SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Who's responsibility?

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
Igor Tawank
Not quite a Newb


Joined: 31 Oct 2006
Posts: 27
Location: On a rockets business end!


PostPosted: Wed Oct 24, 2007 12:24 pm Reply with quoteBack to top

Hello.

I'm doing a topic for a presentation, and I'd like it if a few people could give me their opinions on the following:

"Users are responsible for their own safety against online threats such as viruses and phishing. Naivety is not an excuse."

This isn't my own opinion, just the name of the topic.

What do you all think? How much of the responsibility lies with the user? Or with the software vendors/businesses/IT staff of wherever they work?

Appreciate any thoughts you have.
View user's profileSend private message
Slightlyoutofit
Baiting Guru


Joined: 13 Feb 2007
Posts: 14310
Location: Foraging for Nuts.


PostPosted: Wed Oct 24, 2007 12:40 pm Reply with quoteBack to top

I think a lot depends on the situation. If you're at work and you're told that you have to do certain things, but not told that they may bring you into contact with online fraud, it's down to the company for it's poor training.

If however, the individual is aware of the pitfalls but still fails, it's down to them.

Software vendors and IPs have disclaimers which mean that they're legally immune from any blame.

My personal opinion is that if a PC user is aware of viruses, phishing or fraud and they get caught out, 99% of the time it's their own fault.

_________________
Star pony pony pony Nurse Nastys Audi TT Purple Flower Whip
Safari Jolly Roger Mortar Closed lad accounts Cellphone United Kingdom

God will see you true for all this you have done to me you bastard. - Collins Kalu
MAY THE HAND THAT TYPE ON KEYBORD BECOME STRICKEN AND TRANSMIT VIRUS TO YOU ENTIRE BODY. - Dr Linda Akeem
oh what a mess its time cabbage punks like u will be expose for trully what they are. - David Cole
View user's profileSend private messageYahoo MessengerSkype Name
Igor Tawank
Not quite a Newb


Joined: 31 Oct 2006
Posts: 27
Location: On a rockets business end!


PostPosted: Wed Oct 24, 2007 12:40 pm Reply with quoteBack to top

I think it might be worth pointing out:

As this site has recently been attacked by a DoS attack, it is possible users with lax security are responsible in some way.

I don't know if the admins/powers that be at this site have a way of knowing, but a DDoS (Distributed Denial of Service) requires many users, in the thousands or millions. This is frequently acheived by using 'zombie computers', or computer that have been compromised and can be made to perform certain actions (eg, sending spam, partcipating in DDoS attacks) by remote. zombie computers that are all controlled by a single 'botmaster' or group of them are called 'botnets'.

So, in a way, lax user security could have been a contributory factor in this attack, as well as others. Just thoughyou might want to tkae that into account.
View user's profileSend private message
Goldry Bluszco
*** BANNED ***


Joined: 28 Nov 2005
Posts: 362
Location: With Prospero


PostPosted: Wed Oct 24, 2007 12:52 pm Reply with quoteBack to top

Err, Igor, you really really should read the Site Updates...

_________________
Goodbye, go and find your stamp somewhere, I am contented with my service and I am not begging you to buy my stamps.

pony
View user's profileSend private messageSend e-mail
Igor Tawank
Not quite a Newb


Joined: 31 Oct 2006
Posts: 27
Location: On a rockets business end!


PostPosted: Wed Oct 24, 2007 1:04 pm Reply with quoteBack to top

Meh, sorry. Just trying to show off Very Happy
View user's profileSend private message
luckey
Moderator


Joined: 25 Jan 2007
Posts: 5629
Location: Check the lost and found


PostPosted: Wed Oct 24, 2007 5:09 pm Reply with quoteBack to top

It seems to me that responsibility is ideally shared for things like that. Additionally, everyone in the chain can benefit by taking a chunk of the responsibility.

If businesses educate their employees about such threats and provide tools to reduce likelihood of damage from unwanted software/email pests, it can only improve productivity and save money. If companies like Microsoft make their software more pest resistant, it gives them a competitive advantage and broader user appeal.

