Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Microsoft

Microsoft Calls Viruses "Industrial Terrorism" 473

Posted by timothy from the emotional-appeal dept.
evenprime writes: "John Ashcroft wants congress to declare computer crimes to be terrorism, and now it looks like microsoft is trying to jump on the bandwagon. In a recent column discussing microsoft's new STPP security program, microsoft's Michael Lane Thomas stated that destructive viruses should be recognized as acts of 'industrial terrorism.' Sounds like microsoft's future security plans may depend more on legislation than on code audits."
This discussion has been archived. No new comments can be posted.

Microsoft Calls Viruses "Industrial Terrorism" More

Microsoft Calls Viruses "Industrial Terrorism"

Comments Filter:

  • Naturally (Score:5, Interesting)

    by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Monday October 22, 2001 @02:59PM (#2461180) Homepage Journal
    If you call it a virus, then you have to deal with it yourself. Microsoft has repeatedly shown an inability to handle such things. If you call it terrorism, it's the government's responsibility.

    • Re:Naturally (Score:2, Insightful)

      by Dan Jagnow ( 181761 )

      If you call it a virus, then you have to deal with it yourself. Microsoft has repeatedly shown an inability to handle such things. If you call it terrorism, it's the government's responsibility.

      No, Microsoft can't transfer all responsibility to the government simply by pushing to get viruses classed as terrorism. Theft is a crime, and the government is responsible for enforcing laws that forbid it, but that hasn't stopped companies and individuals from employing security guards, locks, car alarms, etc. Think about it; suppose you're putting some of your stuff in storage. There's a convenient storage place nearby, but you know they have a history of breakins. Are you going to be reassured that theft is illegal, and the government is responsible to find and punish the criminals, or are you going to look for some place with better security measures?

    • Harboring Terrorists (Score:4, Interesting)

      by Merk ( 25521 ) on Monday October 22, 2001 @05:00PM (#2462187) Homepage

      Couldn't MS code then be said to harbor terrorists? Or couldn't it at least be said to supply terrorists needs? If terrorists take over airplanes once, the US government wants to mandate steel cockpit doors. Since "terrorists" regularly take over computers running MS pructs, shouldn't the same government force MS to replace their ultra-flimsy "cockpit" doors?

  • Two can play their silly reindeer game.

  • Good for Goose... (Score:5, Funny)

    by BrK ( 39585 ) on Monday October 22, 2001 @03:02PM (#2461198) Homepage
    If that is the case, then Microsoft's total lack of security, and lack of timely response to reported security holes should be regarded as "harboring a terrorist".

    If we're going to make virus' a terrorist crime, then we need to follow through all the way.

    • Re:Good for Goose... (Score:3, Insightful)

      by Dimensio ( 311070 )
      I find it more likely that if viruses are called acts of terrorism, MS will accuse security companies of aiding and providing information to terrorists with security alerts exposing backdoors and other security holes.
    • Then perhaps Smith & Wesson and GLOK, et al should be accused of "harboring."

      Nah, I don' t buy it. Microsoft didn't force the virus writer to exploit their (albeit buggy) code anymore than S&W forced the murderer to kill two people. Bullets can have the unfortunate side-effect of killing the wrong people. Code can have the unfortunate side-effect of being poorly written and, therefore, destructive to a company.

      It's taken years for the courts to not laugh out smoker v. tobacco company lawsuits. And that only happen when it became at least circumstantially clear that the tobacco companies knew their products addicted and harmed folks.

      Prove that MS wanted to bolster their bottom line by making buggy code. Prove that they made this knowledge available to neer-do-wells. Prove that MS let it all happen. Then you've got a case. Otherwise, just go after the guys that took the gun and murdered two people.

  • nimda et al (Score:3, Interesting)

    by wiredog ( 43288 ) on Monday October 22, 2001 @03:02PM (#2461202) Journal
    I found it interesting that nimda was released a week, almost to the minute, after the WTC attacks. Certainly if I were a cyber terrorist I'd launch something like nimda or code red that gave me a list of compromisable systems. I'm surprised that the people who launched the attacks on CNN didn't get hit with terrorism charges. This'd be a very good time for the skript kiddiez to lay low. How do you tell the difference between and idiot script kiddie and a cyber-terrorist?
  • As opposed to bugs in their code.

    I call Microsoft software industrial terrorism. Of course, they contributed about $1,500,000 more than I did to the various political parties so when they call stuff terrorism it's much more likely to stick.

  • MS: self-admited terrorists? (Score:3, Funny)

    by MouseR ( 3264 ) on Monday October 22, 2001 @03:03PM (#2461208) Homepage
    [...] destructive viruses should be recognized as acts of 'industrial terrorism.'

    And MicroSoft is harboring them? Time for retaliation, I say...

  • And why not? (Score:2, Interesting)

    by Bowie J. Poag ( 16898 )


    Theres alot that makes sense about this. Personally, I think virus writers should face prison time. Too many people get hurt when their work is destroyed. Its not a productivity issue--You can always keep working. Its when a virus nails something irreplacable, like data which hasn't encompassed by a backup or is otherwise made irrecoverable, thats the main issue.

    The only problem with the idea is that I like the idea of "white hat" viruses, or virii that actually do constructive things like plug holes, or notify sysadmins of security breaches. Thats fine, and gentle mischeif like that is perfectly in keeping with the spirit of what makes the industry so interesting in the first place.

    Lets try to distinguish between good viruses and bad viruses the same way as we're now beginning to distinguish between white hat hackers and black hat hackers, hm? :)

    Cheers, and yes, PROPAGANDA is still running.

