal with this is, from better parenting to start out with to censorware, but could we acknowledge the reality of the problem instead of brushing it under the rug? To hear this group sometimes, you would think the porn content of the internet was mildly more raunchy than a display of renisance sculpture. It is unneccassarily insulting and condesending to the people we should be reaching out to, and it prevents rational discussion of solutions that work for everyone.
-Kahuna Burger
I used to work at Symantec (Score:3)
Although I cannot say I actually ever believed that they make very good software, there are a lot of nice people working there. But in the end they are just another American Windows software company, that is, a shark among sharks.
There seems to be a culture clash between the freedom loving, online cyberculture and the older forces of commerce and traditional government. This has been predicted long ago, and anyone could have guessed that the sense of freedom of the Internet would collide head-on with 'old world' ideas and institutions sooner or later.
I think that we need to be strategic in choosing what can be defended and what we can't. Open and free software needs to be defended, free speech, free criticism, nobody can argue about that. On the other hand: porn, violence, crackers, warez etc shouldn't be. Nobody argues about that too.
But there is a large and vague middle ground where things are not so clear. I see people foray too far into that vague space and see them try to defend ground that is disputable at least, and setting up their defence (or attack) there.
In this case, the censor-software breaking, you say 'see this software sucks, see that censorship does not work, it shouldn't exist'. That is very true, and I don't think that you can't block 'bad things' succesfully in the end with this kind of software. But try to understand the confusion and fear, that comes with the Internet. Suddenly, the whole world enters your house, your family. A lot of people are not going to be able to sort the good from the bad, at least in the beginning. They cannot cope with it. Most people are just followers, lost without rules or guidelines. So this censorware is bad, but who comes to the rescue of the worried parents then? Should they just not have Internet at all then? Or are they just being overprotective?
The Open Source idea of 'having a million eyeballs looking at the bugs' could help a lot here. The problem with filters of course, is that they can never catch everything, and always catch what they shouldn't. But a million worried parents, rating webpages into categories, that could actually work. You would need a clever rating system, and just rate a site for what it actually is: educational, commercial, obvious porn, sites about sex but not porn, etc etc. Categories without a moral value judgement, just cleanly categorize it. And of course with a voting system, so that at least say 10 people put some site in the same category, before it actually stays there. Have search engines seek out sites that change, with a crc check, and set up a system where some parent would get a list of a 100 sites, and categorize them, in a distributed system, and then has done his/her service to the community.
Then you have a more or less fair categorization of the Internet, and a parent could then choose a package of things that his children can or cannot see. No porn, no violence, but maybe a yes for sites about coming out for homosexuality.
I see that this might be abused by a government to 1984 its citizens. But a governement could do that anyway, though. China does it now.
You could try to categorize only universally bad things (blatant violence, _commercial_ porno, the Ku Klux Klan (did you know their site runs on Linux, by the way? www.kukluxklan.org [kukluxklan.org]), and mark the rest as 'mostly harmless'. I don't know.
I just think that something along those lines needs to be done, because nobody with any sense is adressing the fears of the fledgling millions of new Internet users right now. We could even give this community provided lists to Symantec. That would be quite a shock to them.
-----------------------------------------------
UNIX isn't dead, it just smells funny...
Re:You need to do better than that (Score:2)
I agree that the DMCA is a bad law for consumers.
--LP
(Moderators: moderate up the parent post please?
Re:How about doing it right then?? (Score:2)
CensorWare that "learns" (Score:3)
How about a program that allows a parent to define their own list of sites to block. The parent (and this should be the husband, since he is the ultimate boss), would have to look at a continous stream of porn sites and click "yes-offensive for kids" or "no".
He would have to use the program alot to make sure all the bad sites got blocked, but wouldn't the peace of mind be worth it?
Re:You need to do better than that (Score:3)
There's only one problem: There's another law which applies too, and this law is the supreme law of the land. It's called the Constitution of the United States of America, and it has an amendment (the 1st Amendment), which the Supremes have held explicitly protects "critical speech" that makes "fair use" of copyrighted material. What this means is that, in the end, the parts of the DMCA that consist of government inhibition of free speech will be thrown out.
The problem is that it will take years of appeals before the illegal portions of the DMCA are thrown out, and it will cost hundreds of thousands of dollars in court costs. In the meantime, software companies will continue to use tactics of intimidation and threats to prevent critical speech, much as McDonalds did with their McLibel lawsuit against Greenpeace activists.
And the next problem is that, after this law is thrown out, the companies involved will buy yet ANOTHER law that removes people's right to engage in critical speech, and the whole thing starts over again. And so it goes in the United States of Self Delusion, where we delude ourselves that we live in a free country when in actuality we are ruled by those who spend millions of dollars to buy laws that benefit themselves at the cost of the rest of us.