_________________
Moderator: \ˈmä-də-ˌrā-tər\: noun
A material which slows down neutrons after fission to speeds at which their probability for interaction with the fuel material is increased.
View user's profileSend private messageSend e-mail
michael bolton
Master Baiter


Joined: 04 Oct 2006
Posts: 175
Location: Texas


PostPosted: Wed Oct 24, 2007 5:23 pm Reply with quoteBack to top

Well being from Texas, I'm going to have to take the other side of this discussion. I would say that the person who wrote the virus is the one responsible, just as if someone were to break into my house, I am not responsible for that. Should I have bought stronger windows that they couldn't put a rock through and come in? Or is there a certain presupposition that I am supposed to be safe in my own home?
The people who created the zombies in the storm bot network took great care to make the emails very believable so that people would click them. They had a program that would attempt to exploit a great number of possible weaknesses in a computer. They built in "counter-measures" to the code, such that if an anti-virus researcher probes too deeply, it will automatically trigger a DDOS attack against him to thwart his work. They even issued a patch to their trojan after Microsoft updated Windows to be more secure against this specific trojan.
I would say that the responsibility rests squarely on the shoulders of the Vlad who wrote the program.

I don't believe that the victim is responsible for the crime, and as such, whatever measure he employs in countering the attack are justified.

In short, if a guy comes through the bedroom window, I will shoot him.
If a Vlad attacks my favorite forum, I will bait with the idea of inflicting as much damage as possible. No more fun baits for me, thank you. I'm out for blood.

_________________
"this transaction is legal and 100% rick free"
"Thanks for your message and the insult."
View user's profileSend private messageICQ Number
Nanny Ogg
"Bruce"


Joined: 19 Mar 2007
Posts: 2623


PostPosted: Wed Oct 24, 2007 9:14 pm Reply with quoteBack to top

Good point Michael Bolton.
If I went out and left my windows and doors open I would feel partly responsible if my dvd player was nicked but if I've locked the door and someone kicks it in then thats them to blame .
Same applies to computers.
View user's profileSend private message
gargstang
Master Baiter


Joined: 01 Jun 2007
Posts: 139
Location: Around the way


PostPosted: Wed Oct 24, 2007 10:04 pm Reply with quoteBack to top

You do have to admit that there seems to be some lack of common sense that many people share, falling for certain security risks that say, phishing emails and such present. Many of these risks seems to stem from sites that people visit. How many sites do you see warnings about these things that I would venture to guess the majority of visitors don't bother to read. Kind of like the stickies here sometimes.

_________________
[ <a href="http://forum.419eater.com/forum/viewtopic.php?t=133443">Intro</a> - <a href="http://forum.419eater.com/forum/viewforum.php?f=12">Start Here</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=24605">FAQs</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=5413">Rules</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=117865">Safety</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=32877">Ethics</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=122306">Get Mentor</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=81028">Premium</a> - <a href="http://www.scamwarners.com/">Scam Victims</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=119780">Real Banks</a> ]
View user's profileSend private message
kleindoofy
*** BANNED ***


Joined: 24 Oct 2004
Posts: 6248
Location: Europe


PostPosted: Wed Oct 24, 2007 10:08 pm Reply with quoteBack to top

gargstang wrote:
... lack of common sense ...


That's the polite way of puting it. Cool
View user's profileSend private message
ParaNoid
** REMEMBERED **


Joined: 12 Sep 2006
Posts: 5123
Location: Looking for Steward.


PostPosted: Thu Oct 25, 2007 1:38 am Reply with quoteBack to top

garstang,

Stickies??? Confused

Shocked

Laughing

_________________
Gold Coins here

pony pony Closed lad accounts Goat Goat Goat Goat Sand Timer Easter Egg Easter 2015
Mortar x 4 <b>Looking for a Mentor? Click here</b>

"If I get mad at you, please just understand me. I am just being ParaNoid because I love you so much." - unknown

Visit www.scamwarners.com
View user's profileSend private messageSend e-mail
thud419
Baiting Guru


Joined: 04 Jan 2006
Posts: 3193


PostPosted: Thu Oct 25, 2007 9:39 am Reply with quoteBack to top

Of course the ultimate responsibility for malware must lie with the person who released it. Where someone purposefully acts to harm another then we expect the legal system to bring these criminals to justice. Society has found that it is best to institutionalise punishment and rehabilitation, and in return we expect all such acts to be crimes. Distributing malware is indeed a crime, and such people are often convicted.

However stealing is also a crime and people are often convicted of that too, yet we expect to have to lock our doors. We do not expect to have to barricade ourselves in our own homes. If that were to prove necessary then we might complain that the legal system was flawed.