    • Re:And why not? (Score:5, Insightful)

      by Hard_Code ( 49548 ) on Monday October 22, 2001 @03:09PM (#2461291)
      You're going to leave it up to the *politicians* to discriminate between white hat and black hat, good and bad viruses? Thanks but no thanks, I'd rather have no legislation at all, and us techies can sort it out. Once you let politicians into the mix, all of a sudden campaign donators are the ones consistently making "good" viruses, while political enemies are the ones making "bad" viruses.
      • And what is a "good" virus? If it connects to my machine and applies a patch? That's not up to you to decide.

        • Congratulations! You have just launched SaveTheChildren.jpg.vbs! Your harddrive is now cleared of all files, including any material potentially harmful to children.

          Just *try* and argue against that one, Chester... it's for the children! Think of the children!
      • Let's talk about the really bad stuff. Like say Smallpox, Anthrax, Bubonic Plague. If you use it for study, keep it in the lab and study it to try to find ways to innoculate against it. That's for a good purpose right?

        But if you stick it in an envelope and mail it to someone working at the state dept... That's not a good thing, right?

        So it seems pretty simple to me. Writing a virus is not a crime... Releasing it into the public *IS*.

        Send them to jail. It's part of the Darwinian natural selection to weed out the morons.

    • Re:And why not? (Score:2, Insightful)

      by jeff67 ( 318942 )
      I like the idea of "white hat" viruses, or virii that actually do constructive things like plug holes, or notify sysadmins of security breaches

      A two-word problem with allowing "white hat" viruses: "Unintended Effects". Do you think no well-intentioned "white hat" will ever create a serious problem that s/he never foresaw?

    • Re:And why not? (Score:3, Insightful)

      by startled ( 144833 )
      No, there really isn't much that makes sense about this. You think virus writers should face prison time? Guess what, they already do, at least in the U.S. (and if they use them to infect a machine-- if they simply write one and don't release it into the wild, they certainly should NOT be prosecuted). We already have plenty of laws to land computer criminals in jail, and many have already been convicted and are currently serving time.

      The /. story isn't about some bill that would make virus writing a crime. At the risk of being on topic, I'll point out that the story is actually about MS taking advantage of the terrorism scare to make releasing a virus disproportionately penalized. There is additional leeway provided to law enforcement when dealing with things classified as terrorism, and the minimum penalties on conviction go way up. Some stupid script kiddie who accidentally writes and runs something on his own box, which then gets into the wild, could face life in prison if this trend continues.

      Finally, I'd like to point out this statement by Thomas:

      "As long as the spirit of innovation is preserved and destructive viruses are recognized as industrial terrorism, Microsoft will continue to provide revolutionary ideas.". That's the best case I've seen against this idea so far! I think he's saying that if destructive viruses aren't recognized as industrial terrorism, MS will stop making products. If anything can rouse the geeks to action, this has to be it.

  • COOL! (Score:2)

    by Troed ( 102527 )
    That means we can all run Anti-Terrorist programs on our computers. NAI will _love_ those headlines ...

  • why is it terrorism? (Score:3, Flamebait)

    by turbine216 ( 458014 ) <turbine216@NosPAm.gmail.com> on Monday October 22, 2001 @03:04PM (#2461224)
    ...if i leave my back door unlocked and hanging wide open, and somebody robs me blind while i sit by and watch them do it, am i a victim of terrorism? Fuck no. Am i a victim of my own poor judgement and stupid decisions? Absolutely. So where does Gates and Co. get off calling this terrorism when they basically invite hackers to do their worst?

    Sounds like another desperate attempt at grabbing some public sympathy during a time of crisis. Pity that Microsoft's million-dollar PR department couldn't come up with something better.
    • If it's just one house, it's burglary. But what if they hit half the houses in town?
    • "if i leave my back door unlocked and hanging wide open, and somebody robs me blind while i sit by and watch them do it, am i a victim of terrorism"


      You're a moron, but the person that comes in is still stealing, and it's still illegal, and they can still go to jail for it.

    • Last time I checked even if someone walks through your unlocked back door to steal your prized possessions it is STILL illegal, no matter how much you were "asking for it". Just as the "slut" doesn't deserve to get raped for dressing the way she does. Just like it's illegal to hack into even the most wide-open of servers.

      Yes it's stupid to run a server without proper hardening. Yes, Microsoft has a record of sucking hind end when it comes to securing their operating systems. And if, after due warning a server admin doesn't patch the holes, his server is hacked, and then used to hack or DDOS others, then maybe the owner of the server can be held liable for damages. However, trespassing is still illegal no matter how stupid the sysadmin is.

      The laws that we live by protect both the intelligent and the blithering idiots. Be thankful for that.

    • Obviously you mean to compare installing a non-patched/updated MS server to leaving your door open. Now, how is leaving your door open any different than hiring $6 drones to perform and carry out security for jumbo jets?

  • Terrorism (Score:2, Funny)

    by crumbz ( 41803 )
    Does publishing Microsoft Bob fall under "terrorist act"?
  • Abusing monopolistic power is an act of Economic Terrorism committed against the public.

  • computer terrorism - right now we here in the US are depending on our European friends to do the right thing and enforce privacy rights and slap MSFT silly, since we won't.

    And we could use a little help from our Canadian friends - start using the Electronic Privacy Act that became enforceable in January 1, 2001, to reclaim your right to privacy. Use it against US firms, so that we in the US have our constitutional right to privacy.

    In the meantime, all the nice American politicians will keep taking campaign donations from MSFT and other such ilk and taking away our constitutional rights ...

  • Don't they make TV's or something?

    Seriously though: if virii are industrial terrorism, then MS Outlook is the Taliban, and we need to bomb the shit out of Redmond.

    And I do mean it. Seriously.