-E
Re:How about doing it right then?? (Score:2)
Ryan
Re:How about doing it right then?? (Score:3)
The contributing volunteers shouldn't add sites to a blacklist or even a broad categorization. Instead they should apply a number of labels simultaneously to each page. Here are rough examples of what I mean, for three different sites:
"Entertainment+ExplicitHomoSexuality+Graphics"
"Educational+Art+MildHeteroSexuality+Graphics"
"Political+Literature+ExtremeRacism+Text"
Of course the filtering software would have to come with default rules which wouldn't truly suit anyone, just like current packages.
"FILTER *Racism ALL"
"FILTER *Sexuality ALL"
But the end user could easily tweak the rule set to be as precise as they like. eg:
"FILTER *Racism UNLESS Educational OR Literature"
"FILTER ExtremeRacism ALL"
"FILTER *HomoSexuality ALL"
"FILTER MildHeteroSexuality UNLESS Educational"
"FILTER Explicit*Sexuality UNLESS Literature AND NOT Graphics"
The filter rule sets can be adapted by anybody. You don't need to be a programmer, just to be able to understand what UNLESS, AND, OR, NOT mean, and to be able to understand that the result of any given rule may be modified by what rules come after it. Like *any* series of filters applied sequentially.
No doubt people of like mindset would trade their carefully crafted filter rule sets between themselves.
This system is still slightly (though less) vulnerable to misclassification by volunteers with an evil agenda. But some sort of metamoderation scheme would soon identify those reprobates and flag up all the sites that needed rechecking.
Can anyone think of a reason why this wouldn't work?
PS. Just in case this sort of scheme should find its way into anyone's commercial implementation, I'm releasing the above idea to the world under the terms of the GPL - so there are should be no encrypted filter lists based on this idea, OK?
Consciousness is not what it thinks it is
Thought exists only as an abstraction
Re:How about doing it right then?? (Score:2)
You ever-present parent solution will have a higher failure rate than software filters because no parent will be ever-present. Browsing time will have to be reduced (which may be a good thing).
Your solution is just like saying "prevent drunk drivers by giving the cops all car keys. You have to ask for permission to start your engine." It's too inconvienent to be effective.
BTW, the net is a lot more important than a car for many people. Like all us college students who brought our computers to school and left our cars at home.
Ryan
Re:More proof that censorware does not work (Score:2)
But I do believe it is possible to assemble a useful if not 100% definitive list of offensive sites. It requires human eyeballs, but if enough volunteers could be induced to use a modified browser with an embedded rating form, they could rate as they surf with fairly little inconvenience.
It would never cover everything and it would never be 100% up to date but a rating sytem like this would be better than nothing, and with enough participants would be largely self-moderating. It's certainly the only kind of rating system I'd ever feel comfortable with.
Consciousness is not what it thinks it is
Thought exists only as an abstraction
Re:There is no Open Source way to "do it right." (Score:2)
Think about it - what is the biggest problems teenagers (and many adults) face? Impulse control. You don't want a kid who doesn't drink because the liquor cabinet is locked, you want one who doesn't drink because he fears that so you find out later and punish him. He becomes an adult who doesn't overindulge because of awareness of the consequences of his actions. Ditto unsafe sex (not doing it for fear of the consequences, not because of lack of opportunity), drug use, dangerous driving habits, etc.
Sure, this is more work than letting some censorware handle the chore, BUT IT'S YOUR FSCKING JOB AS A PARENT. If you weren't willing to do the time, you should have worn a party hat or kept it in your pants 14 years ago!!!
Am I arguing that censorware is *never* appropriate? No - two good examples are preventing *accidental* exposure to very young children (or easily offended adults), and preventing deliberate exposure by teenagers who are unusually immature and have not developed *any* self-restraint. If you've only caught your kid a few times, it sounds like he's developing healthy self-control and it's now your job to help him develop it further. Unless he's the first exception in a few thousand years, he *will* be tempted and he *will* fail -- and your job as a parent (IMHO) is to set up situations where he can learn "how far is too far" safely. Would you rather he occasionally be goaded into loading a porn site by a friend... or be goaded into trying a couple puffs or dangerous sex by that friend?
(Hint: before you answer that watch the PBS episode on the gonorrhea epidemic in an upscale Georgia suburb... and the extreme frustration at the public health officials at their inability to get the parents to face the fact that *they* - not MTV, not movies, not rock stars, but indifferent parents who were too busy to listen to their children - were the reason why their little darlings the same age as your son were having orgies with three-ways, four-ways, unprotected anal sex, etc.)
No, he's right. (Score:3)
Suppose I have a kid who's starting to get computer literate and I decide I want censorware. Well, in that case I would want to know the false positives rate because too many false positives would increase my kid's motivation to try to circumvent the censorware. The more motivation on my kid's part, the more insecure the censorware package.
So yes, Hasselton's actions in my book constitute a form of security testing and thus should be protected.
Re:I used to work at Symantec (Score:4)
Au contraire. The question 'what is porn' is argued over constantly, leading to the vague-but-appropriate concept of community standards in obscenity trials and the like. What you call porn, I call erotic art, and Europeans call commercials.
Same with violence. Just filtering on violence gives you a world where Teletubbies are OK, and _Saving_Private_Ryan_ is banned. Who decides?
