Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Censorship Your Rights Online

Symantec Tries to Censor Criticism 328

KnobDicker writes "Wired News reports Symantec is pressuring the ISP that hosts the Peacefire anti-censorware organization." Peacefire's founder, Bennett Haselton, wrote a decryptor for Symantec's software's blacklist and posted just that. His tests found that 76% of its .edu blocks were incorrect and that the software violates its privacy policy. Symantec's response? Threaten a lawsuit. But Peacefire isn't backing down. More below...

Let's first get the facts straight. Peacefire has not posted copyrighted material. It has posted code to decrypt I-Gear's encrypted blacklist. This is exactly like the DeCSS case, except the goal is criticizing a product instead of space-shifting movies.

The criticism here is that 76% of the .edu-domain blocks are wrong. This is a huge number. This suggests that, for every time the product blocks you from offensive material at an .edu Web site, there are three other times it blocked you from perfectly ordinary material.

While there are some people (like Bruce Taylor of the National Law Center for Children and Families) who would like to deny it, nobody's making this stuff up. Censorware really does suck. In fact, Peacefire did the same thing to X-Stop, another blocking package, two weeks earlier, and found a 68% .edu error rate. (But its maker hasn't threatened to sue. Yet.)

So what did Peacefire learn about I-Gear? A description of a milking machine system written in Spanish - blocked. Tricks for a flight sim game - blocked. A page entirely in Latin - blocked. Volumes 4 and 6 of "Decline and Fall of the Roman Empire" - blocked (but you can still read Volumes 1, 2, 3, and 5, go figure).

Furthermore, Peacefire revealed that Symantec is apparently violating its privacy policy by sending information to its servers without telling the user. Your Windows-registered "real name" and "company name" secretly get sent back to Symantec.

You may recall Haselton's Slashdot story "Keep it Legal to Embarrass Big Companies," from two weeks ago. He wondered if these kinds of pressure tactics would be the response to his efforts. It's already started.

The legal issue appears to be whether Symantec's End-User License Agreement (EULA) can contain a clause prohibiting reverse-engineering - and whether that clause can be enforced. UCITA will be the thousand-pound gorilla here, providing real legal muscle behind onerous EULAs. Fortunately, the current legal situation is more iffy, and cnet's story talks about that a little.

Symantec wants to distribute I-Gear only on the condition that nobody looks under the hood or says anything bad about it. And UCITA would back that up - by sending people like Haselton to jail for revealing products' flaws.

And then there's the question of why Symantec is using lousy crypto in the first place. As KnobDicker concludes: "Rather than being thankful that Haselton has conducted testing and work that they should have done themselves in the first place (for *free*), Symantec is crying in their beer and threatening to break out the lawyers to quash the bad press. Chalk up another one for the Open Source model's system of thorough peer review instead of development in a proprietary vacuum."

This discussion has been archived. No new comments can be posted.

Symantec Tries to Censor Criticism

Comments Filter:
  • I knew Symantec couldn't be trusted! Ever since they started buying companies they became less tolerant. I think it's time for a boycot!
  • by alighieri ( 74730 ) on Thursday March 09, 2000 @09:55AM (#1214192) Homepage
    I urge everyone who supports anti-censorship causes like this one go to the PeaceFire site and buy a t-shirt and give a donation. The last time PeaceFire was featured in an article a number of people bought shirts, but nobody made a donation. Bennett is not making money off the t-shirt sales. Giving a little, even just $US5-10 would be helpful, and would bring the price of the t-shirt up to what you'd normally see.

    ----------
  • by 348 ( 124012 ) on Thursday March 09, 2000 @09:56AM (#1214193) Homepage
    The DMCA does permit cracking devices to conduct encryption research for the purpose of interoperability and to test computer security systems. Fair Use. This is what Haselton has done, plain and simple. Reverse engineering is addressed in the DMCA for certain areas. Haselton was fully within the realm of information security validation.

    Remember when Sony filed suit against Connectix for essentially the same thing? End result was Sonly lost because the court of appeals stated that Connectix was in compliance with the DMCA and that this use of reverse engineering is protected under fair use.

  • by EricWright ( 16803 ) on Thursday March 09, 2000 @09:57AM (#1214194) Journal
    I bet they'd block my resume. I mean, I did graduate cum laude!

    Eric

  • by ryanr ( 30917 ) <ryan@thievco.com> on Thursday March 09, 2000 @09:58AM (#1214195) Homepage Journal
    >And then there's the question of why Symantec is
    >using lousy crypto in the first place

    Because it's not possible to keep secrets on an untrusted computer that needs to access them. If the program needs to decrypt the URL list itself, than so can anyone with a copy of the program, if they spend the effort. You can sue the best crypto alogrithm in the world, but then they key is stored somewhere in the program, where the owenr of the computer can get at it.

    This is a fancy version of copy protection and client-side security. It can't be made unbreakable.
  • A quick little story about my experiences... Back when I was a high school Sophomore, blocking software was just in it's infancy (assuming it still isn't). Bowing to pressure from parents, the country slapped software onto its network which hadn't even cleared the beta stage. Meanwhile, those of us in the business department of the school were using the net to track stocks, using a state run program which cost the department a good $200. (I know, we could have done this with a newspaper and a calculator, but the department wanted to use the net to prove to parents that they were "high tech." The day the software was installed, all the websites our $200 software used were instantly blocked, for reasons unknown. As a result, we spent the next 2 weeks watching crappy 80's documentary videos. Oddly enough....whitehouse.com remained unblocked...
  • From the Wired Article:

    As for the blocked Latin page, Courville speculated that the software's language-translation capabilities may have found something in the Latin text that qualified it under the pornographic categorization.

    Haselton guessed that something may have been the high frequency of the Latin word "cum."

    That's classic.

    -josh

  • by Count Spatula ( 103735 ) <f_springer&hotmail,com> on Thursday March 09, 2000 @10:00AM (#1214200)
    At least, I'm not suprised. Symantec has lots of money and lawyers, and they are the average petulant company, pissed that someone isn't playing exactly by their rules.

    Some of you may recall that Solid Oak Software has threatened Peacefire in the past. Hell, Solid Oak has even mail-bombed detractors and has recompiled their CYBERSitter software to generate a fake error message if it finds peacefire.org in your browser cache on install. Don't be suprised if Symantec does equally vile things to their consumers. After all, censorship is vile business. Certainly, there is no reason for this attack on Peacefire other than to "get even" for questioning their "moral" authority.

    The only thing we can hope for is that this will result in a win for Peacefire. Otherwise, get ready for Big Brother in full effect...

  • I can understand why Symantec wouldn't want such a thing decrypted - a competitor could simply decrypt their list and use it. However, seeing as I-gear probably won't be installed on any /.'ers computer, I don't think its an issue. Who cares what some software company has in it's license terms? Don't we realize that if we in the open source movement wrote software that EVERYONE wanted to run, that these "Big Bad Software Companies" would be at our mercy. They couldn't release software with ludicrous license agreements if everyone wanted to run GPL'ed software.
  • by um... Lucas ( 13147 ) on Thursday March 09, 2000 @10:02AM (#1214203) Journal
    I kind of agree with symantec here... I mean, what Peacefire did is extremely misleading... No site blocking software is going to be perfect, but for them to disect the list, but only the first 50, and at that, only the first 50 educational sites, and then post findings such as a 76% error rate... I mean, that's very biased, and absurd.

    If they can decode the list in it's entirety, why don't they do a little more analyisis of it... What is percentage of .edu sites contained in the list. 5%? 10%?

    How about an analysis of the first 1000 entries? EDU or not.

    In direct marketing, people realize that a sampling of 10,000 people from a given list is generally the bare minimum to use in terms of being able to accurately predict response rates... For instance if mail something to 1,000 people from the same list and get a great response, you shouldn't go ahead and buy 100,000 more names fom that list, because you didn't get an accurate sampling...

    The same goes with peacefires thing... They're using nearly enough information to give a real idea of what's happening... When you're able to skew data like that, you can show nearly any result that you want.
  • by schporto ( 20516 ) on Thursday March 09, 2000 @10:02AM (#1214205) Homepage
    And of course the number six is sex in latin.
    -cpd
  • by Evangelion ( 2145 ) on Thursday March 09, 2000 @10:03AM (#1214206) Homepage

    As a similar note, I'm now going to be dropping my copy of Norton AV (Symantec's AV software, for those cave dwellers), and going and getting something else for my home network.

    I mean, if I buy product from these companies, how can I really blame them for producing it?

  • and I don't have lots of money, but here goes:

    Symantec is pushing some crappy software in iGear.

    OK, now let's sit back and see if I get sued. I'm waiting.

    Still waiting...

    Eric

  • by Millennium ( 2451 ) on Thursday March 09, 2000 @10:06AM (#1214209)
    The problem is, the idea I have does involve what some could consider a privacy violation. However, in the end this one might well be worth it. You decide...

    Every time a piece of censorware blocks a site, it sends the URL (with no information which could identify the user) back to the company which makes it. The companies must keep these lists of blocked URL's public and up-to-date.

    Why do I think this should be done? Because it makes you see the censorware companies for what they are; people who compile blacklists of banned information. Not unlike book-burning (I hate to use this comparison so often, but there's nothing more appropriate), only on a scale not seen in the West since Hitler's time. The idea here is to get people to see filters for what they really are. No law is going to directly change the current situation of censorship. It takes a cultural shift to do something like that, to make the people see that censoring knowledge -any knowledge- is far worse than the information itself could possibly be. But for that to happen, people have to see censorship for what it is. Censorware companies have been using sneaky marketing tricks to confuse people for several years now, and the sad fact is that it's worked pretty damn well. So before we can set out to change attitudes toward censorship, we have to undo that confusion. It's the only way it'll ever work.
  • by whoop ( 194 ) on Thursday March 09, 2000 @10:10AM (#1214212) Homepage
    One large arguement I see from many of you is that censor proxies have too many valid sites blocked. Well, how about taking the Open Source/distributed.net approach? I know there are some for squid. How about a system where each morning/once a week/whatever a group of moderators are sent URLs to check up on. They do so, trying to determine if it's some directory, or the whole domain that gets listed. If there is porn (a set of standards would have to be established), they report back and it's added to the blacklist. I know I would be willing to take a few minutes every once in a while to do so. You could have a whole system of checks on the web site, if someone doesn't agree with a blacklisting, it's sent to two or three moderators and if they don't agree it's removed. If someone finds a new porn page, they can submit it and it's added to the queue. If there were hundreds of moderators, like Debian does with it's packs, each individual has only a small workload.

    Then every week or so the HQ web site puts out a new blacklist. We can have all kinds of easy update utils to help those not squid-knowledgable, and some folks could make a Windows application to do it for those folks as well. Heck, if the existing censorware's methods are decrypted like this one, we could write utils to encrypt it again and drop it in to their directory.

    I'm not going into whether you like blacklists or not, so let's keep these to ways of doing it correctly, since these other prorgams don't seem to do it very well. Using an open source list, and appropriate means of rectifying errors, we can do it properly.
  • You may just be a rabble-rouser (I love that word), but I agree. Symantic used to actually make good products, then they went on a buying spree.

    Now, probably since there is no more competition, all they do is rip you off. Who does this remind [microsoft.com] you of?

    I remember the day when buying something that said Norton on it meant that it would _reduce_ the chances of your system crashing horribly. I also remember when there was more than just two companies making anti-virus software (Let's not even get into McAfee).

    I know I might sound really old and like I'm losing it but I feel like something should be done about this company. Before it's too late... what if Symantic discovers *nix?

  • by Kevin T. ( 25654 ) on Thursday March 09, 2000 @10:12AM (#1214214) Homepage
    There is no implication that a similar number of .com sites are blocked. The only way to determine that is to do what Peacefire did with .coms.