  • What Utter Bombast (Score:5, Funny)

    by ewhac ( 5844 ) on Monday October 22, 2001 @03:05PM (#2461237) Homepage Journal

    So now, in addition to "industrial espionage" (which has somehow entered the common lexicon), we will have "industrial terrorism?" What's next? Industrial Treason? Industrial Murder? Disturbing the Industrial Peace?

    Schwab

    • What's so strange about "industrial espionage"?

      I think the act of one company spying on a company for competitive advantage is related to, but distinct from, the act of a government spying upon another government. Certainly the law views the two quite differently (the people from GM who covertly take pictures of Fords at the test track are rarely executed.) It could just as easily have been called "commercial espionage", but that's a distinction without much of a difference.

      Then there's the borderline case of a government spying on a commercial enterprise on behalf of other companies. The French government has often been accused of this. This might be best described as "economic espionage".

  • Can you imagine... (Score:5, Funny)

    by Dr Caleb ( 121505 ) on Monday October 22, 2001 @03:06PM (#2461243) Homepage Journal
    From the article: "Windows Update Auto Update security hot fixes for businesses...."

    Early afternoon. Your 20+ IIS boxen automatically get the newest hot fix..and all reboot at the same time!

    Not that would be anything out of the ordinary...

    • Actually for very large server farms that could cause a problem, namely from the electricity standpoint. A lot of businesses are billed based on peak electrical usage and most of those companies have their servers set to boot up sequentially to reduce the peak usage. Since the peak usage on computers tends to be on startup, large amounts of computers rebooting at the same time could make the person who pays the electrical bill unhappy.
  • Any chance URLs which reference other Slashdot stories, such as the one in the story here, could be given without a 'mode' parameter? I'd much rather see the referenced story in the mode I choose in my preferences (ie 'nested') rather than what someone else thinks I should be looking at ('thread').
  • Would this imply that the service providers whose services were used to spread the viruses would be condemned as aiding or harboring terrorists?

  • ANTI-TERRORISM BILLS VS. Computer Crime (Score:5, Insightful)

    by mr_don't ( 311416 ) on Monday October 22, 2001 @03:07PM (#2461257)

    Patriot ACT, USA ACT, ATA:

    I know everyone has read and knows something about these bills, but here is a break down of what they mean in terms of things like computer crime and vandalism...

    (a) Our Constitution gaurantees "due process" to all PERSONS, not all CITIZENS, meaning that immigrants may also enjoy these rights. However, under these acts, immigrants can be held on suspiscion of potential crime (ridiculous!). The Senate Bill allows for indefinite jail time without due process...

    (b) These new laws broaden the definition of Terrorism to include things that include vandilism, computer crime, and (un)civil disobedience. There already exist laws that broadly define terrorism, and flying planes into buildings filled with thousands of innocent people meets those requirements. Marching in a demonstration is not terrorism, throwing a brick through a starbucks window is vandalism and property damage not terrorism, and hacking a website is not terrorism, (it is vandalism!). Also, under terrorism laws, people who harbor terrorists, or give terrorists advice can also be tried as terrorists! If you stay on my couch and then throw a brick at starbucks the next day, I am a terrorist. If I post a security weakness in Microsoft web servers on my website to warn people, and some kid uses the info to hack into someone's site, I am a terrorist!

    (c) The laws give the FBI new powers to wiretap and read emails without a warrant. They can also read e-mails and URLS. If I want to read news about Bombs and Terrorists on google, and I type in "Bombs" and "Terrorists" into the field, that is all the FBI needs to suspect me of crime and set up a phone tap or a Carnivore search on me. The FBI is supposed to only be able to know where an email comes from and where it is going. They are supposed to only read the "To:" and "From:" fields of the e-mails, but how can you look at the header of an e-mail and not happen to glance at the "Subject:" line? Basically, that is what is happening in these laws and with Carnivore. ISP's have to install it on their servers. It is like a black box, no one can monitor what the FBI is doing or reading!

    THESE LAWS ARE UNECESSARY FOR COMBATING TERRORISM! CURRENT LAWS ARE SUFFICIENT! WHY IS THE FBI, CIA, AND JUSTICE DEPARTMENT DOING THIS?

    Resources:

  • virus (Score:4, Funny)

    by networkmonkey ( 462763 ) on Monday October 22, 2001 @03:07PM (#2461262)
    DEAR RECEIVER,

    You have just received a Taliban virus. Since we are not so
    technologically advanced in Afghanistan, this is a MANUAL virus.

    Please delete all the files on your hard disk yourself and send this
    mail to everyone you know.

    Thank you very much for helping me.

    Abdulla
    Talibanian hacker
  • Infact Alan Cox was about to do terrorism via free speech by writing code on his computer and tlaking about on the net! Oh, the inhumanity of the whole thing.

    Its a good thing this is comming out. Think about the potential loss of lives that could exist if people voliated the dmca and wouldn't be tried as potential terrorists! OR if the SSSCA passes, writing an operating sytem could be a terrorist act. I can imainge thousands of lives being lost for such a dreaded activity. Yes, computer crimes have everything to do with terrorism. ???

  • Terrorism (Score:5, Interesting)

    by cluge ( 114877 ) on Monday October 22, 2001 @03:08PM (#2461268) Homepage
    Usually terrorists have some political goal. Even Anarchists have a goal. What exactly is the political motivation for l33t h@x0r from albania that wrote nimda?


    Oh yeah, piss Bill Gates off and get more boxes to DOS yahoo with. Damn silly of me not to see this political movement. I wonder do they have a PAC (political action comity) yet?

    • Some of the analysis I have read on Nimda indicated that it came out of China and appeared to initially target government and financial institutions. I don't know if that's true or not, I didn't follow up to verify those statements.