>Categories without a moral value judgement, just cleanly categorize it.
Except that categorizing _IS_ value judgment. Again with _Ryan_, it would be 'objectively' categorized into "Violence, graphic dismemberment," and correctly so. The fact that it is, in fact, a powerful work of art cannot be reflected except by offering up a relative value judgement of some kind.
>universally bad things (blatant violence, _commercial_ porno, the Ku Klux Klan
Right there. A value judgement. In the US, even the Klan has a right to express and believe whatever they want, so long as they're not actually committing crimes. Period. Calling it 'universally bad' and therefore OBVIOUSLY needing to be censored is exactly what you allege to be against: selling your ideas of propriety onto others.
Ratings systems, censorware, whatever, the very ACT of dividing things into acceptable and unacceptable is a set of value judgements. And it's simply impossible to make a set of value judgments that works for everyone, and irresponsible to try.
--
Re:Come on... (Score:2)
Ryan Salsbury
Re:Some insight into the subject..... (Score:2)
Then let them NOT access the Internet. Their underdeveloppment will only be the fault of their parents. So, eventually, those underdevellopped kids will be darwinly weeded-out of the universe.
--
Oops, I missed one. (Score:3)
(a) All applications of artificial intelegence to scanning content either from the blocking software OR to create a master list. I am including simple search applications like looking for fleshtones commonly found in porn. I am also including the idea of using a combination AI / human interface where the AI flags the human and lets them check the content.
(b) Patent the simple protocoll ideas, like online blocking list updates and special codes the porn sites can give out to help the blocking software avoid them. Also, patent the buisness model ideas like using a common blocking standard which many diffrent groups can provide lists to. Note: I realise that there is prior art for some of this, but that did'nt stop amazon..
It would be really cool to kill this industry with software patents! Unfortunatly, this takes a lot of money. It might be possible to work out some deal where joe hacker submits the idea, the ADL's blocking software company foots the bill, and the EFF/ACLU controls everyone else access to the patent, i.e. get the anti-Nazi people to pay for it in exchange for being the ONLY blocking software which is allowed to use it.. and they would hopefuly not be permitted to censor anyhting but hate speach. It's not an idea situation, but it might be the only way to get the patents paid for.
Plus, it might make more people understand the problems with software patents (and intelectual property in general).
(5) We need to produce hard evidence that human censorship methods (i.e. the librarian ask someone to leave when they cause a problem) are more effective then blocking. There are a variety of variations on the human sencorship method, including having a flshtones alarm (or slide show) on the circulation desks computer which scans the web browser caches, but they all havethe property that they block a MUCH larger percentage of porn then censorware dose.
We also need to point out that human censorship is the ONLY thing which wil block the kinds of things that the AFA uses to drum up support (like someone changing the background to porn).
Re:A scary prospect (Score:2)
I forsee your future risk-free life.
It's very VERY boring.
Later
Erik Z
I left Symantec Over this issue. (Score:2)
In 1998 the Gartner Group put out a report that basically re-defined the security marketplace. Symantec saw that it had no product for consumers or Corporations that would do content scanning and URL Blocking (These are the Gartner terms).
I was charged with evaluating every sever-based solution on the market. After several months, my research had found that I-Gear was the most advanced solution on the market (and still is). Hell they even had a version out for Red Hat Linux over a year ago. So the deal was hammered out, and Symantec acquired UR Labs in Virginia.
Now I-Gear and Mail-Gear (the companion mail product) do blocking based on URL lists and a heuristic engine that examines the text content. Now comes the zinger: It is completely end-user customizable. You can block URLs, you can explicitly allow access, you can have different user accounts/ groups/ and individual rules for each person, even different rules based on time and day!
This product enables sites (this is a web proxy, not a desktop product) to set security policies as they see fit. The courts have already proven that a corporation can choose what sites to allow their employees to visit. I see no issue in this whatsoever. If a site is inadvertantly blocked... then ask the admin to allow it, don't go kill the manufacturer!
Now I DO NOT agree that the URL lists should be hidden. I left Symantec soon after the acquisition because I didn't agree with the direction that they were taking. I had the pleasure of talking with Bennet while staffing DEFCON, and agree with the tenents of PeaceFire, if not their practices.
What it boils down to is that filtering is not an out of box solution, but it is viewed that way. Similar to a Firewall or Mail Server, the default config isn't going to suit every company's individual needs and tastes. PeaceFire should work with vendors of server-side filtering products to increase awareness about the need for proper administration and vendors, such as Symantec, need to realize that cease and desist letters are not the best way to iron out their differences.
Re:XXX Latin (Score:2)
Re:They're on the black list (Score:2)
No, this really is a copyright violation issue too (Score:3)
- This is is a copyright violation issue. The list of encrypted URLs was posted. This is copyright material. Period. To its credit, Peacefire has removed the link, which satisfies this complaint. But Symantec still was in the right here.
- This is definitely also a reverse engineering issue. Symantec clearly stated in the letter that Peacefire had not been given "permission" to decode the list. In this regard, this does become a sticky legal issue that Peacefire is correct in raising.