    The reasons .edu is a good target for Peacefire are:
    1) k12.edu sites often have pages made for group projects by kids under 18, the ones who are supposedly being protected.
    2) These same kids will probably end up looking at university sites (or the Smithsonian, if their project is on George Lucas's use of mythology...blah) for those same projects. Doing a report on Diocletian? Go to that Calvin College site and grep (or "find" in Netscape) for his name. Unless, that is, the pages are blocked.
    3) The signal/noise ratio on .edu sites must be relatively good-- .com has too many sites, and too many lousy/ trivial sites, to be a good test subject. Sure, there are lots of pointless student homepages, but most students don't have time to completely fill up their 5 MB with pictures of their friends. Moreso, .edus must have very strict rules governing what students can put up-- most student-run porn sites on a Uni server will go down really quickly. Finally, .edu sites tend to be well-indexed by search engines, including their own internal engines (meta-crawlers get a lot of .edu hits).
    4) If you are out to Prove Something, like Peacefire, Greek and Roman histories/ literature translated into English SGML are valuable statistics-boosters. I haven't gotten to Vol. IV of Gibbon yet, but I would venture that any good translations of Sophocles's plays have frequent use of words like "bitch." Despite this, who's going to argue that high schoolers shouldn't read Sophocles? (Thomas Bowlder would, but he's dead.) It's very convincing to point a figure at the percentage of .edu blocked.

    Remember that, at least according to the Al Gore types, the Big Use for the Internet is .edu. That's what Internet 2 is supposed to be-- returning the bandwidth to .edu and .gov. So, it seems reasonable to plant the battle flag on .edu

    --Kevin T.
  • So, the phrase 'with six foos' translates to 'cum sex foos'? It's no wonder that got censored!!!

    Eric (who knows nothing about Latin, so forgive my possible grammatical errors)

  • Manga cum laude? You're getting a degree in anime? Cool! Where can I sign up for that program??

    -- WhiskeyJack

  • by jallen02 ( 124384 ) on Thursday March 09, 2000 @10:14AM (#1214218) Homepage Journal
    I am fixing to send off my donation to peacefire. I hope everyone else does to. If.. 1000 people donated 10 dollars its not a lot but it matters. I hope everyone really considers what 10 dollars can buy in an effort. This is something we all need to do strength in numbers support people with backbone so they dont get their balls busted! Now gogogo

    Jeremy Allen

    Disclaimer:This post was made from M14 (Mozilla Seamonkey!)

  • You're right, the DMCA is not a problem in this case. The UCITA, however is a problem, and it would legitamive EULAs. AFAIK the UCITA has not become law anywhere, but it is up for vote in several states.
  • Besides making donations to PeaceFire, people should mirror the decrypting software in case PeaceFires's ISP folds under the pressure from Symantec.

    Obviously, what Symantec should have done is admitted the problem and fixed the software. In fact, they should just make the blocked list of URL's "open-source" in the sense that everyone could see the blocked list, contribute links that should be blocked, and correct things that are incorrectly blocked. Enough eyeballs makes all bugs shallow...

    If I was a parent, and I felt I needed blocking software for my children, an open-source system is the only thing I would consider.

    Torrey Hoffman (Azog)
    Torrey Hoffman (Azog)
  • by Tassach ( 137772 ) on Thursday March 09, 2000 @10:23AM (#1214223)
    Given the highly dynamic nature of the web, it's impossible to assemble a definitive list of offensive sites. Keyword blocking will never work, given the fact that many words have multiple meanings. Even the most advanced AI cannot make the kind of intelligent value judgements that are required. Blocking lists will never work, period. The only software system that could possibly achive the goal of keeping kids from seeing things you don't want them to see is to develop a list of approved web sites, and only allow access to those sites. Of course, this destroys virtually all the useful value of the web; and such a system would be totally unacceptable for adults. Censorware is nothing more than snake oil; sold to the fearful and paranoid who don't know any better.

    Even if you had 95% accuracy (which is far, far better than anything on the market actually achieves), there would still be an unacceptable number of unblocked sites and mistakenly blocked sites. Let's assume there are 10,000,000 web sites; under a given rating system, 1,000,000 are blockable, and 9,000,000 are permissable. With 95% accuracy you would have 50,000 sites that should be blocked that are not, and 450,000 sites blocked that shouldn't be.

    What really makes me scratch my head is why adult-oriented sites provide links to the various censorware sites. Webmasters, particuarly adult webmasters, should be the LAST people on the planet to lend legitimacy to these snake-oil salesmen and wanna-be thought police.

    The internet is an amazing resource. Like the real world, cyberspace has much to offer; some of it appropriate for children, some of it not. Parents need to be educated that they need to supervise their children in cyberspace just as much as they do in meatspace. If people spent half as much money and effort promoting parent education as they did promoting ineffectual censorware, they might actually achive their stated goal of protecting the children. Unfortunatly, for most of these people "protecting the children" is a merely convienient cover for their real agenda of forcing their religious beliefs down everyone else's throats.
    "The axiom 'An honest man has nothing to fear from the police'

  • by ryanr ( 30917 ) <ryan@thievco.com> on Thursday March 09, 2000 @10:23AM (#1214224) Homepage Journal
    From:
    http://www.peacefire.org/

    March 2, 2000
    Download IGDecode, a program that can decrypt the list of sites blocked by I-Gear. We decrypted I-Gear's list and determined that of the first 50 URL's in the .edu domain blocked as "pornography", 38 of those were errors, for a 76% error rate. We also discovered that when you install I-Gear, it scans in your real name used to register your copy of Windows, and uploads this information to Symantec

    ...

    So, uhh...12 of the first 50 .edu sites have porn?

  • >The hyperlinks referred to above violate Symantec's copyrights and trade
    secret rights,

    What?
    They are links. Not ideas or anything intellectual. How can you copywrite this?
    How are they trade secrets? Links to porn sites are a secret? These are sites dying to get hits.

    I just don't get it. Its like calling my "spots in Lake Ontario to catch the best fish" a copywrited material.
  • by Savage Henry Matisse ( 94615 ) on Thursday March 09, 2000 @10:27AM (#1214230) Homepage
    My girlfriend was in a Women's Studies program at a major midwestern University for a few semesters. She recalls one lecture when a prof-- a fairly well-known feminist theorist who'd done a lot of work on porn-- stopped mid lecture to relate this anecdote. She (the feminist prof) had been lecturing on "facial cum shots" in porn videos and photography, talking about what the act of ejaculating on a woman signified. Apparently (and this highlights one of those "academia in a vacuum" sort of problems) she'd researched this sort of material for years, always referring to them as cum shots (pronounced "koom," Latin for "with") She had a classical education (including Latin and Greek) and couldn't for the life of her figure out why the Adult Entertainment Industry (not usually a bastion of the classically educated) chose to give such images a latinate name. And what did they mean by "cum"? A "with" shot? With what? Ejaculate, she assumed, but the name was still something of a mystery. It was years later, midway through delivering a speech at a symposium, when she had the sudden revelation that this cum was pronounced come not koom and had nothing to do with latin prepositions.

    (I know, it's miles off-topic, but still a good story.)

  • If Peacefire was able to figure this out so easily, even after having to decrypt the URL data, why isn't Symantec doing exactly the same thing, as a form of quality control? How hard could it possibly be for them to do this?

    And, if Peacefire had numbers like "76% of .edu blocks are incorrect", why doesn't Symantec respond by questioning their methodology, or providing statistics of their own about precision and recall in their filtering software?

    Either they have the data, and would rather resort to lawsuits instead of defending their product, or they don't even bother to do the most basic quality control on their product. Either way, that's a really friggin' lazy corporation.

  • by A nonymous Coward ( 7548 ) on Thursday March 09, 2000 @10:27AM (#1214232)
    Have you looked at their analysis? It wasn't some quick and dirty glance; you have to read the whole page to be sure the whole page is "clean". If a site is mistakenly listed, you have to look at the entire page to see that.

    Doing this to EVERY site would simply take too long. In fact, this is how these idiot filter companies get bogus entries to start with -- they just look at the name, don't even bother to read the page itself.

    Secondly, this is the TOP 50 sites, presumably the worst offenders. It's as if you were verifying the FBI top most wanted criminals, and found 76% who were in fact not criminals, just ordinary professors or students. Why bother checking the rest? If the so-called worst offenders are 3/4 wrong, why even bother with the rest? If they can't even get the worst offenders right, what does it matter how right the rest are? If Symantec can't be bothered to verify even the worst offenders, what makes you think they are going to verify the small fries?

    --
  • There is no way that this decrypter can be banned by current federal law because it isn't for reverse engineering and the like. It is only to see a list of blocked sites. Symantec really doesn't have a case here and if peacefire plays its cards correctly it could set a major precedent here.
  • by Anonymous Coward on Thursday March 09, 2000 @10:28AM (#1214234)
    Oh gawd. Slashdot moderation on the entire internet. Consider:

    http://www.microsoft.com (0, Overrated)
    http://www.freebsd.org (3, Underrated)
    http://www.linuxone.com (-1, Troll)
    http://www.debian.org (4, Insightful)
    and of course:
    http://www.whitehouse.gov (0, Redundant)

    ;-)
  • I think it would need to be more rated. Use a similar system to what HBO uses before their movies. I mean there is a difference between a hard porn sites, sites about homosexuality, sites on AIDS, Beaver College, and sites on Latin. However maybe here I want to block anything with any sexual content. So hard porn, homosexual sites, and the sites on AIDS are blocked. But I can choose which categories to block. This would allow the people/communties implementing the filters to block only what they want.
    Personally I wouldn't block anything. However I can see the need for it.
    -cpd
  • by Quintin Stone ( 87952 ) on Thursday March 09, 2000 @10:38AM (#1214246) Homepage
    You were welcome to conduct your own analysis of Symantec's blocked site list. Peacefire made their software freely available and posted a link to the URL database on Symantec's server... until Symantec rendered their link useless. Kind of makes it hard for anyone to counter Peacefire's numbers, and it was Symantec's decision to do so.

    Maybe they do have something to hide?

    Did you read Peacefire's site? According to them:

    We found that portions of the Web sites of the American Civil Liberties Union (ACLU.org), the Electronic Frontier Foundation (EFF.org), the Center for Democracy and Technology (CDT.org), the Electronic Privacy Information Center (EPIC.org), and the Censorware Project (Censorware.org) were blocked by I-Gear in its "pornography" category. On the other hand, none of the major pro-censorship groups (enough.org, frc.org, afa.net, fotf.org, etc.) had portions of their Web sites blocked.

    And the pro-censorship response [cnet.com]?

    "I don't trust that Peacefire is telling the truth," Taylor said. "It's all part of the cyberpunk revolution. They don't like the government telling them that they don't have free access to the Internet. It's like 'Lord of the Flies,' and they think they have the conch."

    Oh, God, what an idiot. There are so many things wrong with that statement, I don't know where to begin!

  • The idea behind Open Source is that code and information should be free. Not just free as in "at no cost," but free as in "free flowing." But the Open Source mindset that is required to have a successful project can't also agree with the idea of censorship in the first place. They are contradictory ideals.

    The whole reason censorship is wrong is that no two people can agree on what should or should not be censored. The reason OS works for software is that a bug's discovery or feature's implementation will be obvious to someone, given a large enough sample set. An open source censorware program would have people simultaneously working towards contradictory ends -- every site will offend someone, and every site should be read by someone. So the sum total of all people will want to block everything, while the rest are trying to unblock everything!