      It's been pretty apparent in the recent years that a lot of these computer crimes, specifically website vandalism have a purpose behind them, usually political.

  • One hand and the other (Score:3, Insightful)

    by nanojath ( 265940 ) on Monday October 22, 2001 @03:08PM (#2461270) Homepage Journal
    These things cost money and interfere with business, and the perpetrators need to be treated as criminals in kind - vandals, basically, or theives.


    But at a time when the word terrorism has an exceptionally heavy load of connotations and emotional overtones, when our government has declared a formal war on its existence, it is irresponsible in typical, egomaniacal Microsoft fashion to choose that term to describe a kind of mischief (and I'm sorry but all the recent worms and virii are mere mischief compared to, oh, I don't know, say crashing a plane into a building full of people) that it is universally recognized they and their customers make themselves unecessarily vulnerable to.

  • Passing the buck? (Score:4, Insightful)

    by Lxy ( 80823 ) on Monday October 22, 2001 @03:08PM (#2461276) Journal
    Teenage script kiddie finds gaping hole in Outlook. SK writes virus to exploit it. Microsoft blames the government for not stopping it.

    Microsoft is starting to get scared of this "System Admin or Microsoft?" blame game so they figure if they add the Government into it, there's only a 1 in 3 chance that they're liable. They just need another way to avoid the accusations that their software is insecure. The next Nimda/Code Red/Melissa/whatever attack Microsoft can sit back and yell at the government for not stopping it, rather than take the responsibility of patching their software.
  • I suspect the reason that Microsoft wants virus writers to be consider terrorist is to deflect their own responsibility.


    Virus writers are wrong, but does it match bombing a building or hijacking a jet? It should depend on the virus. But, then should Microsoft be arrested for aiding these terrorists by making it so easy for them?

  • Terror-ism (Score:2, Insightful)

    by joshtimmons ( 241649 )
    It seems kind of new-speak to me. After all, viruses and exploits don't cause terror. I mean, sure it could be considered a crime but it's not like people are hoarding water and cipro because they're afraid of nimda.

  • There's a spectrum here... (Score:5, Interesting)

    by BillyGoatThree ( 324006 ) on Monday October 22, 2001 @03:11PM (#2461303)
    I would say that some viruses ARE terrorism. What about the big ol' DDoS we had a year or so ago? It was a smallish group targetting a list of victims for political means. Sounds like terrorism to me.

    And can we really blame the architects of the WTC for not making the building plane-proof? No, I think they performed "reasonably" well.

    So, hypothetically, if a software company took reasonable precautions and had a good record concerning quality and THEN had their software hit by a non-obvious virus I have no problem with the label of terrorism or the use of legislation.

    What'd be really sweet is to turn this back on Microsoft. Get the congress-critters to define "reasonable precautions" and "non-obvious virus" and then only afford protection to MS if they clean up their act (i.e. fix Outlook, IIS and the macro system at the very least).

    • Re:There's a spectrum here... (Score:4, Interesting)

      by Phrogz ( 43803 ) <!@phrogz.net> on Monday October 22, 2001 @03:41PM (#2461556) Homepage
      And can we really blame the architects of the WTC for not making the building plane-proof? No, I think they performed "reasonably" well.

      Actually (my wife is an architect) the buildings WERE designed to be plane-proof...as long as the plane was a 707 or smaller and not loaded with as much fuel as the 9/11 planes were. Here's a story where the architect is quoted [newsday.com]. You just have to set limits somewhere (as is your point) as to how far you can go. You obviously can't design the building to withstand the equivalent of a kiloton of TNT [stanford.edu]...I mean, sure you could, but it simply wouldn't be practical.

    • And can we really blame the architects of the WTC for not making the building plane-proof? No, I think they performed "reasonably" well.

      No, but we can blame the architects of the airline security for allowing terrorists to take over the plane, like providing heavily shielded doors, such as those found in Israeli airlines, who know a thing or two about security.

      Basically your whole argument goes down the drain since you rely entirely on the statement I just trashed.

  • I gotta side with the M$ on this one...they are sorta jumping in the Buzz word of the day catagorey with this one, but there is truth there.
    Viruses definately are a from of Terrrorism to the Net really should be recognized and treated as such. When they hit a company they can have a deep direct impact on that companies ability to perform.
    • Check out the dictionary sometime...people...Terrorism is more than just killing people and blowing up buildings.
      As I said M$ is jumping on the Buzzword wagon, but they DO have a point.
  • ... is that it's undefined. It literally means whatever the politicians want it to mean. It's being co-opted as "anything I don't like, perpetrated by someone I don't like," and Microsoft doesn't like VB and IIS viruses because they might eventually be bad for business.
    • Let me take your comments a bit further.

      Currently, the timeline is like this:

      MS releases buggy Outlook or IE.
      Bugtraq finds bug and notifies MS.
      After MS waits too damned long to fix, they publish code for exploit.
      Exploit(s) occur, MS is sued (or, more likely, their ISV's are sued for unscheduled downtime. Or not even sued. They just bend over.)
      It all gets written off as a business expense.

      Now, if viruses are terrorism:
      MS releases buggy code.
      Bugtraq moves to Kenya (name picked at random) so that they continue to publish (they do this for fear of being branded a 'harborer of terrorists')
      Code gets published, exploits happen, etc.
      Instead of it just being written off, everyone (except the end-user) ignores it. It is either:
      a) act of war. Sorry, the EULA specifically exempts acts of war problems.
      b) Not our problem, even if it isn't an act of war. We have an 'acts of terrorism' rider, so go talk to our insurance company, and piss off.

      Dollars and cents: the legal definition of terrorism matters. M$ knows this.