- Privacy: Symantec is violating its privacy policy. However, as Peacefire states, the software was manufactured by URLabs, which may have had a different policy than Symantec, so we must be careful in claiming malice on their part. The violation must still be corrected though.
However, Peacefire, and everyone here on Slashdot, is immediately jumping on the "Symantec is evil" bandwagon, where in reality Symantec in the letter did not mention, at all, the claims of failure rate. Symantec clearly stated concerns over a valid copyright violation, and a legally debatable claim to prohibiting reverse engineering.Yes, you can extrapolate that Symantec is not happy with this disclosure. But just blindly posting parts of their code was stupid. To say in this article that Peacefire clearly did not post copyright material is WRONG and muddles discussion of the real issue, which is simply reverse engineering. A valid, important issue, worthy of discussion, no doubt. But as with so many other things on Slashdot, people are quick to jump to conclusions without thoroughly reading what has actually happened.
----------
Any System with ONE ranking for a page will fail (Score:3)
The only solution to this sort of system is based on automatic matching of your opinions to those of individual moderators. For example, you moderate 10 pages a day. Over time, the system can determine how you would moderate a page based on the similarity of your moderation to other moderators, and can block pages based on criteria you specify.
So, for example, I would agree with those moderators who moderate child porn as "obscene", but would not agree with those moderators who moderate Anais Nin as "obscene", so my browser could tell me "You will probably find this page obscene. Continue?" before displaying it. Or, I could configure it to block such sites if my kids (maybe such a system will actually be functioning before I have kids) are using the computer.
If I'm a puritanical christian, maybe I agree with other puritanical christians, and my software will block damn near everything. The key is that it's using the same system.
The same system could also be used to rank results in search engines, for example, and I could ask the computer for recommendations on some new fiction based on what other people with my taste recommend. Assuming suitable go-betweens to preserve privacy could be established, it could be the world's first successful computer dating service.
--Kevin
Re:Give a little, get a lot (Score:2)
Alex Bischoff (not to be confused with the former "TV manager" of a certain wrestling actor's troupe in Atlanta) dun said:
Command Antivirus [command.com] has live updates for registered users; if memory serves, so does the Data Fellows [datafellows.com] version of F-Prot [f-prot.com]. (Notably: both of these use the F-Prot AV engine (damn near the best antivirus engine you can get next to AVP, and if memory serves they're even using part of the AVP engine in the latest versions) and the Data Fellows version comes in a package called F-Secure which also includes some very neat security toys.)
I don't know whether AVP [avp.com] has live updates or not, but I'd recommend it nonetheless; AVP is quite literally the best antivirus program one can get for Windows, bar none, and they do have trial versions (good for thirty days) for download...the registered version is not terribly expensive (around $25-30 if I remember right) and it is money well spent...if memory serves, AVP actually updates their virus list weekly, too, and updates are available on their website. If one is serious about antivirus protection I'd seriously recommend getting a copy of it...
As it is, if one is serious about antiviral protection anyways, it never hurts to have two antivirus programs on board. You use one for the standard protection which isn't quite as sensitive/more prone to false alarms like Norton or McAffee, and if that alerts you bring out the heavy-duty tools like AVP or F-Prot. (Or, if you're like me and can get both, you use Command Antivirus (read: F-Prot under a different label ;) for the main scan and AVP for the heavy guns--I've only had to do that once, when an older version of Command Antivirus didn't like a newer database update [basically they'd changed the format--no biggie, just get the upgrade])
It never hurts to practice computer "safe sex", though--I've never had virus problems, because I'm careful to the point of being neurotic :) Here goes a list of good antiviral techniques:
Don't enable HTML mail or Javascript in mail--this keeps you safe from malicious code that may activate downloads of worms that target Outlook Express, etc.
If possible, don't use Microsoft products like IE or Outlook Express or Office--there are a LOT of serious security bugs, even in the latest versions of Outlook Express and IE, that enable one to download malicious code like worms--sometimes without expressly clicking to accept (such as some worms that specifically target Outlook Express). Office, and specifically Microsoft Word 97, is downright infamous for macro viruses and worms--in fact, the single largest category of viruses anymore are Word macro viruses (and it's also the largest growth category--the year after the first Word "proof of concept" macro virus was released, there were more than 200 known in the wild--now it's something like 4000). In fact, Win95/Win98 actually have security flaws in the OS itself that allow such things to spread easily...
If you must use Microsoft products, stick with the maximum security settings you can get away with--Don't enable macros in Office and don't accept documents with macros unless they go through a reliable virus-scanner first (if possible, encourage people to send stuff in RTF or text format; Excel users, try to stick to tab or comma-delimited formatting, as Excel macro viruses are an increasing problem). Set MSIE and Outlook Express to their maximum security settings. Do not use ActiveX unless absolutely necessary (there are serious security bugs in ActiveX as compared with Java)--at the least do not allow untrusted ActiveX applets to run. Consider using more secure OS's if possible (for Microsoft-only shops, this may entail going from Win98 to WinNT or Win2000). In WinNT or Win2000 environments, only give supervisor access to those who really need it and set others to lower levels where binaries cannot be installed.
