Jim Preston wrote:
Steve Wray wrote:
Spiro Harvey wrote:
Shame you haven't talked to to others - like havp for example - before
doing this.
The announcement to EOL the old releases was made at the start of
october last year. If people using clam as an integral part of their
software don't read announcements, what fault is that of the clam
developers?
They had 6 months to sort it out.
The thing is that there are a few little issues here that, as points
of law are not clear yet. In what follows words like 'vendor' may not
be used entirely legally precisely, IANAL, but I am certain that with
a bit of squinting my meaning will be clear.
I know that in certain jurisdictions, reaching out to someone elses
computer (ie not your property) and disabling functionality on it
could constitute a criminal act.
I sincerely hope that someone somewhere under such a jurisdiction goes
to the police and reports the Clamav developers for such an offense.
Why?
Because Clamav is now in the same category as Apple, Amazon and Sony
(to name three that come to mind right away). This is the category of
vendors who have remotely disabled (or removed) software running on
computers or devices belonging to their customers. Not on computers or
devices belonging to the vendor and which are leased to customers, but
the *property* of those customers.
I believe that this is extremely inappropriate behavior for *any*
vendor. I am shocked that an OSS vendor would even consider such an
action.
Note the massive amount of negative press that Amazon got for remotely
deleting copies of George Orwell's 1984 from the Kindle. Sony have
recently started remotely disabling Linux functionality on the PS3
iirc. Do we really want the OSS community to be tarred with the same
brush?
This kind of high-handed arrogance NEEDS to be put down and hard.
I imagine that the Clamav team would be hard put to raise a decent
legal defense against this and, so, if they lose such a case a legal
precedent could be set which could conceivably deter this kind of
thing from larger organisations.
I would really love to see that happen even if it destroys the Clamav
project.
No hard feelings against them, but if Clamav want to set themselves up
as sacrificial lambs to test a point of law and it ultimately benefits
society at large, great.
Well, prosecution would be justified if ClamAV had actually done
something illegal. What they did was modifiy their signature database to
support new features with advance notice and the fact that any
particular installation of unsupported software failed to handle it
properly is the onus of the owners / sysadmins of the individual
systems. If you happen to fall into that category, then it is time to
upgrade your system.
I am not a lawyer but I do think that this is something that the
authorities might possibly examine.
I do think that pushing out an update which disables functionality without
explicitly requesting permission to make such a change *before* making that
change *should* be criminal.
Ie: without someone on the server which is about to have a service stopped
having to at least press the 'y' key on their keyboard, for example.
This kind of thing really is extremely arrogant, I can see no other way to
put it. Sorry if that offends.
--
Please remember that an email is just like a postcard; it is not
confidential nor private nor secure and can be read by many other people
than the intended recipient. A postcard can be read by anyone at the mail
sorting office and expecting what is written on it to be private and secret
is not realistic. Please hold no higher expectation of email.
If you need to send confidential information in an email you need to use
encryption. PGP is Pretty good for this.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