  • I sort of understand the move to make computer crime a terrorist act; the feds can see that everything is moving to computerized control, and they want to prevent attacks on our critical infrastructure. That makes sense, but I'm not sure they are approaching this the right way. If it is possible to disrupt an airport control tower [zdnet.com] for six hours with a war dialer [americasnetwork.com], we would be better off requiring secure communications channels for air traffic control data than we would be trying to track down every 12 year old who runs ToneLoc and charging them as terrorists.

    Instead of trying to use the latest, most trendy technologies (e.g. using web based controls and XML to create the Joint Battlespace Infosphere Infrastructure [mitre.org]) or opting for the cheapest method of getting things done, we should think about how these things might be attacked and design them to be infrastructure, and should design them to be resistant to attacks [esolutionsworld.com].

  • Close, but not quite. (Score:2, Insightful)

    by eAndroid ( 71215 )
    I can honestly see how this might be plausible: a great number of people are affected, money is lost and potential property is damaged or stolen. These are the sorts of things that constitute terrorism. They even share a goal of terrorism: fear and confusion. However I think that it is not actually terrorism.

    It is significant that Microsoft has invented the term, "industrial terrorism". There is a reason that terrorism hasn't been refered to in the context of industry: it can't be, that's not what it is.

    That doesn't mean that computer viruses aren't crime of course. But considering what existing laws are doing to virus writers and even suspect virus writers there isn't a need for stronger punishment.
  • If viruses are "Industrial Terrorism" then Microsoft is clearly Afghanistan, Iraq, Sudan and Libya all rolled into one. Now, you get three guesses as to who Bill Gates is.

    Hint: the first 2 guesses don't count!
  • If he'll forgive the armchair quarterbacking, perhaps Mr. Gates will allow someone to give him a primer on "industrial terrorism":

    • Scanning port 137.
    • Zombifying some machines to DDOS eBay.
    • writing c0de r3d and writing 4LL J00r IIS R B3L0NG 2 US on your website.
    • Flying three commercial aircraft, fully-loaded with fuel, into office buildings, murdering 6000-7000 people in the process, wiping out $100B in property, shutting down all commercial air traffic for days, practically bankrupting half the airline industry, knocking out Wall Street for a week, and making hundreds of millions in profits by buying put options on airline stocks the week before you attack.

    "One of these things is not like the other. One of these things does not belong."

  • Airlines vs. Buses (Score:5, Insightful)

    by devnullkac ( 223246 ) on Monday October 22, 2001 @03:19PM (#2461378) Homepage


    Michael Lane Thomas write in his article:


    Following Gartner's recommendation to seek alternatives to IIS only accomplishes what the industrial terrorists want. The terrorists who hijacked U.S. airplanes on September 11 analyzed the airline security system until they found a weakness, and then they exploited it. Much in the same way, industrial terrorists analyzed IIS Web server security until they found a weakness, and then they exploited it. If Gartner wrote an equivalent recommendation for business travelers, would it be to take the bus rather than risk airline travel? That would be a victory for terrorism, as would abandoning IIS.

    Give me a break. The implication that IIS is a jet plane while Apache is a bus is just a little over the top. How about a better analogy: ABC Airlines and XYZ Airlines each have their own security philosophies and implementations (not true, but the airline industry isn't exactly like the web server market, after all). Terrorists analyzed and subverted ABC's security methods, but were unable to subvert XYZ's. Gartner recommends fliers switch to XYZ until ABC gets its act together.


    Is this a victory for terrorists?


    --

    • Equating abandoning IIS with terrorism winning is possibly the most cynical, self-serving, absolutely repulsive act I think I've witnessed in the aftermath of the attacks. It's simply mind-blowing that someone could actually write that. Unbelievable.

  • Wrong Buzzword (Score:5, Interesting)

    by FortKnox ( 169099 ) on Monday October 22, 2001 @03:20PM (#2461385) Homepage Journal
    Yes, Virii writers and script kiddies should be punished, but "Terrorists"??

    New virus comes out. You know it can happen to you. Do you fear for your life so as not to turn on the computer????

    Terrorism is starting to become a buzzword, but it is a state of combat (a step below guerilla warfare) where you have the finances and a small group of men to do some small damages, but not enough to do "hit and run tactics" (guerilla warfare).

    How about using another word and lay off the terrorism?
  • If a terrorist uses an airplane to commit an act of terrorism, then that airplane is a weapon, right? Therefore, if a hacker writes a virus that exploits a security home in IIS, would IIS be a weapon? And if that security hole can bring down 100,000 machines, would it be a weapon of mass destruction? ;-)
  • And hanging out in the network neighborhood with your willie on outlook should be called indecent exposure.

  • First the RIAA wanted to be able to legally hack into any machine that they thought had copyright violations, or at least commit a DoS attack.

    Now Microsoft wants to label anyone who does something like that a terrorist.

    Well, this should be interesting!

  • Funniest MS article ever? (Score:3, Funny)

    by startled ( 144833 ) on Monday October 22, 2001 @03:26PM (#2461436)
    All cynicism aside (okay, about half of it), I think this is one of the funniest MS articles ever. This reads like it's straight out of the Onion. First, here's a bit where IIS is compared to Christianity:

    "Just like the ideologies and religions of the world or the political parties of a given country, the technical innovations promoted by competing software companies will always be at odds because they embody the ideas of individuals.".

    Even better, however, is the part where he tells you that if you stop using MS software, the terrorists have won:

    "Following Gartner's recommendation to seek alternatives to IIS only accomplishes what the industrial terrorists want.".