Do not read untrusted Word or Excel documents, or run untrusted executables--this expressly includes your friends--"Trusted" here means "downloaded from a known, clean, virus-free source" or "run through a reliable virus-scanner". There are a rather surprising number of worms and trojans (including more than one case of Back Orifice being distributed via a trojan sent by email, as well as cases of DDOS (distributed denial of service) clients being distributed in this fashion). This includes anything gotten in email, ICQ, etc. (Business environments--if accepting resumes by email, you may seriously want to consider asking clients to send resumes in plain text or RTF format. This may not be as pretty, but it's easier for clients to send you resumes this way and it eliminates problems with Word macro viruses.) Again, WinNT shops probably want to strongly consider limiting supervisor and administrator access to those who need it and set everyone else to levels where binaries cannot be installed (the misuse of administrator levels is one major way in which WinNT shops get infected--allWord macro viruses work on NT, and a fair amount of Win32 viruses do as well).
Get a good virus scanner and use it regularly --Norton AntiVirus is probably on the low end as far as "good virus scanners" go. I personally recommend one of the F-Prot based ones or AVP; most over on alt.comp.virus would recommend AVP first and one of the F-Prot based ones secondly. (Most also recommend you use at least two virus scanners, one for regular use and one as a backup/sanity check.) Alt.comp.virus has a lot of good info on viruses and the good and bad in antivirus software, anyways. :)
Consider using other security programs--There are firewall-type and intrusion detection programs even for Win95/Win98 systems such as Jammer [agnitum.com]--Jammer, in particular, acts as a firewall and detects things like attempted Back Orifice scans, etc. As Win95/Win98 is notoriously insecure, it's a good idea to give it any more security if you can.
Don't trade in warez--This may seem like child's play to most of us, I'm sure, but in home and even in business environments there are a lot of folks who do deal in warez. Most warez anymore (at least the downloaded kind, not the "burning a friend's copy of Win98 to CD" kind) seems to be from Russia, Brazil and China, which also happen to be rather large H/C/V centres. (It's worth noting here that it's widely thought that CIH escaped into the wild from Taiwanese warez posted to one of the Usenet warez groups that just happened to be infected with CIH; it turns out the author or a friend of the author was in one of the major warez groups.) I can't state strongly enough in regards to this that if you absolutely must use or trade warez, please for Cthulhu's sake scan the damn stuff before installing it or trading it with others so you don't infect yourself or others.
Don't assume that commercial software or "minority" OS's are immune to viruses or don't need virus-scans--Commercial software has been released before that was infected with viruses (including several demo CD's). Macs have several viruses to contend with, at least one virus is known to specifically target both WinXX and Macs, and Macs are still susceptible to Word macro viruses (and probably IRC worms, if a version of mIRC exists for Macs); at least three "proof of concept" viruses for Linux do exist, including one which apparently tries to gain root privs to perpetuate itself, and even aside from this Linux boxen are commonly used as servers for files for other OS's. You still want to virus-scan even that copy of Diablo II that you got; folks will be happier if Linux servers scan executable files for viruses. (By the way, yes, antivirus software for Linux does exist; AVP has ported its antivirus scanner to Linux, and actually has the downloads for free last I checked.)
Keep your antivirus software up to date--This is a given, and "live updates" such as featured with NAV and CAV are very nice in this regards. Don't wait for the news report on the next Worm from Hell to update, either. Monthly is a minimum, and preferably more often than that if you can (weekly is good :).
Make sure others follow these same "good computer hygiene" rules--If you run a business, explain why you have policies against people installing stuff from home computers, running executables, etc. If you're at home, explain to folks why you don't accept executables (even of that neat "dancing baby" thing) sent by mail, or HTML mail, or Word or Excel files sent by mail. Encourage others to install and use antivirus software and other security programs.
Don't panic--Panic just spreads stuff like that damned "Good Times" hoax. If someone spreads stuff like that, point them both to a site like Data Fellows [datafellows.com] which has up-to-date listings of viruses--or, preferably, the alt.comp.virus WildList, pointed to in the ACV FAQ over at ftp.uu.net and your favourite Usenet FAQ archives--and to a site like Virus Myths [kumite.com] which has a nice list of hoaxes, etc. (so does Data Fellows, but Kumite's a bit friendlier on that); this is probably the best defense against "meme viruses" like "Good Times" that you can get ;)
Re: which AV? (Score:3)
Mendax Veritas dun said:
Well, they aren't the only ones in the market, really--F-Prot, which comes in two different flavours (the Data Fellows [datafellows.com] "Finnish Mix" and the Command Software [command.com] "British Remix"), is damned good, beats the pants off of both McAffee and NAV, and hasn't been bought out by either company (largely because at least Data Fellows also sells other security software like firewall programs, SSH clients and SSH servers for NT, etc.). Also worth noting is the Best Damn Antivirus Software Money Can Buy (according to alt.comp.virus--and by the way, it's not just antivirus writers who hang out there; there are a fair number of virus coders who hang out there as well), AVP [avp.com]...hell, they've even got a version for Linux for folks who run servers (who want to scan the stuff they're serving for Nasty Stuff).