It stands to reason that there is no criminal without a crime, and if there is a crime then there must be victims of that crime. We can not expect law enforcement to stop all crime from happening, only to ensure that any given criminal only commits a limited number of crimes. If the punishment for a crime exceeds the profit from committing it then we may expect that no-one would commit it, but in reality people do not believe they will be caught, or are temporarily or permanently incapable of making that determination.

We must therefore expect a certain background level of crime as a fact of life and similarly accept the responsibility of taking it into account.


As private individuals, we do not expect to be able to leave our front door open all night, and our insurance would not pay out if we did. Maybe in a perfect world we should not be expected to lock our doors, but this world is far from perfect. Common consensus is that it would be irresponsible not to take some steps to avoid being the victim of crime. Although exactly where that line lies would be subject to intense discussion.

People have a responsibility to be reasonably secure in their private life, and it is reasonable for a company to expect at least that level of security from them. Companies have a responsibility for making all the requirements of a job clear to their employees, and that includes security issues. They are responsible for ensuring that the employee is capable of following those requirements - either by training or by replacement, and by providing resources to facilitate it. They are responsible for ensuring that the employee can carry out all their duties efficiently, safely and securely. It may not be a responsibility, but it is surely a requirement, that this must be proactive, responsive and user-friendly, because if an employee finds that they can not operate both efficiently and securely, then they will act efficiently and to hell with security (and safety.)

Quote:
..[allegedly] the biggest security threat was from MP's themselves.

"Security doors are propped open, guests left to wander around after meeting their MP unescorted, not displaying their passes and responding to requests to identify themselves with the question 'Don't you know who I am?'

"Add on to that getting their staff to park their cars, when the staff don't have security clearance to enter the car park, sharing their passes with staff so they can go and buy them lunch, bringing in hire cars and not telling the Pass Office so we have numerous 'non-cleared' vehicles in the underground car park.
-- http://news.bbc.co.uk/1/hi/uk_politics/3661994.stm



Moving on to the software publishers and distributors.

Some cars are recalled because they are "dangerous". My car has never been recalled, and yet I can use it to kill myself and many others quite easily. I could do that either on purpose or through negligence. It seems that with cars, at least, there is some responsibility on the user to act safely. It is not the responsibility of Ford, GM, VW etc to ensure that I act safely. That responsibility is held by society, administered by government and enforced by the courts.

It would be totally impossible to require car manufacturers or distributors to ensure safety. They have no power to affect the behavior of the users of their product. They could only make cars safe by making them of rubber and limiting the top speed to 20mph. Then users would find a way of disabling the limiter or drive off cliffs in them.

Like cars, the use to which people put computers can only be controlled by the manufacturer or distributor at great cost to their usability. While the manufacturer does have a responsibility to ensure that the computer is safe and secure when used properly, they are not responsible for ensuring that they are so used. They are responsible for ensuring that it is possible to use them so.

Manufacturers and distributors can only do so much to ensure the security and safety of users. It would be counter-productive for society to require them to assume too much responsibility. It is always the natural responsibility of the individual to act to protect their own safety and that of other members of society. However when individuals are seen to not be acting in such a way, any further responsibility to ensure safety must fall on society.

I can not own a dog, sell investments, operate a radio transmitter or drive a car, without having a license. These are things that are considered harmful to other members of society if not handled properly. It has not always been necessary to have such licenses, and their introduction causes controversy. I can use nicotine and alcohol if I am an adult, but there are several drugs I may not use. This is because they are considered harmful to myself. Those laws are relatively recent; if I remember correctly, Sherlock Holmes took cocaine. There are also a huge number of very similar objects, substances and pursuits that are entirely free of legislation. It is always my responsibility to act safely. The laws are in place to ensure that I cannot act unsafely even though I may not have the knowledge or inclination required to act safely.

The legal framework is not complete or consistent, and it can not be expected it to be so. Society changes over time and what at one time may seem a minor issue, at another may seem to be of major importance. At one time society may believe the individual desires to act safely, and at another that he must be forced. But whatever the legal framework I have certain legal and moral responsibilities toward myself and others. It is always my responsibility to act safely and to ensure that I have sufficient knowledge to do so, but sometimes society acts to ensure that I have that knowledge.

It is the natural responsibility and instinct for the individual to act safely. However to do so they must have the necessary degree of knowledge. It is pointless to require users to be responsible for their own safety if they do not have the knowledge of how to be safe, but if we don't want rubber computers, they are the only ones who can be responsible.