    This is why we must defend everyone's right to say whatever they want to say, no matter how much we detest it -- including things said by those who support censorship. It's why the price of freedom is ever-present vigilance.

    Censorship and Open Source are contradictory aims and an Open Source censorware program could never succeed. Censorware itself is a "Cathedral" mindset -- where the "priests" hand down to us "laypersons" what is and is not acceptable, and if we don't like it, the best we're allowed is to hope for a change in the next revision.

    The best way to fight back, if you ask me, is to use this fact to our advantage: No two censors agree on what should be censored, and what should not be censored. A house divided against itself cannot stand. This is, ultimately, why we will win the battle against censorship -- even though today things look bleak.

  • So, uhh...12 of the first 50 .edu sites have porn?

    You got ME confused for a second, there... Yeah, 12 of the first 50 edu sites that are on the blacklist, not 12 of the first 50 random .edu pages.

    You know, "4 out of 5 dentists recommend foobar for their patients who chew gum"

  • Oops, I hit "submit" instead of "preview". (perhaps this will add a % point or two to my /. purity test?)

    http:// service1.symantec.com/DISCUSS/SUPPORT/feedback2.ns f/product+feedback [symantec.com]

    Now, I'll hit the "preview button"... ;)

    • What really makes me scratch my head is why adult-oriented sites provide links to the various censorware sites. Webmasters, particuarly adult webmasters, should be the LAST people on the planet to lend legitimacy to these snake-oil salesmen and wanna-be thought police.
    Why, for the same reason strange and bizarre things are always done: fear of lawsuits. Adult sites are under constant threat of lawsuits from parents. Those parents will blame the sites for every antisocial behavior of their unsupervised children. (We all know how nudity turns children into murderous psychopaths.) So as a defense, these sites can say "But why didn't you use some kind of filter software? Look, we even provide a link to it!" Adult sites don't make any money off of children anyway (no credit cards!) and the adults who regularly visit those sites aren't going to be using filters in the first place (they don't download their porn at the local library). Really, what have they got to lose? As long as filter programs exist, they don't have to worry about the government just up and banning adult sites completely (or they hope).
  • by RancidPickle ( 160946 ) on Thursday March 09, 2000 @10:50AM (#1214258) Homepage
    What a shame. I used to like some of Symantec's products. But... I cannot support a company that secretly steals information against their own privacy policy. It doesn't matter if the company they bought disclosed it or not, it is Symantec's responsibility to go through their purchased property before plastering their name on it. Sorta like a Captain is responsible for his crews' actions.

    I want to go through the banned sites to see if any of my domains are in it. What are the legalities if your site is included? Can one sue because of mistakes made by Symantec? Isn't that lost revenue, the same as if someone cracked into your web server and deleted the site? The results are similar.

    As far as threatening Peacefire, they are now in the league of bullying companies that threaten rather than fix. It's surely easier (and cheaper) to threaten lawsuits than it would be to fix the problem. Distributed-checking the URLs, as someone here has already suggested, would allow blocking of real porn sites from kids yet not have stupid blocks against items like Latin language texts. Hell, have URL's checked by at least 5 independent folks to eliminate biased censorship. This would give Symantec an edge over the other censorwares (we check so you don't have to, and we can PROVE it). If their encryption was poor, fix it... but why censor their lists? Is it because they're afraid that bona-fide non-offensive sites will sue? Open the lists. Put in seeded fakes so they can check if other companies are stealing their work.

    As an aside, I've always supported Peacefire. I've had a link off of warpedreality.com since I put it online. Isn't it worth a line if text off of your page too?
  • You mean I'd get to watch porn for a living if I become a feminist theorist? Cool, sign me up...

    To bad I don't belive in that whole women are equal thing, but what the hell....
  • by Frac ( 27516 ) on Thursday March 09, 2000 @10:54AM (#1214266)
    None of the websites were the main college PR web sites. They were all college student home pages.
  • by LinuxParanoid ( 64467 ) on Thursday March 09, 2000 @10:56AM (#1214267) Homepage Journal
    Blind assertions don't make truth or a good legal defense.

    How does Haselton's cracking honestly fall under the definition of "interoperability" or "testing computer security systems"? Any definition I can think of where Haselton's actions would be considered "testing security" would be so tortuous as to render the phrase meaningless. "No sir, I wasn't hacking the encryption, I was just testing security systems" isn't going to fly without additional credible indication of intent. Mr Haselton's publication of the encrypted contents along with an analysis of the contents, (not just publishing the fact that the security was weak like 99% of security alerts) suggests quite strongly that his goal was *not* testing security methods but gaining access to secured content. The interoperability argument in this case is even more specious-- what two pieces of software was Mr. Haselton trying to make interoperate?

    IANAL, but Haselton looks like he's standing on shaky ground, even assuming a noble purpose. Looks to me like a classic case of thinking that the ends justify the means. I welcome rational counterarguments; perhaps I'm missing something?

    --LP

  • by swordgeek ( 112599 ) on Thursday March 09, 2000 @10:57AM (#1214269) Journal
    <p><i>"Imagine the bad press and negative mindshare it'd get them..."</i>

    <p>I hate to disagree, but 'negative mindshare' with who? With the people who have let eBay get away with appalling uptime? With the majority of the public who think MS and Bill Gates personify Noble American Ideals(tm)? With the people who support RealTrojan Theftware, the Spamazon Patent and Lawsuit Company, and DoubleCross?

    The general public doesn't care about this sort of stuff. No matter how much they talk about censorship and privacy online, they don't understand the issues, nor do they _want_ to, unless their credit card number is stolen. Fair enough--people don't care about the details of how their power gets to the light switch either. BUT, the end result is that only a tiny minority--us--will give a rat's ass about ANY level of corporate abuse as it pertains to the internet.

    Or in short, it's nigh impossible to generate negative mindshare in a flock of sheep.

  • by TMB ( 70166 ) on Thursday March 09, 2000 @10:59AM (#1214270)
    (since I don't have moderator points right now)

    Of course, there's always...

    http://www.userfriendly.org (3, Funny)
    http://slashdot.org (-1, Flamebait)

    [TMB]
  • The DMCA does permit cracking devices to conduct encryption research for the purpose of interoperability and to test computer security systems. Fair Use. This is what Haselton has done, plain and simple. Reverse engineering is addressed in the DMCA for certain areas. Haselton was fully within the realm of information security validation.

    Once again, the DCMA and UTICA are at odds... What a world.

  • One large arguement I see from many of you is that censor proxies have too many valid sites blocked. Well, how about taking the Open Source/distributed.net approach? I know there are some for squid. How about a system where each morning/once a week/whatever a group of moderators are sent URLs to check up on. They do so, trying to determine if it's some directory, or the whole domain that gets listed. If there is porn (a set of standards would have to be established), they report back and it's added to the blacklist. I know I would be willing to take a few minutes every once in a while to do so. You could have a whole system of checks on the web site, if someone doesn't agree with a blacklisting, it's sent to two or three moderators and if they don't agree it's removed. If someone finds a new porn page, they can submit it and it's added to the queue. If there were hundreds of moderators, like Debian does with it's packs, each individual has only a small workload.

    Unfortunately, it won't work.When you have a (self-appointed?) group of people deciding these things, it's going to get skewed towards their own personal biases. Unless you take an open, /. model, you can't avoid it. Even with 'meta-moderating' on the website like you propose, you're going to get a disproportionate amount of certain site content that the main moderators dislike to wade through.

    And even then, the /. style of moderation depends on the honesty of its users... now how honest do you think the meta-moderators are going to be about adult sites?

    For one thing, who is actually doing the moderating? It's basically two camps: the 'net savvy geeks, and the casual users who just point and click. Most of the point-and-clickers won't want to spend time doing this, so we're down to the geeks and the end-user protectionists. I think we've seen how all the geeks tend to respond to this on these boards, and with situations like Holland, we know how the protectionists work. So, where do we end up?

    We end up with people who don't want to see porn either having to view it to verify those sites, or just trusting what's already been submitted and clicking 'Fair'. On the other side are the people with more liberal views of porn, who will mark such things 'Unfair' even if they may be rather graphic to others. Then we have the very few who will actually check out the sites, think it through, and then moderate appropriately once they've considered what they believe is 'acceptable' to the 'majority'. Of course, their own views on what the 'majority' finds acceptable are based on their own personal biases...

    It's way, way too fuzzy. Is there a limit to how many times a site can be submitted as porn? What about subsites? What about old sites that change from porn to non-porn, or vice versa?

    This would require tremendous amounts of people, or tremendous amounts of time for a small group (who would be much more likely to skew the results just based on sample size). I don't see either way as practical.

    And to top it off, you have to educate people to use the end-software. It either has to be built into the web browsers (and we know how quickly things become non-standard that way), or a seperate program that has to be downloaded, installed, and set up. And yes, you have to make it cross platform (open source?), or it's useless to a majority of Internet users (not just Windows, but MacOS, *nix, and even BeOS). Otherwise you're only catering to a specific subset of the users, which is just as ineffective as having no blocking at all.

    Won't it be fun if someone implements a non-standard blacklist in addition to the 'official' one for the blocker program, or even writes their own version of the blocker program? I'm sure we'll have many seperate organizations popping up with their own lists, just as we have many different blocking programs right now. We'll have the offical OpenBlock list, Anti-Gay Block list, No-Bare-Skin-At-All-Even-For-Medical-Sites Block list, etc... And you can bet people will be downloading the more strict versions based on their own preferences, meaning they may be stuck with blacklists as erroneous as the commercial ones are now. Back to square one...

    So far the only method I've seen that's even halfway effective is the RSAC rating system. The only downfall has been that it's completely voluntary, and most commercial porn sites aren't going to bother with such things (either because they don't care, or because it would lower their hits which means lower ad revenue). I don't know how to make it more useful without legislation requiring rating every time you put up a new/altered webpage though. And we all know the pace of web development is too fast for such a thing.

    I just don't see blocking software as effective in any form, because of its inherent flaws in determining what is or is not porn, and the personal choices of the companies/moderators as to what is appropriate for viewing. Even with your open content model, it's brought to its knees by the sheer numbers necessary for a fair moderation of content, or by other groups making competing (and error prone) alternate lists.

    I actually like your idea, I just can't see a way for any central blocking system to work practically with web content.
    ______________________

  • by kneel ( 17810 ) on Thursday March 09, 2000 @11:06AM (#1214283) Homepage
    Although I personally am against am against censorware, and censorship in general, I used to work for an ISP which wanted to implement "Kid-Safe" internet. I researched all of the different filtering products out there and came to the conclusion that I-Gear was the best product out there. In my opinion the algorithym that they used was fairly advanced.

    What pisses me off, however is the fact that in the product advertisements they say that they list is constantly updated by humans. Now I am lead to believe this is bullshit.

    I still am not *completely* opposed to filtering... there are sooo many people out there whom are so terrified that their kids will *gasp* find a nude picture on the net, or they might come across something that implys that there may in fact not be a god, or whatever, and these people would not allow their children to use the internet if it weren't for this sort of option.

    I think that the guys at peacefire are generally doing a good thing here, but they still kinda need to get a clue. There is more to this software than they are letting on. First of all, the software allows two accts, one filtered and one not filtered. If a kid says that a site is ok, but the software is blocking it (I had this happen with a greeting card site once-- completely clean FYI) the parent can log on, check it out, allow the child to see the site for 5 minutes (i believe) and then email the admin, who can make the page always allowed.

    How bad is that?

    Please also keep in mind that the site is very unscientific and could possibly be very misleading. They only showed the first 50 of the .edu sites (although it seems these would be among the first sites that I-Gear's developers would check for offensiveness, since they have "hundreds" of people combing the net for bad sites)

    Just keep that in mind.