By no means are you restricted to what Network Solutions or Symantec have to offer. There's other stuff out there that's actually better but less well known about (wow...kinda like BeOS and *BSD and Linux, eh? ;).
I wouldn't say it's entirely a non-problem. In a home environment, with a clueful user who doesn't download strange binaries without checking the source twice, and especially if he's using an OS for which very few viruses exist (such as BeOS or Linux or *BSD)...and more importantly anymore, never uses certain office suites out of Redmond with extensive macro capabilities including hooks to Visual Basic (which has hooks to system calls in Win32) nor uses programs with extensive HTML and Javascript capability to read email, then yes, it'd be a non-problem.
There are cases where it could be a problem, though. Say...work environments that have to use Office 97 and accept Word and Excel documents from Goddess-only-knows where, or home users who dabble in warez because they don't feel like paying $200 for the latest killer game, or work environments where people take stuff from home and put it on the boxes, or people who are new to the net (and don't know about stuff like Good Computer Hygiene) and get offered this "cool South Park screensaver" from an email address that belongs to their friend on the net (and they are completely and utterly unaware that said program is in fact the "Pretty Park" trojan/worm that mails itself to everyone on your Outlook Express address list)...in those cases, yes, it could be a problem.
Now add in those folks who have to take home stuff from work. Now add in the number of folks at work who are the clueless folks who will blindly run that "Pretty Park" executable, and/or have warez'd copies of Diablo, and/or take stuff to work to show folks how "cool" it is...and you have to take Word documents home to work on them, or Excel spreadsheets...and think of all the OTHER companies your company might be sharing Word documents with...'s pretty scary, really, if you think about it.
I'll touch some more on this below...
By and large, antivirus software isn't for us who know how to use debugging tools :) It's for folks who might be new to computers, or who have to take stuff home from work and run it, or who might want to be double-safe that the program they just downloaded doesn't have anything nasty in it.
Yes, some TSRs and some programs will cause antivirus software to hiccup. I'll also note that these are (in the case of most folks--not necessarily us techy ones) few and far between. It also depends specifically on the heuristics that the program is looking for--I've heard that Norton Antivirus tends to give quite a number more false positive alarms than AVP or F-Prot do, for instance (in fact, on alt.comp.virus it's recommended that if you run Norton or McAffee Antivirus (another AV program bad for false positives in heuristics mode) you double-check it by running F-Prot or AVP in heuristics mode because the latter two programs are far less susceptible to false positives).
As it is, for binary viruses and trojans heuristics can work well; for Word macro viruses (which are the single largest category of viruses today, by the way) they're nearly foolproof. As Word macro viruses are a far worse problem nowadays, this is probably a Good Thing.
I'll assume you practice Good Computer Hygiene (not downloading strange binaries, etc.) I do have some questions for you, though...
Do you run Microsoft Office? Do you accept Word documents from possibly untrusted sources? (The single largest category of viruses and worms, not to mention the one with the most growth by far, is Office macro viruses and worms (especially Word macro viruses which often are also worms in that they have specific hooks to common mail applications to enable spread by email)...in 1993, Word macro viruses were literally unheard of. The first "proof of concept" Word macro virus appeared in 1997, and eventually spread to the wild. A year later there were over 200 known Word macro viruses, and the first Excel macro viruses were known. In 1998-ish the first known Word macro worm was discovered. As of now (early 2000) there are over four thousand Office macro viruses (the vast majority Word macro viruses, and a fair number of which can be considered worms as well; more than a few also are "droppers" for destructive payloads), depending on whom one is talking to (some would put it higher, some would put it closer to two thousand)--literally more Word macro viruses and worms exist than binary-based viruses at present, and it is becoming a fairly serious problem in businesses (a Word macro virus/worm brought the email systems of many businesses to a screeching halt last year because of all the load--one of those companies just happened to be [ironically] Microsoft). The largest portion of databases for antivirus software are for Word macro viruses; I suggest you take a look down at Data Fellows' [datafellows.com] virus-lists and see just how many have the little prefix "W97/M" (Word 97 macro virus)...it's really a staggering number. Binary-based viruses like CIH are by far the exception now; most folks doing viruses are either working in Word macro viruses or are working on worms (such as mIRC worms, or trojans that are worms such as "Pretty Park").