How to square that circle is a debate that must be left to society as a whole.

_________________
Click here to feel warm and cozy.

I did not f**k your wife in any way -- Nike Akanbi
I don't know what else to do or do I continue filling and filling forms. -- Barr. Koloti
you has been dribbling me up and down but I will show some thing you have never seen before, I think you breath air wait and see. -- Sand Timer Barr. Cole
Cellphone x14
United States x 0.25 won from Reaper in a sucker's bet

Hello Kitty! pony Mortar x8 Closed lad accounts x several
View user's profileSend private messageSend e-mailVisit poster's website
Doctor X
** ACCOUNT CLOSED **


Joined: 15 Apr 2007
Posts: 766


PostPosted: Thu Oct 25, 2007 11:51 am Reply with quoteBack to top

Or you could just get a Mac. . . .













What?

--J.D.

P.S. Seriously, people are responsible for their machines. They are responsible for knowing the basics.

_________________
וגם־אני נתתי להם חקים לא טובים ומשפטים לא יחיו בהם
ואטמא אותם במתנותם בהעביר כל־פטר רחם למען אשםם למען אשר ידעו אשר אני יהוה
View user's profileSend private message
luckey
Moderator


Joined: 25 Jan 2007
Posts: 5629
Location: Check the lost and found


PostPosted: Thu Oct 25, 2007 1:56 pm Reply with quoteBack to top

^^ If everyone had a Mac, then Macs would be more heavily targeted. Macs are less prone to malicious software because few people bother to write for such a small segment, not because they are intrinsically safe. Macs DO get viruses and your Mac will do nothing to prevent you from falling for a phishing attempt.


You can also avoid car accidents by taking a plane.

_________________
Moderator: \ˈmä-də-ˌrā-tər\: noun
A material which slows down neutrons after fission to speeds at which their probability for interaction with the fuel material is increased.

Last edited by luckey on Thu Oct 25, 2007 2:07 pm; edited 2 times in total
View user's profileSend private messageSend e-mail
TheGreatOok
CATBINGO


Joined: 25 May 2007
Posts: 2355
Location: Lost in L-Space


PostPosted: Thu Oct 25, 2007 1:58 pm Reply with quoteBack to top

^^^ I also hear boating cuts down on car accidents too.

Of course planes and boats can all go to the same places as cars right?

Good analogy Luckey.

_________________
For Free Bananas Click Here!
HYIP: pyramid x3 Banks: United Arab Emirates
Pith Helmet Samuel - Ziguinchor, SE to Dakar, SE - 264 km through Gambia Helping JojoBean

"I knew rigth from the first time you sent email to me that,you are a bloody *DELETED*" - Sgt Daniel Vess
"I NO BLAME U NA DI DIRTY TOTO WEN BORN U NA IM I BLAME. CATBINGO" - Lee Wong
"I AM EQUAL TO A MENTAL RETARDED PERSON" - Alvan Ben
"You have pushed me to the wall and i will make you smell yourself i bet." - George Martins
"THE FOOL STOLE YOUR US$755, HE DOES NOT DESERVE TO LEAVE ON THE PLANET" - Jim Ovia

pony pony - for a perfect brown nosing job. Wink

pony Mortar x4
View user's profileSend private messageSend e-mailVisit poster's websiteSkype Name
mindgames
Not quite a Newb


Joined: 20 Jun 2007
Posts: 54
Location: United States


PostPosted: Thu Oct 25, 2007 2:54 pm Reply with quoteBack to top

Well, this is certainly an interesting topic for me.

A user is responsible for what they do with their own belongings. If the user voluntarily sends out their money to a 419 scammer, then they bear some responsibility. The scammer also has a responsibility to fulfill his/her promise, which of course he won't, so he is also morally responsible, to a degree. He did knowingly manipulate and lie to the victim with the intention of scamming the victim, and probably succeeded.

However, the victim is not always responsible. Back to the analogy of locks, if there is a built-in defect in the lock that a burglar can act upon (like tapping the cylinder a few times) to unlock it and break in, then it is the responsibility of the manufacturer for the defect, just like it is with a gunsmith if the gun backfires and kills the user.