    And as for people blaming all of this on Symantec... It has little to do with them. They just recently bought the company that used to make I-Gear... UR-Labs.

    Just trying to set things a little straight --

    -- Kneel (uber-geek)
  • by lord13 ( 39188 ) on Thursday March 09, 2000 @11:10AM (#1214284) Homepage

    We use a Sonicwall [sonicwall.com] unit for DHCP/VPN/filter here at work, and it blocks the peacefire.org site with the following codes:Code:abcdefghijkl - 00.C0.F0.48.51.E0 - www.peacefire.org

    Here's the breakdown on what those letter codes mean

    • a = Violence/profanity
    • b = Partial nudity
    • c = Full nudity
    • d = Sexual acts
    • e = Gross depictions
    • f = Intolerance
    • g = Satanic/cult
    • h = Drug culture
    • i = Militant/extremist
    • j = Sex education
    • k = Gambling/illegal
    • l = Alcohol/tobacco

    Time to let their filter people know about this "oversight"...

  • The definition of TOP 50 is actually meaning the FIRST 50. To quote Bennett in an email he sent to several folks this morning:

    "Again, we looked at the first 50 sites extracted from the file in order, to avoid
    people accusing us of "stacking the deck"."

    If they just picked the worst offenders they'd have 100% wrong blocks with a sample of 50 (and probably with a sample of 10000).
  • The data is not skewed data. It is peacefires standard benchmark. It is specifically chosen since there is a high chance for error in the .edu domain. It also allows peacefire to miss 99.9% of commercial sex sites, since you need to be an accredited educational institution before you can register an edu domain.

    Note: 1. Peacefire does not claim the whole block list is inaccurate at 76%. 2. They note upfront in the first paragraph that they only test the first 50 reachable .edu domains for their benchmark. 3. Peacefire doesn't have the manpower to check it all and they shouldn't have to. It is the responsibility of the vendor to QA their own product. Symantec assumed the mantle when they decided to offer a product to block sites for content.

    Peacefire isn't a competitor claiming better performance than Symantec. They are claiming that this(symantec's product) cannot substutite for direct supervision. This is a simple proof by counterexample and one exception is all that is required. /Duncan
    Duncan Watson -Rock climbing, Encryption, privacy
    PGP Fingerprint -PGP Key on www.keyserver.net
  • Well, the same was said for DeCSS. It only views a movie, just as this allows you to view the list. I guess the movie folks could say they own the movie. Meanwhile, I doubt Symantec will say they own all the web sites. :) The fact is while there's no loser-pays-all-fees sort of law here in the US, the big money people will continue to sue as many people they can for anything they wish.
  • by Lucretius ( 110272 ) on Thursday March 09, 2000 @11:18AM (#1214292)
    OK, I now I'm really begining to wonder. One of the pages that was censored was 75k of latin (at least according to the description). Well, being a latin major I was intrigued and decided to check this out. It turns out that this is part of the Confessions of St. Augustine, perhaps one of the most famous theologans in christianity!!! The rest of the corpus is located in the same directory, but apparently not blocked either, but I still find it quite humorous that Symantech thinks St. Augustine to be worthy of censorship. Must be Calvanists and Lutherans, only plausible explanation. :-)
  • I wonder if their blocking of that all Latin site had anything to do with the frequent recurrance of the word "cum".

    Yes, we know that its a perfectly innocent word in Latin (meaning with, when, as, while, since, and although - depending on context), but if they scan the text of pages for keywords, I'm sure "cum" would set off a flag somewhere.

    Just a thought. Not so much a defense, as the author said, if they had paid some bloke $10 to just check the blocked sites, they would do a far better job of convincing people they actually care about the quality of their product, which apparently they don't. They're willing to spend more money covering the fact that they don't care about its quality then they probably will on actually improving it.

    Typical...sadly.
  • by Kaa ( 21510 ) on Thursday March 09, 2000 @11:20AM (#1214295) Homepage
    The DMCA does permit cracking devices to conduct encryption research for the purpose of interoperability and to test computer security systems.

    True. So far so good.

    Fair Use. This is what Haselton has done, plain and simple.

    That's not a question of fair use. It is explicitly permitted to sue people under DMCA even if there was no copyright infringement whatsoever. Yep, that's one of the beauties of DMCA: the act of breaking protection is the offense in itself, regardless of the rights that you might have with regard to the protected copyrighted material.

    So fair use doesn't fly here.

    Reverse engineering is addressed in the DMCA for certain areas. Haselton was fully within the realm of information security validation.

    See, the problem is that judges (with some notable exceptions) are not stupid. They can understand why Haselton broke the encryption just as well as we all do. There is no interoperability issue (interoperability with what??) and the "testing security" defence looks *very* shaky to me.

    I'm getting tired of pointing out that DMCA does, really really does criminalize standard actions that we all take for granted. It's not the case of some judge "not getting it", it the case of a very bad law that must be repealed or at the very least castrated.

    Remember when Sony filed suit against Connectix for essentially the same thing?

    Not the same thing. Connectix did the full-blown clean-room reverse engineering thing and they were able to show and document that the room was "really clean". That's why they won. Besides what Connectix was doing was a straight interoperability example.

    You've been warned: until something is done about DMCA we are going to see uglier and uglier applications of it.

    Kaa
  • Even the most advanced AI cannot make the kind of intelligent value judgements that are required.

    As soon as I get finished writing that subject-general Turing Test program, I'll put it right to work on running a blocklist :) (er, or should that be bl a cklist? HH1/2J)

    --
    Make Money on the 'Net [geocities.com]

  • I have a project that I started a couple of months back, called SafetyNet [sourceforge.net], which is planned to be an open web filtering project.

    Unfortunately, I started a new job with a startup company two days after I registered it, so I haven't made much (~ zero) progress.

    LetterRip

  • by aphrael ( 20058 ) on Thursday March 09, 2000 @11:26AM (#1214303) Homepage
    The truly absurd thing is that Symantec claims that the list of sites the software blocks is a trade secret. Thus, potential customers are not allowed to find out what the software blocks!

    "Install our software! It blocks bad sites!"
    "Which sites in particular does it block?"
    "Bad ones!"
    "Which bad sites?"
    "We can't tell you which ones, because then someone else might come along and block the same sites."

    *wince*
  • starters: I agree with your assessment...
    security and/or operability testing is not
    what he was doing.

    > IANAL, but Haselton looks like he's standing on
    > shaky ground, even assuming a noble purpose.
    > Looks to me like a classic case of thinking
    > that the ends justify the means.

    Here I disagree. You seem to imply that his means
    are not justifiable by any other rational. Is it
    not possible that he believes that his means are
    justified?

    I can not speak for Mr Hassleton myself (though
    I am wearing my PeaceFire T-Shirt here at work
    today), I personally think that what he did was
    perfectly justified, no matter what the law may
    say.

    In fact, I would go as far as to say that
    any law which would allow companies to sell
    a product to a consumer, and allow the company
    to take away the consumers right to take it apart
    and see exactly how it works and what it does, is
    an unjustified law.

    I think a consumer has a RIGHT to do whatever
    they wish to a product that they purchase. I think
    that if a consumer takes apart a product, and
    finds out that it does things which the producer
    was trying to hide (like sending off info to
    the company, or blocking sites that should not
    be blocked) then that consumer has not only the
    right, but the DUTY to expose these facts.

    The simple fact is that he took this product. he
    opened it up. He found out that it does NOT
    work as advertised. It does things that consumers
    should be aware of.
  • by EricWright ( 16803 ) on Thursday March 09, 2000 @11:39AM (#1214313) Journal
    And well they should be. I mean, the front page of peacefire.org showed a picture of several naked people in various stages of undress engaged in group sex around a table littered with poker chips, munitions clips, beer, doobies, pentagrams and at least one copy of the Kinsey report. The caption read "Violent guerillas screwing for Satan."

    ;-)

    Eric
  • Great, but let's say the parents have had a hard day at work, and they're already asleep. Given that the parents have not put a BIOS password on their computer, and assuming that they aren't smart enough to tell Windows not to save their PPP password, avoiding parents and getting to porn is not as difficult as it may seem. (Even on AOL, which doesn't save passwords from what I can remember, porn is easy to find according to some of my less fortunate friends.) Watching one's kids is a possible solution, and the parents who find censorware objectionable and who worry about their children's "innocent" minds probably do watch their children while they are online.

    In an ideal world, the parents that are worried about their children browsing "inappropriate" material would be watching their children and keeping tabs on them. That's not to say that censorware and Bess proxy filtering and the like are good. Any type of censorship is bad to me, although I see no reason why the Web and the Internet in general are any worse than MTV, a channel that coerces (through the videos, the really pointless shows, and the commercials) kids into buying products that they might normally avoid like the plague. Thus, children are going to become corrupt, so to speak, even if filtering mechanisms are installed. I don't think there is any perfect solution to this; censorware doesn't necessarily filter content correctly (although the original poster's idea is an improvement), and kids will find a way to access "inappropriate" material. Censorware is pointless, and it gives a false sense of security. It should either be improved in a drastic way, or it should be scrapped altogether.
  • > Why are these lists encrypted anyway?

    Because they only enjoy lawsuits when they're the plaintiffs.

    --
  • > Why are these lists encrypted anyway? They need
    > to be constantly updated, so what they should be
    > selling is a filtering service.

    They are encrypted to stop people from reading
    them. The idea is to hide their mistakes. If
    anyone could quickly glance at the file and find
    blocked sites....or edit the file (and not pay
    for updates or a subscription) then it would
    mean eithe rbad PR or less money.
    (assuming they sell updates...I really am just
    guessing).

    Remember...you can xor a file with "Hi mom" and
    effectivly block 99.9% of consumers from
    reading it. (a good atacker would have it in
    no time).

    It also stops someone who makes a quick and
    simple filter proxy at home...and plans to just
    steal their list for his product harder.
    Now he has to know how to decrypt it first.

    They must be assuming "if I can't break this
    encryption or easily find the key in the binary,
    then I bet noone else will either".

    remember...decisions are often made by managers
    rather than technical people.

    > This is also why there aren't more filters for
    > Linux.

    you mean like an httpd.conf for apache with
    proxy on and mod rewrite?

    in about an hour I setup an apache proxy which
    filters out all banner ads (at least ones I
    know about...like the ones on slashdot) and
    replaces them with a local picture
    (see linux journal article on this subject)

    -Steve
  • > How about a rebuttel from Symamtic? How about
    > working with Peacefire instead of against them.
    > You can even say "The only censorware approved
    > by anti censors." or something catchy like that.

    While I am wearing a Peacefire T-Shirt today, I
    do not speak in any way for Peacefire....
    I think the only way Semantic could possibly
    "Work with peacefire" would be if they would
    chuck their product alltogether.

    IMHO it is about rejecting censorware period. The
    end. The very idea that some 3rd part can decide
    ahead of time "whats ok" and "whats not" and then
    wholesale aplying it to kids as a replacement for
    parental supervision...or in libraries etc is
    offensive, and unacceptable.

    Their entire concept is unacceptable to me. I
    think you will find it is unacceptable to many
    who are against censorware.
  • by bridgette ( 35800 ) on Thursday March 09, 2000 @11:56AM (#1214321)
    Taylor equates this situation to one in which soft-drink giant Coca-Cola might be required to release its recipe for others to use.


    No, but it is equivalent to allowing anyone to hire chemical engeineers to figure out the formula. And I believe that this is perfectly legal. In fact, it's the basis for the Designer Imposters perfume line (assuming all liquids are entitled to equal protection under the law).

  • The reason is very simple. It's easier to deal with censorware than the FBI kicking down your door.

    The censorware is not very good, but letting the government regulate is worse!