Fortunately for antivirus software authors, most Word macro viruses have specific infection routines and use specific Visual Basic calls (Microsoft, in its infinite wisdom [HAH!], decided to allow one to use Visual Basic hooks in Office macro code...which is a security disaster waiting to happen, as Visual Basic has hooks into the operating system itself) to do nastier things (like the "propogation behavior" of Word macro worms, or droppers for destructive payloads for the nastier Word macro viruses--in a way, they behave more like trojans than viruses), so it's pretty easy to kill such things with heuristics. (It's also pretty easy to kill such things if you don't enable macros, or you use stuff like StarOffice to read the file. But that's another issue :)
(Unfortunately, it seems the bulk of the business world not only uses Win95/98 or WinNT, but also Office, and also Outlook Express--which helps Word macro worms spread like wildfire through a network (by the way, Word macro worms are having the same growth Word macro viruses had in the beginning, and some have been found with destructive payloads--things are going to get interesting indeed). Even worse, Word macro viruses are cross-platform--they can infect Word on Winboxen, Macs, and presumably any other platform that can run Microsoft Word and/or a word processor that recognises Word documents and Word macros (fortunately, most of the Word macro worms can spread only under WinXX and largely only if Outlook Express exists as a mailer, though some can also use Eudora [the other big mailer], but I don't expect this to last very long--and the Mac users can still infect documents with the worms).)
Do you have to share computers at work with anyone? (Their computer could be crawling with viruses. Just because you don't do anything stupid doesn't mean your co-workers won't.)
Does your workplace have a strict "no-files-or-disks-from-home, no-programs-from-home" policy? (If not, they're wide open unless they're using a scanner. Again, you might practice Good Computer Hygiene, but others won't necessarily do so.)
If you do consultation work, are all your boot-disks and install material on non-writable media like CD's? (If they've got a boot-sector virus, they can infect ZIP disks and floppies.)
Are you absolutely certain that all of the software you get is virus-free? (About the only way you CAN be certain is if you compile and run it yourself--and even then, if the compiler itself has virus code, you still might not be safe (cref. a proof-of-concept of this where hidden backdoor code was included in early C compilers for Unix--if code was removed, the compiler simply reinserted it at compile-time; the only way to remove it for certain was to compile from a known clean copy, and reportedly the backdoor generated WAS used a few times). Commercial software has been released accidentially with virus code before (most infamously, a demo CD included with a PC game magazine that was infected with CIH); hell, computers have literally come preinstalled that had viruses (there was a rather infamous case where either Dell or IBM (memory fails me on which one) actually sold some laptops which were infected with CIH--it turns out that the standard disk image used to copy the OS and apps onto the drives had been infected with CIH somehow). There are now known worms that can infect a computer using Outlook Express (with HTML and ActiveX extensions turned on) without even opening the mail itself (just by previewing the mail). Most Internet worms propogate themselves anymore by sending copies to everyone on an address-book list in email clients (the vast majority of Word macro worms, and even some "trojan" worms like PrettyPark), or by mass-DCC send (most mIRC worms propogate this way--the worms take advantage of insecurities in mIRC scripting language).
Do you serve files for other people? (If so--even Word documents--if you don't check them before offering for download, you may unwittingly pass along infected files. Again, infected files don't even necessarily have to be binaries anymore--the vast majority of viruses anymore are Word macro viruses and worms, and the few actual binary viruses tend to be spread either through warez or as "trojans" or worms.)
You see...it's not as easy keeping virus-free as one thinks. In fact, if you accept foreign Word documents at ALL and don't have either a damned good virus-scanner or macros turned off completely, you are essentially wide open to getting a rather nasty case of computer VD. Even more so if you use Outlook Express, or (God Forbid) accept attachments of *.exe or *.doc files in email, or accept HTML-email or have Javascript or ActiveX enabled in your email browser.
1) Even commercial software has been infected--there is more than one documented case of this.
2) As stated above, things have changed a LOT in the world of viruses since 1993 :)
2a) The major problem, with rare exception (CIH, which really is novel in that it attempts to over-write BIOS info in boxen with flashable BIOSes), is not binary-based viruses like Stoned or Jerusalem (the two biggies in 1993, by the way). The biggies, by far, are Word macro viruses (literally more Word macro viruses exist now than binary ones exist now or in 1993, a fair number have nasty droppers or destructive payloads, and an increasing number can also be classified as worms as they propogate through vulnerabilities in a number of Internet programs [a short list--Outlook Express, Free Agent (Usenet client), Eudora, etc.]).
2b) With the exception of CIH, the major problem with malicious binaries isn't with viruses anymore but with Trojans of various types. The vast majority of these may be classified either as worms (i.e. PrettyPark.exe, the latest in this line) or as attempts to pass off Back Orifice (a program designed by Cult of the Dead Cow to spotlight rather serious security flaws in Win9X, and which can be used to remotely control another computer--often without the victim knowing, as Back Orifice hides its processes and tries to make it difficult to uninstall).
3) The single largest increase of ANY viruses or malicious programs today is in the form of worms. Many of these worms are essentially multiplatform and the vast majority target the single largest used office suite in businesses today. Many of these companies must share Word documents and other traffic with other sites, often untrusted traffic. In a way, the Internet has been the best thing since sliced bread for propogation of viruses (keep in mind, too, that when you left Symantec the vast majority of "program trading" was at universities and most of the "warez" traffic as well as virus traffic was at universities and on small, members-only BBS's; there were still roughly an equal number of *.edu and *.com sites online, the plague known as AOL had yet to hit the net (that occured in 1994 or 1995, and AOL has always had a wee bit of a script-kiddie/V/C community), and the Internet had NOWHERE near the penetration it has now--it was next to impossible for worms to spread the way they do now, much less Word macro viruses (again, keep in mind that macro viruses of ANY kind were unheard of before 1997).)