    Finally, though, I especially like the part where he threatens that MS might (Bill forbid) stop making software. Wow, I just don't know what we'd do without a new version of Word! Here's the threat-- if we don't classify this as industrial terrorism, MS might not charge you that yearly subscription fee:

    "But as long as the spirit of innovation is preserved and the implementation of destructive viruses is recognized as the industrial terrorism that it is, then revolutionary ideas like .NET will continue to be provided to the consumer, one innovative step at a time.".

    One innovative step at a time, indeed-- one more step, and he'll be writing for the Brunching Shuttlecocks.
  • Face it...the vast majority of virus problems are spread by hapless users who mistakenly send their buddies emails containing the viruses.

    Does that mean if someone accidently open an html based email that sends a virus to all his contact list that we can be prosecuted as terrorists?

    On the bright side...all the guys in the big house doin' time will get a fresh batch of teenage hacker boys who get to be their bitch

  • I agree that the people who create viruses can/should be held accountable, but we have problems with viruses primarily because Microsoft gave the virus writers such a fertile playground. Notice how Microsoft works around the clock to give away features like web browsers and media players, while the ONE REALLY USEFUL THING THEY PUT IN THE OS IS ANTI-VIRUS PROTECTION!!!

    If Microsoft ran airports, anyone could skip the security checkpoint by clicking "Cancel" or "Next". Most of the people writing viruses aren't even old enough to work as airport baggage checkers! I wonder just how much enforcement there will be when Mr. Ashcroft discovers that most of the offenders are juveniles.

    I believe that the free market should be allowed to do its job. When people get tired of inferior products with excessive vulnerabilities, they will create a market for superior products that are not hackable by a 10-year-old. Those who don't know the difference between the two types of products will create a market for consultants who do. There is nothing happening here that the free market can't fix all by itself.
  • As others have noted, perhaps this helps shift the war in fighting viruses from MS to the Government (to some extent). But if a virus is an act of terrorism (and I'm not even going to get into debating that right now) then what do you call those who enable a terrorist act? What punishment is appropriate?

    I'm looking for similar examples where the actions of a private company can determine the vulnerability of the country to a terrorist attack. Airlines and airports are close examples, but they already have government regulation going on. It's yet another case of the problem where the new digital electronic era runs into problems with those accustomed to the physical world. It is almost as though a private company were responsible for a section of the country's borders, and then let down their guard.

    Some people say that , as much as we love to hate MS, you have to be careful not to blame the victim. (Just as you don't want to blame a woman dressed provocatively for getting raped.) But in this case MS isn't really the victim. They're a 3rd party, selling a product with flaws which enables the victimization of the consumer. In a fair market, their product would just be drop-kicked into the bin of Losers...but Windows is so prevalent now that the cons far outweigh the pros for most businesses.

    It really is an interesting question...what do you do to a private company which unwittingly enables terrorism, and not just once, but again and again and again...?
  • Is anyone else driven beserk by some of the analogies used? This guy is comparing the deaths of over 5,000 people to some computer downtime? Is there anybody unwilling to exploit the WTC tragedy in a despicable manner>BR>

    And this one really makes me mad: the Gartner group telling people to switch to IIS is "giving in to terrorist" - like riding Greyhound instead of flying United. This guy argues switching webservers (a change in product) is equivalent to switching to a totally different mode of doing business. What a terrible analogy. Better analogy: One airline lets armed wackos onto planes, the other one won't. You should fly airline number two, since the hijackers will most likely fly airline number one. Using Apache is no more "giving in to terrorists" than demanding new airline security measures - it is a prudent response to bad people.

    And what is this nonsense about "we're gonna find all the buffer overflows"???? You claim your product is secure, it's been on the market for years, and now it's time to find buffer overflows?
  • Consider these two scenarios:

    1) Your wife and son are sitting in front of a cafe having lunch. You head to an ATM to get some cash to pay for lunch. A car bomb blows up in front of the cafe killing your wife and son.

    2) Your wife and son are sitting in front of a cafe having lunch. You head to an ATM to get some cash to pay for lunch. A hacker has somehow managed to steal all of the money from your checking account.

    Only one of these scenarios inspires terror. Legislators and business persons need to maintain a sense of perspective here. Hacking does not by itself terrify.

    It is honestly shameful that corporations are playing off the fears of the public brought on by 9/11 to promote their own political agendas. By equating hacking with terrorism, they belittle the event.
  • Computer viruses is a form of vandalism and sabotage. But that does not make it terrorism.

    I think it is sad that large corporations show no moral restraints, and are doing their best to make a quick profit on other people's tragedy, which is exactly what Microsoft is doing in this case.
    Other companies are shamelessly running large ad campaigns using the american flag to promote products, something that is illegal.

    Also, Microsoft is in large part responsible for many of these viruses, in the form of neglect and recklessness when building products that are so harmful. If MS expects legislation to pave their way, they must also expect to be made responsible for poor quality control, just like Ford and Firestone was for the rollong explorers. The axe swings both ways, or at least it should.

    According to websters:

    Main Entry: terrorism
    Pronunciation: 'ter-&r-"i-z&m
    Function: noun
    Date: 1795
    : the systematic use of terror especially as
    a means of coercion
    - terrorist /-&r-ist/ adjective or noun
    - terroristic /"ter-&r-'is-tik/ adjective
  • It seems that companies are trying to promote legislation to force the legal system to solve their engineering problems.

    Microsoft too succeptable to viruses and other insecurities? Declare such acts as terrorism and then only script kiddies^H*13 terrorists will be breaking into systems.

    Digital Rights security mechanisms weak? Make it a federal offense to prove it.

    I mean, really: Why even bother with encryption and security? Why not preface all your emails with a header that says "This message is encrypted. Any attempt to break this ROT-26 encryption will be a violation of the DMCA. Informing others how to decrypt this document is similarly illegal."