  • Did you read the peacefire page? Apparently the program sends back not only the information you type in its registration dialog, but also the registration information for Windows itself.

    Now admittedly you could have made that bogus as well, but presumably you weren't expecting it to be used like that. And the Windows install might have been far back in the depths of time. Or something.

  • Thanks for the clarification. I should have said "once encrypted contents". My point still stands however. Mr Haselton's publication of the once-encrypted contents along with an analysis of the contents, (not just publishing tools or an alert that the security was weak) suggests quite strongly that his goal was *not* testing security methods but gaining access to secured content. If he had just published the code, he'd have a much stronger argument. The actual number of URLs posted and analyzed is fairly irrelevant. Whether you publish 50 of the URLs or all of them, you have still posted some of the once-encrypted contents, and if the DMCA applies, Mr. Haselton is in legal trouble AFAICT.

    --LP
  • This brings out a couple of the reasons I
    am against censorware in libraries btw (or
    anywhere else). Simple fact: They do NOT just
    block porn.

    Think about it...the entire argument for
    censorware revolves around porn...but they
    block so much more...the worst of which is
    of course...they block dissenting opinions.

    but...

    > g = Satanic/cult

    Nice...and who decideds what is "Cult". From my
    point of view the catholic church would be a
    cult...so would any other church or religous
    group (except maybe the wiccans and a few others)

    WHo are these people to draw the line between
    religion and cult. I know I am not qualified (as
    I just admited above).

    > h = Drug culture

    So I supoe that means DARE and other organizations
    who teach nothing, yet expose kids to drugs (and
    have been linked to INCREASE in drug use...as
    exposer makes kids curious)...would be OK
    However lycaeum or some harm reduction site that
    actually EDUCATES and tells people things like
    "Mixing A and B could kill you"...are probably
    not ok, since they "condone use"

    -Steve
  • Sites I've found blocked over the past two weeks with ANS Interlock from UUNet.

    *.freshmeat.net
    *.sourceforge.net
    Note, www.sourceforge.net and sourceforge.net were not blocked. However, anything else in the sourceforge domain such as mesa3d.sourceforge.net was blocked by the software. There is no wildcard expression in the sites.allow list to let you unblock an entire domain. This has really given us fits with things like x*.deja.com. It's a real pain in the ass to type

    x1.deja.com allow
    x2.deja.com allow
    etc.......
    The one thing that ANS appears to be good at finding is anonymizer sites. Those get blocked about a week after they pop up. Damn, I hate our corporate insecurity policy.
  • by thetron ( 99769 ) on Thursday March 09, 2000 @12:16PM (#1214337) Homepage
    I just called into the local radio show on which the vice-president of Semantec was (WRKO in Boston). What timing! I mentioned that his company was violating its own privacy policy by sending people's real (window's) name back to their servers, and said it was ironic that this was coming from a supposed leader in computer security. I also mentioned how Icrave got it wrong 3/4 of the time. His response was that filtering software gets it wrong about 50% of the time, and that's industry standard, so that's that. He didn't get a chance to comment about sending info back to their servers (we ran out of time), but he asked where I read it. "Wired," I said. The host laughed when I said that Icrave incorrectly filterd out Latin, probably due to heavy use of the word "cum." "Thank's for slipping that in"
  • My point is that testing-the-software-to-ensure-it-works-properly (i.e. blocks sites properly) is not the same as "reverse engineering to test security methods" or "reverse engineering to insure interoperability between two programs." I agree that it would be valuable to be able to reverse engineer programs to make sure they "work properly," but that is not one of the fair use protections described in the posts I've read that worry about the DMCA.

    Neither the DeCSS guys nor Mr Haselton appear to have given careful thought as to how to avoid prosecution under statutes like DMCA; if Mr Haselton had taken more care to avoid posting decrypted contents and had started out designing a third-party software package that would require decrypting iGear's list, he might have had a much better legal defense, but right now, it looks pretty weak to me given the existing language of the law.

    (Of course, I agree that the existing law should be changed. I don't like DMCA either. But it still looks pretty cut-n-dry to me that Mr Haselton broke it. I guess time will tell.)

    --LP
  • Actually, there is a way to "do it right" and a reason. I don't want my thirteen year old son to surf porn. As it is now, I look in his "History" folder every once in a while, and the couple of times we caught him, punished him. It'd be better to have a software program that we could trust, that was fairly easy to set up, that we knew what it was blocking, and that was configurable to only block porn. I wouldn't want a site that said, "Shut the fuck up!" blocked, but T&A should be. Of course, I don't want that blocked for my wife and I in case our sex life hits the skids. (Imagine, remember that damn password honey, or order me some damn Viagra from Drugstore.com!!!)

    Anyway, there are legitimate uses for filtering, but the companies offering such software now are doing the genre more harm than good. I currently have one domain that I want blocked on my system at work, and I don't need commercial software to block it. I just tell Internet Exploder to not use the proxy for *.doubleclick.net. Works like a charm!

  • Any definition I can think of where Haselton's actions would be considered "testing security" would be so tortuous as to render the phrase meaningless.
    Not at all. The blocking software is security software; any analysis or disassembly of it falls into the category of testing "computer security systems".

    (Which is putting aside the fact that the DMCA hasn't got a constitutional or ethical leg to stand on and is null and void from the start.)

  • if i link to your site and someone who clicks on the link is refused access by igear, then symantic is calling you a pornographer and me a panderer. this is all well and good if true, but if it is false it is slander if spoken and libel if written. this is not acceptable. symantic probably doesn't want you to be able to read a list of people it is actively libeling thousands of times a day for profit because of the propensity of libelees to recover damages after protracted litigation.
  • <i>I think a consumer has a RIGHT to do whatever they wish to a product that they purchase. </i>

    I agree with you that we *should* have those rights. Legally, we don't though.

    I'd point out a minor expansion of your comment; we don't just need those rights for product we purchase, we need those rights for any product we license a right to use (since that is how most software is "sold"-- as a license to use rather than an outright purchase.) Again, IANAL, but these rights would have to be strong enough to override normal rights of two parties to enter into a contract. It will take a substantial excercise of political power to get such rights passed in the face of entrenched corporate interest.

    --LP

  • Good post. +5 ,

    Couple of thoughts,
    1) Under DMCA I thought that the breaking of the ecription was permitted as in the Connectix case. Although the physical apps were different, the reverse engineering aspect was the same. I do agree however that in the Sony vs. Connectix case, Connectix seemed to have thought the implications through prior to their interoperability efforts.

    2) Haselton was performing interoperability testing. Interoperability with what?, misc. everyday sites on the web, hence all the .edu and such. Although I'd be curious to know how many worked correctly, and what metrics were used as a baseline. Numbers can be misleading when tweaked this way or that.

    3) DMCA does criminalize action we take for granted. You put it plain and clear. Very scary stuff if we don't get the law changed soon.

    Regards,
    Ernie

  • by Weezul ( 52464 ) on Thursday March 09, 2000 @01:02PM (#1214355)
    Yes, we should all contribute to peacefire.org (and the ACLU, and the EFF), but do not forget that there is activism we can do on the coding side too. Examples:

    (1) We need to get as many people as possible to link to peacefire.org and censorware.org. Actually, we need an XML blocked site of the day list which people can display on their web pages (ala a slashbox). Banned book lists are very effective in raising awairness of printed media censorship, but only when everyone displays the banned book list. Plus, this convinces members of special interest groups that their sites are being blocked.

    If we could really get a campaign going to link to peacefire and mirror peacefire's info on banned sites and instructions for disabling the software.

    (2) We need a Perl/CGI module to identify any blocking software that the person viewing your page is using. This allows your page to react diffrently depending upon wether it's viewer is using censorware or not. This could have a variety of intersting effects including:

    (a) People putting up pages which turnned into pornography when viewed via censorware. This would be funny as shit; and lots of people doing this would mean that the chances of accedentally viewing porn would go way up when you install censorware.

    (b) Technically, pedofiles could use these types of CGIs to identify children browsing the internet, so censorware could be accused of *possibly* attracting pedofiles to kids! More realistically advertisors would use the script to make advertisments which exploited children more effectivly and further endangered privacy.

    (3) We need ActiveX controls which disable censorware! I know peacefire has instructions on disabling censorware, but an ActiveX control would be simple and lots more people would put it on their web pages.

    There are a lot of other purely code / web projects which need people to work on them (like finding flaws in censorware).. these above projects are just the most obnoxious.. so they seem like fun to discuss.
  • by KahunaBurger ( 123991 ) on Thursday March 09, 2000 @01:08PM (#1214358)
    I still am not *completely* opposed to filtering... there are sooo many people out there whom are so terrified that their kids will *gasp* find a nude picture on the net, or they might come across something that implys that there may in fact not be a god, or whatever, and these people would not allow their children to use the internet if it weren't for this sort of option.

    Um, not to get off topic, but could we please stop pretending that porn is nothing but "nude pictures"? I have heard people compare the range avalible on the internet to a kid being able to read "our bodies our selves" and other such silliness.

    If you are pro-porn-choice, be honest about what you are talking about. On line porn includes (but is not limited to) stuff which can be 1. graphicly disgusting (a picture of a man shitting into a woman's mouth) 2. emotionally disturbing (B&D S&M) or 3. humiliating or frightning to those who identify with the subject (teen, pre teen or "oops" sites.)

    You do not need to be a puritan to imagine that a kid particularly could be confused or disturbed by such things, especially if they don't have the sort of relationship with their parents which allows them to ask about it and sort out why it makes them feel that way. Now we can argue about what the best way to deal with this is, from better parenting to start out with to censorware, but could we acknowledge the reality of the problem instead of brushing it under the rug? To hear this group sometimes, you would think the porn content of the internet was mildly more raunchy than a display of renisance sculpture. It is unneccassarily insulting and condesending to the people we should be reaching out to, and it prevents rational discussion of solutions that work for everyone.

    -Kahuna Burger

  • by mysty ( 4842 ) on Thursday March 09, 2000 @01:08PM (#1214360) Homepage
    Only for 18 months, but it was long enough. I must say I'm very disappointed in them :-(
    Although I cannot say I actually ever believed that they make very good software, there are a lot of nice people working there. But in the end they are just another American Windows software company, that is, a shark among sharks.

    There seems to be a culture clash between the freedom loving, online cyberculture and the older forces of commerce and traditional government. This has been predicted long ago, and anyone could have guessed that the sense of freedom of the Internet would collide head-on with 'old world' ideas and institutions sooner or later.

    I think that we need to be strategic in choosing what can be defended and what we can't. Open and free software needs to be defended, free speech, free criticism, nobody can argue about that. On the other hand: porn, violence, crackers, warez etc shouldn't be. Nobody argues about that too.

    But there is a large and vague middle ground where things are not so clear. I see people foray too far into that vague space and see them try to defend ground that is disputable at least, and setting up their defence (or attack) there.
    In this case, the censor-software breaking, you say 'see this software sucks, see that censorship does not work, it shouldn't exist'. That is very true, and I don't think that you can't block 'bad things' succesfully in the end with this kind of software. But try to understand the confusion and fear, that comes with the Internet. Suddenly, the whole world enters your house, your family. A lot of people are not going to be able to sort the good from the bad, at least in the beginning. They cannot cope with it. Most people are just followers, lost without rules or guidelines. So this censorware is bad, but who comes to the rescue of the worried parents then? Should they just not have Internet at all then? Or are they just being overprotective?

