Posted on 01/17/2003 10:15:03 AM PST by AdA$tra
This is very surprising to me. I think what this gentleman is proposing is that (under circumstances defined by him) he should be allowed to get access to other people's computers and make changes of one sort or another. Killing one or two processes that he doesn't like. His judgement is good. He's trustworthy. He'll do the right thing.
And the security people oppose this? Unbelievable! (/sarcasm)
This is a specious argument. There are less invasive ways for the author to block a malicious process from entering his system.
Who says that it is legal or illegal?
Machines themselves have no rights. IF the owner of the machine claims a malicious process, then that owner would have the right for her machine to not be trespassed (and also would be a likely target for jail), but if the owner of the machine makes no such claim (the odds on favorite since making such a claim would send you to jail), then the rogue process in question has no legal owner.
Without a legal owner, and since machines themselves have no legal rights, who is to say whether or not someone being attacked by that rogue process can shut it down or not?
Your reply is proof that you can read just about anything into anything, if you try hard enough.
I'm not so sure about this -- and I've been there! Years ago, back in the days of Usenet and slow modems (and almost the entire network exchanged e-mail and postings via periodic dial-up connections). Somebody had requested a file, which I sent him (uuencoded -- sort of an attachment). The message was quite large. Something went awry with his university's machine and every 20 minutes a copy of this thing was flung back at me, eating up modem time and my employer's connection to the world.
This went on for days while I sent e-mails to the recipient, the machine's super-user, called various people at the college... Could I have killed that process remotely I would have.
But I'm still not convinced this is a good idea...
No, author, it's because the rights of a one are being violated in the two cases other than the goobermint school example. The collective has no more rights than an individual.
Someone owns that box. Someone paid for it to be hooked to the net and someone is paying for the bandwidth. There are ways to get these folks' attention; if a process on the box is messing with other boxes, that alone violates the TOS of just about every ISP or colo that I know of... the box can be disconnected and remain so until it gets cleaned up.
OTOH, if you prefer to take the bull by the horns and invade another box and kill some processes, that action just puts you in legal hot water.
Fence it off and complain to the hostmaster and the ISP.
By analogy - a rogue process (eg a worm) that has infested your machine and is irritating other machine owners is like a stray dog that gets into your yard and barks all night, keeping the neighbors awake.
(1) Its not your dog. (Its not your worm/process.)
(2) Its on your property. (It got into your machine.)
(3) You may choose to ignore the problem - its not your dog, after all. (Its not your worm!)
(4) But then the neighbors have the right to shut the dog up by calling animal control. (Hmmm...this implies there should be some form of, not "net police", but "net sanitation engineers" or "net pest control" that then should have the legal right to enter your machine and shut down the worm.)
Fact is, even if you have a tight firewall, the Nimda virus that has infested someone elses machine still causes your web server to write log messages even if you are not running a Microsoft web server. Thus it is consuming your bandwidth, and your disk space by flogging your webserver. Thus, like the neighbors irritated by a barking dog at night, you should have some recourse.
Perhaps that recourse is not to go bust into someone elses machine and kill the worm yourselft (climb over your neighbors backyard fence and shotgun the damn barking dog.) But it does look like we could use some kind of pest control organization that could contract with ISP's, whereby if you get net access from that ISP you agree to let the pest control onto your property (into your machine) to kill pests. And if you don't like that, then find some other ISP that provides net access (e.g. Ann Rand Web Access, Inc.) that has no such contract with a pest control company. Of course, I can see how in the future 5 or 10 years, ISP's that don't do active pest controlling will find their IP addresses blocked off from the web (can't send or receive email from there, pointless to host a website from there.)
Not saying I think this is the solution, or should be the solution, but it would work (while introducing problems like noncompliant ISP IP address ranges getting banned from general net access.)
Comments?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.