    IIS Web servers can have metatags that say "Despite the fact that Telnet and FTP access is guest-accessible, this is a secured web server. Any intrusion attempt will be considered a terrorist act and will be dealt with accordingly."

    Basically it's no different than giving everyone a gun and telling them they no longer have any need to lock their doors at night.

  • "Terrorism" definition (Score:3, Insightful)

    by Gorimek ( 61128 ) on Monday October 22, 2001 @03:41PM (#2461555) Homepage
    Lets remind ourselves what the word actually means. Merriam Webster [m-w.com] defines it as the systematic use of terror especially as a means of coercion , and the pertinent definition of terror it gives is violence (as bombing) committed by groups in order to intimidate a population or government into granting their demands [insurrection and revolutionary terror]

    Computer viruses are of course nowhere near this. But since there will now be special rules for "terrorism", it is not surprising to see everyone scrambling to get classified as a terrorist victim. We've seen it before with people trying to get classified as disaster victims, minority members, or any other form of state sanctioned victimhood. It's just how people are.

    The pressure will be to get every form of non trivial crime defined as terrorism, and morally equal to killing 7000 people with hijacked airplanes.
  • I guess Microsoft has joined the likes of the gas gougers and the T-shirt companies charging $25 for a "God bless America" shirt. I'm sick of everyone cashing in on the worst tragedy America has seen recently, possibly ever. Computer viruses should be considered a crime and should definitely be against the law, but it's ridiculous to try and compare them to terrorism.
  • Virii cannot be terrorism because terrorism is the use of terror to win over certain political or religious objectives. Kids who write viruses do it for kicks, not to keep people from using their computers. If they did that, how could they keep having their fun? This is ridiculous.

    On the other hand, Microsoft has been pretty upfront about their FUD (Fear, Uncertainty, Doubt for newbs) tactics for quite some time. How does FUD differ from terrorism? It's scaring people into getting what you want, right? I hope someone reprimands Microsoft for their conduct here, trying to take advantage of a buzzword to save them work...

  • I wish /. posters and moderators would just sit and think for a couple of minutes.. (I guess I shouldn't expect more from slashdot.) Try going for something that's actually insightful or interesting or informative instead of knee-jerk anti-Microsoft.

    This can be brought back to the locked door argument that comes up over and over again. Just because someone's lock is faulty doesn't mean that it's okay to break into their home. Same with writing a virus.

    Whether it's industrial terrorism or not should depend on the intent of the person who released the virus, and whether or not they believed or intended it would attack an industry rather than just a specific person - which would be a more ordinary crime instead.

    It's the same as if someone broke into a company's building and spiked their water supply so they all got too sick to work. That's also industrial terrorism, and I don't see how it's so different from crippling a company by breaking their network.

    It'd be quite hard for a person who released any of the recent anti-Microsoft worms or viruses to admit that they weren't in some way of malicious intent and didn't realise they could do serious industrial damage. That's industrial terrorism. Just because you don't have to step outside your home doesn't make it okay.

    Irrespective of Microsoft's attitude toward security, which incidently is one that I wouldn't trust or use personally for anything important, I don't think you can easily claim that all viruses aren't industrial terrorism.

    And yes, I do think that Microsoft should fix their own problems and no legislation they're trying to push through should let them off. I don't like Microsoft's tactics, I just agree with what they're arguing.

  • Author's email address (Score:3, Insightful)

    by Kletus Cassidy ( 230405 ) on Monday October 22, 2001 @03:46PM (#2461608)
    Instead of posting virulently on Slashdot, did anyone email the author [mailto](mlthomas@microsoft.com) of the "Industrial terrorism" article?

    This is probably the most tasteless attempt to use the September 11th events to further an agenda I've seen yet.

  • definitions? (Score:2, Interesting)

    by Rev.LoveJoy ( 136856 )
    I am really curious what defines an act of 'industrial terrorism?' I will bet this definition varies a great deal between this crowd and Joe User.

    For instance, it would be simple for just about anyone here to pickup a $25 spammer CD kit and send out README.TXT.VBS to all 5 million emails on said disc (hey, you'd still get some hits).

    *** README.TXT.VBS ***
    c:
    cd \windows
    del *.*
    *** README.TXT.VBS ***

    Does this make me a 'terrorist?' - because MS OS allow we might consider root level scripting to execute under the user session?

    I agree with the earlier poster who said in a sense what we're seeing is another attempt to fix a technology problem with legislation. How many years of current political incumbents will it take before gov't figures clue into the idea that this is a failed philosophy from the start?

    - Annoyed,
    - RLJ

  • I'd say that if you call viruses terrorism, Microsoft is an Accessory to terrorists because they make them SO G*Damn easy.
  • Well terrorism it isn't. Come on! the horror of watching those poor suffering folks falling from the sky or saying good by to loved ones while waiting for the building to collapse? There is no comparison. MS should be ashamed.

    However, I would entertain some other name punishable by what ever the MS money can buy in congress. How about a contest where we decide: What do we call it? And, what is the punishment?

    Mediocritism and the punishment is daily virus dat file updates....

  • Start at home, M$ (Score:2, Interesting)

    by itsmoops ( 530133 )
    Granted that since their operating systems are popular they are bound to attract attention of of virus writers,etc., but they are as much to blame.

    Linux and other *nix have security holes, but they aren't near what the M$ holes are.

    Case in point, the DDOS attacks come from security compromised Windows machines. And take your pick of the recent viruses that have crippled anyone running IIS and wasted everyone else's bandwidth. With every upgrade thay make, why couldn't they make it more secure? They either chose not to or don't know they need to. Neither is acceptable. (or as Thomas stated" Expecting software to be written flawlessly.....but unrealistic." Hey Thomas, how about reasonably instead of flawlessly? Is that too much to ask?)