    The Open Source idea of 'having a million eyeballs looking at the bugs' could help a lot here. The problem with filters of course, is that they can never catch everything, and always catch what they shouldn't. But a million worried parents, rating webpages into categories, that could actually work. You would need a clever rating system, and just rate a site for what it actually is: educational, commercial, obvious porn, sites about sex but not porn, etc etc. Categories without a moral value judgement, just cleanly categorize it. And of course with a voting system, so that at least say 10 people put some site in the same category, before it actually stays there. Have search engines seek out sites that change, with a crc check, and set up a system where some parent would get a list of a 100 sites, and categorize them, in a distributed system, and then has done his/her service to the community.
    Then you have a more or less fair categorization of the Internet, and a parent could then choose a package of things that his children can or cannot see. No porn, no violence, but maybe a yes for sites about coming out for homosexuality.
    I see that this might be abused by a government to 1984 its citizens. But a governement could do that anyway, though. China does it now.
    You could try to categorize only universally bad things (blatant violence, _commercial_ porno, the Ku Klux Klan (did you know their site runs on Linux, by the way? www.kukluxklan.org [kukluxklan.org]), and mark the rest as 'mostly harmless'. I don't know.
    I just think that something along those lines needs to be done, because nobody with any sense is adressing the fears of the fledgling millions of new Internet users right now. We could even give this community provided lists to Symantec. That would be quite a shock to them.
    ------------------------------------------------ --------
    UNIX isn't dead, it just smells funny...
  • This is a nice argument (function = restricting flow of info = security, audits as fundamental to security.) It's less torturous than the ones I was considering. I'll have to think about it some more about the redefinitions it implies to consider whether they really could be plausible and fairly applied in a neutral court setting. Intuitively I'm skeptical, but it's a stronger argument than those I've considered so far.

    I agree that the DMCA is a bad law for consumers.

    --LP

    (Moderators: moderate up the parent post please? ;-)
  • Not to mention the slashdot effect. Mmmm.. 404 free porn.
  • by darrenford ( 99263 ) on Thursday March 09, 2000 @01:39PM (#1214371)
    I've seen many replies complaining about a 3rd party deciding what defines "obscene" or "inappropriate".
    How about a program that allows a parent to define their own list of sites to block. The parent (and this should be the husband, since he is the ultimate boss), would have to look at a continous stream of porn sites and click "yes-offensive for kids" or "no".
    He would have to use the program alot to make sure all the bad sites got blocked, but wouldn't the peace of mind be worth it?
  • by Eric Green ( 627 ) on Thursday March 09, 2000 @01:41PM (#1214372) Homepage
    I agree. The way the DCMA reads, Haselton's work violates the DCMA.

    There's only one problem: There's another law which applies too, and this law is the supreme law of the land. It's called the Constitution of the United States of America, and it has an amendment (the 1st Amendment), which the Supremes have held explicitly protects "critical speech" that makes "fair use" of copyrighted material. What this means is that, in the end, the parts of the DMCA that consist of government inhibition of free speech will be thrown out.

    The problem is that it will take years of appeals before the illegal portions of the DMCA are thrown out, and it will cost hundreds of thousands of dollars in court costs. In the meantime, software companies will continue to use tactics of intimidation and threats to prevent critical speech, much as McDonalds did with their McLibel lawsuit against Greenpeace activists.

    And the next problem is that, after this law is thrown out, the companies involved will buy yet ANOTHER law that removes people's right to engage in critical speech, and the whole thing starts over again. And so it goes in the United States of Self Delusion, where we delude ourselves that we live in a free country when in actuality we are ruled by those who spend millions of dollars to buy laws that benefit themselves at the cost of the rest of us.

    -E

  • There are between 500M and 2G pages on the web. That's a lot of stuff to read (though keyword matching can mark most of it 'safe').

    Ryan
  • by ralphclark ( 11346 ) on Thursday March 09, 2000 @01:47PM (#1214376) Journal
    I thought about this for a couple of minutes and I think I can see a workable solution. Here's my idea, and my apologies go to anyone else who may have already thought of it.

    The contributing volunteers shouldn't add sites to a blacklist or even a broad categorization. Instead they should apply a number of labels simultaneously to each page. Here are rough examples of what I mean, for three different sites:

    "Entertainment+ExplicitHomoSexuality+Graphics"
    "Educational+Art+MildHeteroSexuality+Graphics"
    "Political+Literature+ExtremeRacism+Text"

    Of course the filtering software would have to come with default rules which wouldn't truly suit anyone, just like current packages.

    "FILTER *Racism ALL"
    "FILTER *Sexuality ALL"

    But the end user could easily tweak the rule set to be as precise as they like. eg:

    "FILTER *Racism UNLESS Educational OR Literature"
    "FILTER ExtremeRacism ALL"
    "FILTER *HomoSexuality ALL"
    "FILTER MildHeteroSexuality UNLESS Educational"
    "FILTER Explicit*Sexuality UNLESS Literature AND NOT Graphics"

    The filter rule sets can be adapted by anybody. You don't need to be a programmer, just to be able to understand what UNLESS, AND, OR, NOT mean, and to be able to understand that the result of any given rule may be modified by what rules come after it. Like *any* series of filters applied sequentially.

    No doubt people of like mindset would trade their carefully crafted filter rule sets between themselves.

    This system is still slightly (though less) vulnerable to misclassification by volunteers with an evil agenda. But some sort of metamoderation scheme would soon identify those reprobates and flag up all the sites that needed rechecking.

    Can anyone think of a reason why this wouldn't work?

    PS. Just in case this sort of scheme should find its way into anyone's commercial implementation, I'm releasing the above idea to the world under the terms of the GPL - so there are should be no encrypted filter lists based on this idea, OK? ;o)

    Consciousness is not what it thinks it is
    Thought exists only as an abstraction
  • So what if it's not perfect? Who cares about perfection? Bad ip routes block legitimate sites too, but it is sufficiently rare that nobody cares. Mozilla probably blocks more sites than Norton ever did.

    You ever-present parent solution will have a higher failure rate than software filters because no parent will be ever-present. Browsing time will have to be reduced (which may be a good thing).

    Your solution is just like saying "prevent drunk drivers by giving the cops all car keys. You have to ask for permission to start your engine." It's too inconvienent to be effective.

    BTW, the net is a lot more important than a car for many people. Like all us college students who brought our computers to school and left our cars at home.

    Ryan
  • First off, I agree that keyword blocking will never work.

    But I do believe it is possible to assemble a useful if not 100% definitive list of offensive sites. It requires human eyeballs, but if enough volunteers could be induced to use a modified browser with an embedded rating form, they could rate as they surf with fairly little inconvenience.

    It would never cover everything and it would never be 100% up to date but a rating sytem like this would be better than nothing, and with enough participants would be largely self-moderating. It's certainly the only kind of rating system I'd ever feel comfortable with.



    Consciousness is not what it thinks it is
    Thought exists only as an abstraction
  • Many of us would argue that you are "doing it right" now - by giving him some freedom but checking up on him.

    Think about it - what is the biggest problems teenagers (and many adults) face? Impulse control. You don't want a kid who doesn't drink because the liquor cabinet is locked, you want one who doesn't drink because he fears that so you find out later and punish him. He becomes an adult who doesn't overindulge because of awareness of the consequences of his actions. Ditto unsafe sex (not doing it for fear of the consequences, not because of lack of opportunity), drug use, dangerous driving habits, etc.

    Sure, this is more work than letting some censorware handle the chore, BUT IT'S YOUR FSCKING JOB AS A PARENT. If you weren't willing to do the time, you should have worn a party hat or kept it in your pants 14 years ago!!!

    Am I arguing that censorware is *never* appropriate? No - two good examples are preventing *accidental* exposure to very young children (or easily offended adults), and preventing deliberate exposure by teenagers who are unusually immature and have not developed *any* self-restraint. If you've only caught your kid a few times, it sounds like he's developing healthy self-control and it's now your job to help him develop it further. Unless he's the first exception in a few thousand years, he *will* be tempted and he *will* fail -- and your job as a parent (IMHO) is to set up situations where he can learn "how far is too far" safely. Would you rather he occasionally be goaded into loading a porn site by a friend... or be goaded into trying a couple puffs or dangerous sex by that friend?

    (Hint: before you answer that watch the PBS episode on the gonorrhea epidemic in an upscale Georgia suburb... and the extreme frustration at the public health officials at their inability to get the parents to face the fact that *they* - not MTV, not movies, not rock stars, but indifferent parents who were too busy to listen to their children - were the reason why their little darlings the same age as your son were having orgies with three-ways, four-ways, unprotected anal sex, etc.)
  • by Apuleius ( 6901 ) on Thursday March 09, 2000 @03:13PM (#1214394) Journal
    Cracking a URL list is fair use for security testing, for the following reason:

    Suppose I have a kid who's starting to get computer literate and I decide I want censorware. Well, in that case I would want to know the false positives rate because too many false positives would increase my kid's motivation to try to circumvent the censorware. The more motivation on my kid's part, the more insecure the censorware package.

    So yes, Hasselton's actions in my book constitute a form of security testing and thus should be protected.
  • by emerson ( 419 ) on Thursday March 09, 2000 @03:28PM (#1214402)
    >On the other hand: porn, violence, crackers, warez etc shouldn't be. Nobody argues about that too.

    Au contraire. The question 'what is porn' is argued over constantly, leading to the vague-but-appropriate concept of community standards in obscenity trials and the like. What you call porn, I call erotic art, and Europeans call commercials.

    Same with violence. Just filtering on violence gives you a world where Teletubbies are OK, and _Saving_Private_Ryan_ is banned. Who decides?

    >Categories without a moral value judgement, just cleanly categorize it.

    Except that categorizing _IS_ value judgment. Again with _Ryan_, it would be 'objectively' categorized into "Violence, graphic dismemberment," and correctly so. The fact that it is, in fact, a powerful work of art cannot be reflected except by offering up a relative value judgement of some kind.

    >universally bad things (blatant violence, _commercial_ porno, the Ku Klux Klan

    Right there. A value judgement. In the US, even the Klan has a right to express and believe whatever they want, so long as they're not actually committing crimes. Period. Calling it 'universally bad' and therefore OBVIOUSLY needing to be censored is exactly what you allege to be against: selling your ideas of propriety onto others.

    Ratings systems, censorware, whatever, the very ACT of dividing things into acceptable and unacceptable is a set of value judgements. And it's simply impossible to make a set of value judgments that works for everyone, and irresponsible to try.

    --
  • I'll mirror it. (response emailed too).

    Ryan Salsbury
  • I still am not *completely* opposed to filtering... there are sooo many people out there whom are so terrified that their kids will *gasp* find a nude picture on the net, or they might come across something that implys that there may in fact not be a god, or whatever, and these people would not allow their children to use the internet if it weren't for this sort of option.

    Then let them NOT access the Internet. Their underdeveloppment will only be the fault of their parents. So, eventually, those underdevellopped kids will be darwinly weeded-out of the universe.


    --

  • by Weezul ( 52464 ) on Thursday March 09, 2000 @04:31PM (#1214418)
    (4) Currently blocking software dose not work and people will eventually figure this out, so we could patent all the workable blocking software technology to prevent anyone from using it (maybe let the ADL use it if we must let someone use it). The list of things we should patent include:

    (a) All applications of artificial intelegence to scanning content either from the blocking software OR to create a master list. I am including simple search applications like looking for fleshtones commonly found in porn. I am also including the idea of using a combination AI / human interface where the AI flags the human and lets them check the content.

    (b) Patent the simple protocoll ideas, like online blocking list updates and special codes the porn sites can give out to help the blocking software avoid them. Also, patent the buisness model ideas like using a common blocking standard which many diffrent groups can provide lists to. Note: I realise that there is prior art for some of this, but that did'nt stop amazon.. :)

    It would be really cool to kill this industry with software patents! Unfortunatly, this takes a lot of money. It might be possible to work out some deal where joe hacker submits the idea, the ADL's blocking software company foots the bill, and the EFF/ACLU controls everyone else access to the patent, i.e. get the anti-Nazi people to pay for it in exchange for being the ONLY blocking software which is allowed to use it.. and they would hopefuly not be permitted to censor anyhting but hate speach. It's not an idea situation, but it might be the only way to get the patents paid for.