4) In 1993, a lot of companies still used dumb terminals or didn't have much computer access. Now, a large number of folks have computers--frequently connected to the Internet--and they frequently have to take home work and such. Many of these folks don't practice Good Computer Hygiene--they run programs their friends send them online (unaware that many worms use address-lists specifically to propogate), while spreading rumours like "Good Times" because they literally don't know any better. Sometimes this even extends to the folks running the boxen--a number of sites use NT or even Windows 98 to administer networks, and many of these folks don't use proper security precautions (like not allowing executables to be installed, etc.). 5) The fact that so many folks ARE on the net with Win95/Win98 boxen has to be a major factor in how viruses are spreading, and especially worms (which had pretty much died out in the days of tht Morris Worm and WANK-Worm until Word macro viruses started coming out). Win95 and Win98 are notoriously insecure--in essence, everyone (even on a multi-user system) has root/administrator access, most of the Internet applications for these systems--especially those from Microsoft--are not exactly designed with security in mind, the major office suite for these boxes (Office 97) has major security flaws in its scripting language insofar as using it in a networked environment...the major scripting language for Microsoft-based Internet apps, ActiveX (which has even been incorporated into the OS in Win98) is so insecure that nearly every security site recommends disabling it...also, Win9X is designed for people who are complete and utter computer virgins, who aren't going to know about computer security and who are lucky to know how to install a program without some kind of installation-wizard. It's an OS designed for the clueless, and it's user-friendly to the point of sacrificing security...it also doesn't help that Internet apps (by and large) were actually an afterthought to the OS, added when the Internet exploded in popularity (especially the World Wide Web).
I'd even go so far as to say that, as designed, Win95 and Win98 are outright unsafe to use in a networked environment without some sort of protection both against malicious programs and scripts AND against malicious parties trying to gain outside access. Win9X was not designed as a multi-user, networkable OS; it was originally designed as a home OS for the newbie user who needs stuff to be point-and-click simple, and networkability was an afterthought added when Microsoft found out people actually wanted that Internet thing. Security has always been an afterthought, if it's been thought of at all; to make it secure actually requires either add-ons (like antivirus software and intrusion-detection software) or keeping it off a network period. Yes, security really IS that bad with Windows9X. (NT and Win2000 are considerably more secure, but that's partly because they were designed as networkable OS's and they do have security features in light of this. They are also somewhat less user-friendly, especially in tighter security settings (many WinNT sites have EVERYONE with admin access because some things become unusuable in lower settings).)
It's not just the Microsoft apps for Win9X that have security bugs, either--the whole idea of running untrusted apps is a Bad Thing (there REALLY needs to be a "sandbox" area for untrusted apps; moxe *nixes do this with multiple users and security settings, and Java does it by running it in a virtual machine with no direct hardware access). Eudora has had serious security bugs that worms exploit. mIRC, a major IRC client for Windows boxen, has had periodic troubles with script worms (in fact, before Word97 worms became popular, mIRC was the major target of worms on the net). WinGate, a popular telnet server for Windows boxen, is so horribly broken that early versions have essentially no security whatsoever and can be used as an anonymous relay host by Bad Folks because it has no logging whatsoever (and it HAS been used like this by Bad Folks, which makes it a MAJOR pain in the arse to try to track them down). Most FTP servers for Windows boxen can be cracked. Nearly any Internet-capable program for Windows can be made to cause the system to crash by simply sending "file://C|/con" (with HTML browsers and email clients that parse HTML like Outlook Express and Eudora), or requesting "C:\con" (with FTP clients)...hell, you could probably write malicious ActiveX code to do the same thing, or add that as a dropper to a Word macro virus. This is partly the fault of the programs, but it's partly a sign that the OS in and of itself is horribly mis-suited for network use.
In short, there've been a lot of deep, almost fundamental changes in the world of viruses and malicious code, and more importantly, the dominant means by which they spread and the dominant "host" they breed in to begin with.
I wouldn't say virus myths outnumber actual viruses (I think the number of Word macro viruses slightly beats the number of variants of "Good Times"/"Jessica Maddick", etc. :) but Kumite's a good site. (Hell, I recommended it in my last post. :) There IS bad stuff out there, though (especially if you are misfortunate enough to have to use Win9X + Outlook Express + Office 97) and "computer condoms" never hurt. "Computer safe sex" (and yes, I posted a number of tips for that too) never hurts, either. Combine the two and you shouldn't have trouble. :)
My bad, 'scuse please :-( (Score:2)
Well, I still stand by the first point, that you can't just scan real quickly, and to do hundreds would simply take too long.
Sorry 'bout that, chief...
--