    Consider that since we all share the net, glaring flaws in operating systems can affect us all, regardless if we run it or not. (I am referring to DDOS and viruses like Code Red)

    And it looks like it is about to get worse with XP. Some may recall GRC.com's adventure with a script kiddie using security compromised Windows machines to launch DOS attacks. To see what I mean look at: http://grc.com/dos/intro.htm

    So if Microsoft wants to jump on the terrorism bandwagon, and have the legal system clean up a mess they made, they should start at home and shore up their products and protect them from script kiddies that need comparatively remedial skills to launch attacks and write trojans and viruses. I would applaud them making their own software secure before they launch yet another OS.

    I am not bashing M$ but, it seems that they are partly to blame in the problem they want our legal system to fix. I do think there should be some legal accountability, but that's another post.

  • Human rights, anyone? (Score:4, Insightful)

    by jeti ( 105266 ) on Monday October 22, 2001 @04:03PM (#2461786)
    The US claim to enforce human rights all over the planet. However there seems to be a blind spot.

    DoJ analysis of the Anti-Terrorism Act:
    "This retroactivity provision ensures that no limitation period will bar the prosecution of crimes committed in connection with the September 11, 2001 terrorist attacks. The constitutionality of such retroactive applications of changes in statutes of limitations is well-settled."

    Declaration of human rights, Article 11.2:
    No one shall be held guilty of any penal offence on account of any act or omission which did not constitute a penal offence, under national or international law, at the time when it was committed. Nor shall a heavier penalty be imposed than the one that was applicable at the time the penal offence was committed.
    • Changing the statute of limitations for a crime does not change the definition of a crime (so doesn't violate the first clause you italicized) nor does it change the penalty for the crime (so it doesn't violate the second clause). I agree that there's a bit of questionable morality going on here, but they're careful to keep it Constitutional, and that seems to be sufficient to keep it within UN guidelines as well.

  • bin Laden's Corrolary to Godwin's Law (Score:3, Interesting)

    by Frank Sullivan ( 2391 ) on Monday October 22, 2001 @04:33PM (#2462073) Homepage
    As an Internet discussion grows larger, the probability of a comparison involving terrorism or bin Laden approaches one.

    (see http://www.tuxedo.org/~esr/jargon/html/entry/Godwi n's-Law.html)

    Sigh.

  • ROFTL: MS should watch what they wish for ! (Score:3, Informative)

    by redelm ( 54142 ) on Monday October 22, 2001 @04:57PM (#2462165) Homepage
    Don't many of Microsoft's products meet the defintion of a virus?:

    Makes the computer run slow

    unexplained disk activity

    makes files disappear randomly

    causes machine lockups

  • What Microsoft doesn't know... (Score:3, Interesting)

    by gillbates ( 106458 ) on Monday October 22, 2001 @05:38PM (#2462434) Homepage Journal
    Is that this legislation - making computer crimes terrorist acts - would undoubtedly incur legal liability on their part. If computer crimes are terrorist activities, then Microsoft is an accomplice by extension - they not only provide the terrorists with the tools of the trade, but specifically engineered virus weaknesses into their products. Thus, they could be tried in the same manner as the UNIX programmer who wrote a backdoor into the system. Interestingly, a EULA can't shield Microsoft from criminal liability.

  • Not terrorism (Score:3, Insightful)

    by Anonymous Coward on Monday October 22, 2001 @07:05PM (#2462865)

    Newspeak like this shouldn't be tolerated.

    People in the WTC had a reasonable expectation that a 767 wouldn't land there. It's not normal for an airplane to crash into a skyscraper. It had been many years since the last time it had happened. (B25 into Empire State Building, maybe?) It probably won't happen again for a very long time. They people in WTC were unconsenting victims.

    People who use MS Outlook, or run potentially overflowable servers with full privledges, do not have a reasonable expectation of being free of attacks. It is normal for Outlook to execute viruses. It is normal for Windows to load and execute code on removable media by merely inserting media. It happens all the time. It will happen again. People who catch Outlook viruses are consenting victims, making them not victims at all. They are simply unwise.

    If you know that you are a sitting duck, and you can trivially do something about it, then when the duck gets shot, the shooter is not a terrorist. He is merely a teacher and fulfiller of destiny.

  • The New American Buzzword (Score:3, Insightful)

    by Jagasian ( 129329 ) on Monday October 22, 2001 @11:16PM (#2464009)
    The New American Buzzword (sarcasm folks)
    I don't like football. Football is terrorism.
    Smoking is bad for people's health. Smoking is terrorism.
    Stealing is wrong. Stealing is terrorism.
    I dislike the winter. Winter is terrorism.
    I ate a burger yesterday, and it tasted horrible. It was pure terrorism.
    Racism is nothing more than terrorism.
    Ford Explorers plus Firestone tires are nothing more than terrorism.
    Hippies? Sheesh! They are terrorism born flesh.
    P2P filesharing hurts our bottom line. Napster is terrorism.
    Them peoples over in the middle east... yeah, they are different, and I don't like it. The only explanation is that they are terrorists.
    Sooner or later, running red lights and other traffic violations will be equated with terrorism. Not long after that, the latest type of music popular amongst teens will be branded terrorism, just because the older generation dislikes it.


    Reminds me of Object-Oriented Programming in the 90s. EVERYTHING IS AN OBJECT. Well now, EVERYTHING IS TERRORISM!

Slashdot Top Deals

"When the going gets tough, the tough get empirical." -- Jon Carroll

Close