    Plus, it might make more people understand the problems with software patents (and intelectual property in general).

    (5) We need to produce hard evidence that human censorship methods (i.e. the librarian ask someone to leave when they cause a problem) are more effective then blocking. There are a variety of variations on the human sencorship method, including having a flshtones alarm (or slide show) on the circulation desks computer which scans the web browser caches, but they all havethe property that they block a MUCH larger percentage of porn then censorware dose.

    We also need to point out that human censorship is the ONLY thing which wil block the kinds of things that the AFA uses to drum up support (like someone changing the background to porn).

  • Woah, you won't support peacefire because they MIGHT loose?

    I forsee your future risk-free life.
    It's very VERY boring.

    Later
    Erik Z
  • After serious thought, I'd like to offer up some information on what is happening.

    In 1998 the Gartner Group put out a report that basically re-defined the security marketplace. Symantec saw that it had no product for consumers or Corporations that would do content scanning and URL Blocking (These are the Gartner terms).

    I was charged with evaluating every sever-based solution on the market. After several months, my research had found that I-Gear was the most advanced solution on the market (and still is). Hell they even had a version out for Red Hat Linux over a year ago. So the deal was hammered out, and Symantec acquired UR Labs in Virginia.

    Now I-Gear and Mail-Gear (the companion mail product) do blocking based on URL lists and a heuristic engine that examines the text content. Now comes the zinger: It is completely end-user customizable. You can block URLs, you can explicitly allow access, you can have different user accounts/ groups/ and individual rules for each person, even different rules based on time and day!

    This product enables sites (this is a web proxy, not a desktop product) to set security policies as they see fit. The courts have already proven that a corporation can choose what sites to allow their employees to visit. I see no issue in this whatsoever. If a site is inadvertantly blocked... then ask the admin to allow it, don't go kill the manufacturer!

    Now I DO NOT agree that the URL lists should be hidden. I left Symantec soon after the acquisition because I didn't agree with the direction that they were taking. I had the pleasure of talking with Bennet while staffing DEFCON, and agree with the tenents of PeaceFire, if not their practices.

    What it boils down to is that filtering is not an out of box solution, but it is viewed that way. Similar to a Firewall or Mail Server, the default config isn't going to suit every company's individual needs and tastes. PeaceFire should work with vendors of server-side filtering products to increase awareness about the need for proper administration and vendors, such as Symantec, need to realize that cease and desist letters are not the best way to iron out their differences.
  • Glad to see symantec is stepping up to the plate with its language translation technology to tackle the outragous number of blatently pornographic and otherwise offensive websites being written in Latin. I wish I had a dime for every website written in latin I visited which turned out to be just another porn site, enticing me to purchase pictures of the mosaics from the Pompeii brothels.
  • Posting this here is an admirable sentiment, but effectively useless. If you want to impress them, write them a letter on the company letterhead indicating the same. As an AC your word is worthless beyond it's very words. Only good points of logic, insight, commentary are of any value from an AC. Threats, arguments, etc. are content free.
  • Ok folks, this entire episode stinks of sensationalism. As far as I can tell,
    1. This is is a copyright violation issue. The list of encrypted URLs was posted. This is copyright material. Period. To its credit, Peacefire has removed the link, which satisfies this complaint. But Symantec still was in the right here.
    2. This is definitely also a reverse engineering issue. Symantec clearly stated in the letter that Peacefire had not been given "permission" to decode the list. In this regard, this does become a sticky legal issue that Peacefire is correct in raising.
    3. Privacy: Symantec is violating its privacy policy. However, as Peacefire states, the software was manufactured by URLabs, which may have had a different policy than Symantec, so we must be careful in claiming malice on their part. The violation must still be corrected though.
    However, Peacefire, and everyone here on Slashdot, is immediately jumping on the "Symantec is evil" bandwagon, where in reality Symantec in the letter did not mention, at all, the claims of failure rate. Symantec clearly stated concerns over a valid copyright violation, and a legally debatable claim to prohibiting reverse engineering.

    Yes, you can extrapolate that Symantec is not happy with this disclosure. But just blindly posting parts of their code was stupid. To say in this article that Peacefire clearly did not post copyright material is WRONG and muddles discussion of the real issue, which is simply reverse engineering. A valid, important issue, worthy of discussion, no doubt. But as with so many other things on Slashdot, people are quick to jump to conclusions without thoroughly reading what has actually happened.
    ----------

  • Here at UC Berkeley, I have been called "racist" because I am opposed to Affirmative Action. This system won't work because the standards are no defined. Even if they seem very clear to you, or to me, they also seem very clear to the people whose opinions differ widely from yours.

    The only solution to this sort of system is based on automatic matching of your opinions to those of individual moderators. For example, you moderate 10 pages a day. Over time, the system can determine how you would moderate a page based on the similarity of your moderation to other moderators, and can block pages based on criteria you specify.

    So, for example, I would agree with those moderators who moderate child porn as "obscene", but would not agree with those moderators who moderate Anais Nin as "obscene", so my browser could tell me "You will probably find this page obscene. Continue?" before displaying it. Or, I could configure it to block such sites if my kids (maybe such a system will actually be functioning before I have kids) are using the computer.

    If I'm a puritanical christian, maybe I agree with other puritanical christians, and my software will block damn near everything. The key is that it's using the same system.

    The same system could also be used to rank results in search engines, for example, and I could ask the computer for recommendations on some new fiction based on what other people with my taste recommend. Assuming suitable go-betweens to preserve privacy could be established, it could be the world's first successful computer dating service.

    --Kevin
  • Alex Bischoff (not to be confused with the former "TV manager" of a certain wrestling actor's troupe in Atlanta) dun said:

    That's not a bad idea, but what AV would you recommend? A product with the ability to auto-update its virus definitions at regular intervals would be a plus.

    Command Antivirus [command.com] has live updates for registered users; if memory serves, so does the Data Fellows [datafellows.com] version of F-Prot [f-prot.com]. (Notably: both of these use the F-Prot AV engine (damn near the best antivirus engine you can get next to AVP, and if memory serves they're even using part of the AVP engine in the latest versions) and the Data Fellows version comes in a package called F-Secure which also includes some very neat security toys.)

    I don't know whether AVP [avp.com] has live updates or not, but I'd recommend it nonetheless; AVP is quite literally the best antivirus program one can get for Windows, bar none, and they do have trial versions (good for thirty days) for download...the registered version is not terribly expensive (around $25-30 if I remember right) and it is money well spent...if memory serves, AVP actually updates their virus list weekly, too, and updates are available on their website. If one is serious about antivirus protection I'd seriously recommend getting a copy of it...

    As it is, if one is serious about antiviral protection anyways, it never hurts to have two antivirus programs on board. You use one for the standard protection which isn't quite as sensitive/more prone to false alarms like Norton or McAffee, and if that alerts you bring out the heavy-duty tools like AVP or F-Prot. (Or, if you're like me and can get both, you use Command Antivirus (read: F-Prot under a different label ;) for the main scan and AVP for the heavy guns--I've only had to do that once, when an older version of Command Antivirus didn't like a newer database update [basically they'd changed the format--no biggie, just get the upgrade])

    It never hurts to practice computer "safe sex", though--I've never had virus problems, because I'm careful to the point of being neurotic :) Here goes a list of good antiviral techniques:

    Don't enable HTML mail or Javascript in mail--this keeps you safe from malicious code that may activate downloads of worms that target Outlook Express, etc.

    If possible, don't use Microsoft products like IE or Outlook Express or Office--there are a LOT of serious security bugs, even in the latest versions of Outlook Express and IE, that enable one to download malicious code like worms--sometimes without expressly clicking to accept (such as some worms that specifically target Outlook Express). Office, and specifically Microsoft Word 97, is downright infamous for macro viruses and worms--in fact, the single largest category of viruses anymore are Word macro viruses (and it's also the largest growth category--the year after the first Word "proof of concept" macro virus was released, there were more than 200 known in the wild--now it's something like 4000). In fact, Win95/Win98 actually have security flaws in the OS itself that allow such things to spread easily...

    If you must use Microsoft products, stick with the maximum security settings you can get away with--Don't enable macros in Office and don't accept documents with macros unless they go through a reliable virus-scanner first (if possible, encourage people to send stuff in RTF or text format; Excel users, try to stick to tab or comma-delimited formatting, as Excel macro viruses are an increasing problem). Set MSIE and Outlook Express to their maximum security settings. Do not use ActiveX unless absolutely necessary (there are serious security bugs in ActiveX as compared with Java)--at the least do not allow untrusted ActiveX applets to run. Consider using more secure OS's if possible (for Microsoft-only shops, this may entail going from Win98 to WinNT or Win2000). In WinNT or Win2000 environments, only give supervisor access to those who really need it and set others to lower levels where binaries cannot be installed.

    Do not read untrusted Word or Excel documents, or run untrusted executables--this expressly includes your friends--"Trusted" here means "downloaded from a known, clean, virus-free source" or "run through a reliable virus-scanner". There are a rather surprising number of worms and trojans (including more than one case of Back Orifice being distributed via a trojan sent by email, as well as cases of DDOS (distributed denial of service) clients being distributed in this fashion). This includes anything gotten in email, ICQ, etc. (Business environments--if accepting resumes by email, you may seriously want to consider asking clients to send resumes in plain text or RTF format. This may not be as pretty, but it's easier for clients to send you resumes this way and it eliminates problems with Word macro viruses.) Again, WinNT shops probably want to strongly consider limiting supervisor and administrator access to those who need it and set everyone else to levels where binaries cannot be installed (the misuse of administrator levels is one major way in which WinNT shops get infected--allWord macro viruses work on NT, and a fair amount of Win32 viruses do as well).

    Get a good virus scanner and use it regularly --Norton AntiVirus is probably on the low end as far as "good virus scanners" go. I personally recommend one of the F-Prot based ones or AVP; most over on alt.comp.virus would recommend AVP first and one of the F-Prot based ones secondly. (Most also recommend you use at least two virus scanners, one for regular use and one as a backup/sanity check.) Alt.comp.virus has a lot of good info on viruses and the good and bad in antivirus software, anyways. :)

    Consider using other security programs--There are firewall-type and intrusion detection programs even for Win95/Win98 systems such as Jammer [agnitum.com]--Jammer, in particular, acts as a firewall and detects things like attempted Back Orifice scans, etc. As Win95/Win98 is notoriously insecure, it's a good idea to give it any more security if you can.

    Don't trade in warez--This may seem like child's play to most of us, I'm sure, but in home and even in business environments there are a lot of folks who do deal in warez. Most warez anymore (at least the downloaded kind, not the "burning a friend's copy of Win98 to CD" kind) seems to be from Russia, Brazil and China, which also happen to be rather large H/C/V centres. (It's worth noting here that it's widely thought that CIH escaped into the wild from Taiwanese warez posted to one of the Usenet warez groups that just happened to be infected with CIH; it turns out the author or a friend of the author was in one of the major warez groups.) I can't state strongly enough in regards to this that if you absolutely must use or trade warez, please for Cthulhu's sake scan the damn stuff before installing it or trading it with others so you don't infect yourself or others.

