On 7 Aug 2001, John Hasler wrote: > Ian writes: > > Seems like a pretty grey area though. He is ultimately responsible for > > it. There has been enough publicity about CR to ascertain that the > > system admin was negligent in his duty. > > Someone on Advogato just pointed out another risk. What if you only popped > up a message but someone else installed a nasty trojan? How do you prove > that you didn't do it?
The burden of proof should be on the accuser, especially when dozens (hundreds, thousands?) of computer owner's log files show the box was engaged in a potentially damaging activity before the warning dialog popped up. Perhaps checking with a registry of infected/infested machines first would help. If someone put a vermicide package in Debian, I would probably install and use it... for sure if it had a sequence of actions that were triggered by sucessive probes from the infested machine (ranging from least to most intrusive, and taking steps to minimise the equivalent of a DDOS attack on the infected machine). I think the time is right for software antibiotic and vermicide packages, and I think anything that helps stop the spread of infectious agents would be welcome by everyone using the 'net for legitimate purposes... as long as the steps taken are not proactive, there should be little room for the owners of systems that get medicated to accuse the users of such packages of engaging in nefarious activities. - Bruce