In the case with Windows operating systems, Javascripts, and browsers, the responsibility is primarily on the manufacturers and botherders. There is a vulnerability in which without any significant interaction with the user, the machine can be hijacked. The user sees an e-mail about a YouTube link or something, and clicks it to see what it's all about. They didn't (not in all cases) go in and explicitly say "run this program". They were just looking, loaded a page, and without knowing anything about what was going on (expecting the browser to be safe) had their machines hijacked. The user is not doing anything unreasonably dangerous (at least it's not supposed to be) when they click the link (explicitly downloading/running it, or entering financial information into a fake bank site is dangerous). The manufacturers are not responsible for the user running this program, but if someone exploits their program, which should be secure, then they are responsible, just as a locksmith is responsible to the point the user locks their door. The primary, and unconditional responsibility is, of course, on the shoulders of the hijackers. They knowingly and intentionally exploit this vulnerability (and do something else when the first one is fixed) and break into people's computers to use them for malicious purposes. They are also, of course, the ones who then command the victims' machines to perform illegal operations, for which the user is not responsible. Another subtle responsibility lies on the shoulders of the ISPs. When they see a customer's machine hijacked, they have a moral responsibility to at least alert the user, but instead they watch it happen, and then don't even always shut down criminal sites/bots on their network when they see them.

Edit: This video shows a demonstration of the exploit, where it checks what version of a browser you're using, and uses the corresponding exploit to try and hijack the machine.
http://www.net-security.org/malware_news.php?id=851
View user's profileSend private message
Igor Tawank
Not quite a Newb


Joined: 31 Oct 2006
Posts: 27
Location: On a rockets business end!


PostPosted: Thu Oct 25, 2007 3:17 pm Reply with quoteBack to top

By all means, keep posting, but thanks a lot for the responses. Some very thoughtful and in-depth opinions here.

Generally a lot more fruitful than some other places I tried to get info from.
View user's profileSend private message
gargstang
Master Baiter


Joined: 01 Jun 2007
Posts: 139
Location: Around the way


PostPosted: Thu Oct 25, 2007 7:15 pm Reply with quoteBack to top

@Paranoid - The sticky thing was more of a comment from when the forum was open to all the newbs who repeatedly asked the same inane questions over and over when they could have simply read some of the threads and gotten the same answers. Not so much of a problem at the moment.

_________________
[ <a href="http://forum.419eater.com/forum/viewtopic.php?t=133443">Intro</a> - <a href="http://forum.419eater.com/forum/viewforum.php?f=12">Start Here</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=24605">FAQs</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=5413">Rules</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=117865">Safety</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=32877">Ethics</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=122306">Get Mentor</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=81028">Premium</a> - <a href="http://www.scamwarners.com/">Scam Victims</a> - <a href="http://forum.419eater.com/forum/viewtopic.php?t=119780">Real Banks</a> ]
View user's profileSend private message
Lady Wolf
Hello I'm New here!


Joined: 28 Oct 2007
Posts: 19


PostPosted: Sun Oct 28, 2007 10:43 am Reply with quoteBack to top

I really think it should be the responsibility of the isp providers to provide free virus protection/ani spyware to consumers to assist them in protection from these threats since it impacts their customer base when paying customers are afflicted.

Although braking up the line as it were, it should be more of a goverment responsibility to stamp out spyware/trijans as it's a clear privacy violation in most places. As far as adware goes, somethign similar shoudl be done wiht hevier fines levied agaisnt companies that produce it. (Dreamign I know but still.)

It's really sad when the consumer has to eat the bill for anti trojan/spyware program costs to guard against crap a multi million dollar company produces on a grand scale.
(Especially when some of the "free" ani spyware/trojan versions download spyware, or are bleedin useless.)
View user's profileSend private message
Radden
** SUSPENDED **


Joined: 26 Mar 2005
Posts: 1267


PostPosted: Sun Oct 28, 2007 12:31 pm Reply with quoteBack to top

Quote:
"Users are responsible for their own safety against online threats such as viruses and phishing. Naivety is not an excuse."


Users who are more "attuned" to the computers will obviously be held more responsible than those that are out of tune with technology. For example, I have to take care of my mothers computer, because they won't run the software I ask them to run weekly... basically I find a trojan (not the condom, kiddos) every time I go over there and scan their computer.

I cannot hold them responsible for wanting a computer or the internet, but I kinda feel the need to hold them responsible when the step-pa logs on millions of porn sites.
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



** Find out information about your IP address **


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT