I love IP Tables....

Les hlhowell at pacbell.net
Wed May 30 07:56:09 UTC 2007 

On Tue, 2007-05-29 at 21:14 -0400, Patrick wrote:

> jdow wrote:
> 
> > And the first time a Fedora Core release is hacked Red Hat goes out of
> > business. Is this your goal? (Mind you, there are days when I have
> > uttered enough unkind words Fedora-wards that I'd applaud the concept.
> > Note, there are not as many such days as there are days I've felt the
> > urge to disembowel somebody on the Microsoft campus - which would be
> > too kind for some of them such as the doofus who invented "Clippy.")
> > 
> > {^_-}
> 
>    I tend to think that if Red Hat is selling a distribution; then yes, 
> they are liable just like Microsoft would be. If they are just selling 
> support for a free distribution; then no, they would not be liable for 
> anything they did not service. The end user should be liable for the 
> software their machine is running unless it can be proven to be a 
> problem which they could not be reasonably expected to know about.
> 
>    For instance, using the popular car analogy: if I buy a car from Ford 
> and I keep it in the stock condition, then they are responsible for it 
> working as it should. If I do not maintain it properly, then I can be 
> held partially or fully responsible for an accident resulting from a 
> problem with the vehicle. The court would have to assign the percentage 
> of blame depending on how well I maintained the vehicle and if it had 
> anything to do with the accident.
> 
>    However, if I modify the car from stock; then I become responsible 
> for the modifications if they contribute to an accident. If I bought a 
> kit, then I can also get the court to assign blame fully or a percentage 
> depending on if I correctly followed the installation instructions.
> 
>    If I buy a Windows product and leave it totally stock, then I cannot 
> be held responsible for problems with it. If Microsoft notifies me of a 
> problem with the software and I ignore it, then I can be held partially 
> or fully responsible (depending on what the court finds). If I install 
> other software on the computer, then I assume responsibility unless I 
> can show that the third-party was negligent in troubleshooting the 
> software. Under those circumstances they can be assigned partial or full 
> blame in the matter (depending on their user agreement).
> 
>    If I get a Linux distribution for free and agree to a user agreement 
> which states that I am fully responsible for anything bad happening to 
> the computer, then I should be held responsible for any problems it 
> could create. If I do not want that responsibility, then I should not 
> install the software and just stick with a stock Microsoft (or other 
> vendor's) product.
> 
>    Just my thoughts. They could be subject to revision should a good 
> argument present itself.  :-)
> 

One thing missing in this discussion is the scale of costs.  No
individual, outside of maybe Bill Gates could begin to repay for the
damage caused by a rogue computer spreading a virus.  Nor can one
individual be even considered of being capable of patching a flaw in a
piece of readily available software of proprietary nature (remember that
"reverse engineering" is banned by most user license agreements.)  So
lets say you get a law passed that puts the onus on an individual.  You
get hacked, and the hacker uses a bit of code inside your system to
"spiff up" his latest virus/worm program.  Your name is in the code
(courtesy of the memory map when your bit was built).  Now that code
breaks out and infects 200,000 systems, bringing them to their knees.
You had all the good AV stuff installed, the system had a firewall, but
this particular hacker managed to slip by, say by a reflection attack,
posting a worm into your network layer, and recording itself on your
printer's flash.  Now even rebooting, even formatting the disk will not
completely remove the infestation.  You get on the next day and poof, it
launches again from the printer.  Now the worm works itself into a
financial network, brining it to its knees.  Only four systems were
infected, but one of those contained customer records.  Now what?  What
should the owner be charged with?  How much should he pay when the
second round damages are totaled and reach say 100Megabucks.

Think about it.  What would you do?

Regards,
Les H
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070530/2d6b7bb0/attachment-0001.htm>

More information about the fedora-list mailing list