    Don't assume that commercial software or "minority" OS's are immune to viruses or don't need virus-scans--Commercial software has been released before that was infected with viruses (including several demo CD's). Macs have several viruses to contend with, at least one virus is known to specifically target both WinXX and Macs, and Macs are still susceptible to Word macro viruses (and probably IRC worms, if a version of mIRC exists for Macs); at least three "proof of concept" viruses for Linux do exist, including one which apparently tries to gain root privs to perpetuate itself, and even aside from this Linux boxen are commonly used as servers for files for other OS's. You still want to virus-scan even that copy of Diablo II that you got; folks will be happier if Linux servers scan executable files for viruses. (By the way, yes, antivirus software for Linux does exist; AVP has ported its antivirus scanner to Linux, and actually has the downloads for free last I checked.)

    Keep your antivirus software up to date--This is a given, and "live updates" such as featured with NAV and CAV are very nice in this regards. Don't wait for the news report on the next Worm from Hell to update, either. Monthly is a minimum, and preferably more often than that if you can (weekly is good :).

    Make sure others follow these same "good computer hygiene" rules--If you run a business, explain why you have policies against people installing stuff from home computers, running executables, etc. If you're at home, explain to folks why you don't accept executables (even of that neat "dancing baby" thing) sent by mail, or HTML mail, or Word or Excel files sent by mail. Encourage others to install and use antivirus software and other security programs.

    Don't panic--Panic just spreads stuff like that damned "Good Times" hoax. If someone spreads stuff like that, point them both to a site like Data Fellows [datafellows.com] which has up-to-date listings of viruses--or, preferably, the alt.comp.virus WildList, pointed to in the ACV FAQ over at ftp.uu.net and your favourite Usenet FAQ archives--and to a site like Virus Myths [kumite.com] which has a nice list of hoaxes, etc. (so does Data Fellows, but Kumite's a bit friendlier on that); this is probably the best defense against "meme viruses" like "Good Times" that you can get ;)

  • by Windigo The Feral (N ( 6107 ) on Thursday March 09, 2000 @09:46PM (#1214447)

    Mendax Veritas dun said:

    Symantec more or less owns that market segment at this point, aside from Network Associates, who are even more loathesome.

    Well, they aren't the only ones in the market, really--F-Prot, which comes in two different flavours (the Data Fellows [datafellows.com] "Finnish Mix" and the Command Software [command.com] "British Remix"), is damned good, beats the pants off of both McAffee and NAV, and hasn't been bought out by either company (largely because at least Data Fellows also sells other security software like firewall programs, SSH clients and SSH servers for NT, etc.). Also worth noting is the Best Damn Antivirus Software Money Can Buy (according to alt.comp.virus--and by the way, it's not just antivirus writers who hang out there; there are a fair number of virus coders who hang out there as well), AVP [avp.com]...hell, they've even got a version for Linux for folks who run servers (who want to scan the stuff they're serving for Nasty Stuff).

    By no means are you restricted to what Network Solutions or Symantec have to offer. There's other stuff out there that's actually better but less well known about (wow...kinda like BeOS and *BSD and Linux, eh? ;).

    For most people, I recommend not using anti-virus software at all. AV is a non-solution to something that is mostly a non-problem.

    I wouldn't say it's entirely a non-problem. In a home environment, with a clueful user who doesn't download strange binaries without checking the source twice, and especially if he's using an OS for which very few viruses exist (such as BeOS or Linux or *BSD)...and more importantly anymore, never uses certain office suites out of Redmond with extensive macro capabilities including hooks to Visual Basic (which has hooks to system calls in Win32) nor uses programs with extensive HTML and Javascript capability to read email, then yes, it'd be a non-problem.

    There are cases where it could be a problem, though. Say...work environments that have to use Office 97 and accept Word and Excel documents from Goddess-only-knows where, or home users who dabble in warez because they don't feel like paying $200 for the latest killer game, or work environments where people take stuff from home and put it on the boxes, or people who are new to the net (and don't know about stuff like Good Computer Hygiene) and get offered this "cool South Park screensaver" from an email address that belongs to their friend on the net (and they are completely and utterly unaware that said program is in fact the "Pretty Park" trojan/worm that mails itself to everyone on your Outlook Express address list)...in those cases, yes, it could be a problem.

    Now add in those folks who have to take home stuff from work. Now add in the number of folks at work who are the clueless folks who will blindly run that "Pretty Park" executable, and/or have warez'd copies of Diablo, and/or take stuff to work to show folks how "cool" it is...and you have to take Word documents home to work on them, or Excel spreadsheets...and think of all the OTHER companies your company might be sharing Word documents with...'s pretty scary, really, if you think about it.

    I'll touch some more on this below...

    t's a non-solution because most AV software protects only against known viruses, and is therefore useless against anything newer than the most recent signature update you've installed. Of course, the kind of virus you are most likely to encounter is a new one that the virus scanners don't know about yet, so what good is your scanner doing? (There have been attempts to develop techniques of recognizing "virus-like behavior", but the eternal problem with that is that there is nothing that most viruses do that isn't also done by perfectly harmless, useful, legitimate software, especially debugging tools.)

    By and large, antivirus software isn't for us who know how to use debugging tools :) It's for folks who might be new to computers, or who have to take stuff home from work and run it, or who might want to be double-safe that the program they just downloaded doesn't have anything nasty in it.

    Yes, some TSRs and some programs will cause antivirus software to hiccup. I'll also note that these are (in the case of most folks--not necessarily us techy ones) few and far between. It also depends specifically on the heuristics that the program is looking for--I've heard that Norton Antivirus tends to give quite a number more false positive alarms than AVP or F-Prot do, for instance (in fact, on alt.comp.virus it's recommended that if you run Norton or McAffee Antivirus (another AV program bad for false positives in heuristics mode) you double-check it by running F-Prot or AVP in heuristics mode because the latter two programs are far less susceptible to false positives).

    As it is, for binary viruses and trojans heuristics can work well; for Word macro viruses (which are the single largest category of viruses today, by the way) they're nearly foolproof. As Word macro viruses are a far worse problem nowadays, this is probably a Good Thing.

    It's mostly a non-problem because viruses just aren't that common and are, for the most part, easily avoided by simply not being stupid. I haven't run an anti-virus package on any of my computers since I left the Norton AntiVirus development team in 1993, and have never been hit by a virus in the almost seven years since then.

    I'll assume you practice Good Computer Hygiene (not downloading strange binaries, etc.) I do have some questions for you, though...

    Do you run Microsoft Office? Do you accept Word documents from possibly untrusted sources? (The single largest category of viruses and worms, not to mention the one with the most growth by far, is Office macro viruses and worms (especially Word macro viruses which often are also worms in that they have specific hooks to common mail applications to enable spread by email)...in 1993, Word macro viruses were literally unheard of. The first "proof of concept" Word macro virus appeared in 1997, and eventually spread to the wild. A year later there were over 200 known Word macro viruses, and the first Excel macro viruses were known. In 1998-ish the first known Word macro worm was discovered. As of now (early 2000) there are over four thousand Office macro viruses (the vast majority Word macro viruses, and a fair number of which can be considered worms as well; more than a few also are "droppers" for destructive payloads), depending on whom one is talking to (some would put it higher, some would put it closer to two thousand)--literally more Word macro viruses and worms exist than binary-based viruses at present, and it is becoming a fairly serious problem in businesses (a Word macro virus/worm brought the email systems of many businesses to a screeching halt last year because of all the load--one of those companies just happened to be [ironically] Microsoft). The largest portion of databases for antivirus software are for Word macro viruses; I suggest you take a look down at Data Fellows' [datafellows.com] virus-lists and see just how many have the little prefix "W97/M" (Word 97 macro virus)...it's really a staggering number. Binary-based viruses like CIH are by far the exception now; most folks doing viruses are either working in Word macro viruses or are working on worms (such as mIRC worms, or trojans that are worms such as "Pretty Park").

    Fortunately for antivirus software authors, most Word macro viruses have specific infection routines and use specific Visual Basic calls (Microsoft, in its infinite wisdom [HAH!], decided to allow one to use Visual Basic hooks in Office macro code...which is a security disaster waiting to happen, as Visual Basic has hooks into the operating system itself) to do nastier things (like the "propogation behavior" of Word macro worms, or droppers for destructive payloads for the nastier Word macro viruses--in a way, they behave more like trojans than viruses), so it's pretty easy to kill such things with heuristics. (It's also pretty easy to kill such things if you don't enable macros, or you use stuff like StarOffice to read the file. But that's another issue :)

    (Unfortunately, it seems the bulk of the business world not only uses Win95/98 or WinNT, but also Office, and also Outlook Express--which helps Word macro worms spread like wildfire through a network (by the way, Word macro worms are having the same growth Word macro viruses had in the beginning, and some have been found with destructive payloads--things are going to get interesting indeed). Even worse, Word macro viruses are cross-platform--they can infect Word on Winboxen, Macs, and presumably any other platform that can run Microsoft Word and/or a word processor that recognises Word documents and Word macros (fortunately, most of the Word macro worms can spread only under WinXX and largely only if Outlook Express exists as a mailer, though some can also use Eudora [the other big mailer], but I don't expect this to last very long--and the Mac users can still infect documents with the worms).)

    Do you have to share computers at work with anyone? (Their computer could be crawling with viruses. Just because you don't do anything stupid doesn't mean your co-workers won't.)

    Does your workplace have a strict "no-files-or-disks-from-home, no-programs-from-home" policy? (If not, they're wide open unless they're using a scanner. Again, you might practice Good Computer Hygiene, but others won't necessarily do so.)

    If you do consultation work, are all your boot-disks and install material on non-writable media like CD's? (If they've got a boot-sector virus, they can infect ZIP disks and floppies.)

    Are you absolutely certain that all of the software you get is virus-free? (About the only way you CAN be certain is if you compile and run it yourself--and even then, if the compiler itself has virus code, you still might not be safe (cref. a proof-of-concept of this where hidden backdoor code was included in early C compilers for Unix--if code was removed, the compiler simply reinserted it at compile-time; the only way to remove it for certain was to compile from a known clean copy, and reportedly the backdoor generated WAS used a few times). Commercial software has been released accidentially with virus code before (most infamously, a demo CD included with a PC game magazine that was infected with CIH); hell, computers have literally come preinstalled that had viruses (there was a rather infamous case where either Dell or IBM (memory fails me on which one) actually sold some laptops which were infected with CIH--it turns out that the standard disk image used to copy the OS and apps onto the drives had been infected with CIH somehow). There are now known worms that can infect a computer using Outlook Express (with HTML and ActiveX extensions turned on) without even opening the mail itself (just by previewing the mail). Most Internet worms propogate themselves anymore by sending copies to everyone on an address-book list in email clients (the vast majority of Word macro worms, and even some "trojan" worms like PrettyPark), or by mass-DCC send (most mIRC worms propogate this way--the worms take advantage of insecurities in mIRC scripting language).

    Do you serve files for other people? (If so--even Word documents--if you don't check them before offering for download, you may unwittingly pass along infected files. Again, infected files don't even necessarily have to be binaries anymore--the vast majority of viruses anymore are Word macro viruses and worms, and the few actual binary viruses tend to be spread either through warez or as "trojans" or worms.)

    You see...it's not as easy keeping virus-free as one thinks. In fact, if you accept foreign Word documents at ALL and don't have either a damned good virus-scanner or macros turned off completely, you are essentially wide open to getting a rather nasty case of computer VD. Even more so if you use Outlook Express, or (God Forbid) accept attachments of *.exe or *.doc files in email, or accept HTML-email or have Javascript or ActiveX enabled in your email browser.

    It makes sense for people producing executable images of software for distribution to have a scanner handy just to be as sure as possible that the software they're giving out isn't infected, but most of us aren't in that situation.

    1) Even commercial software has been infected--there is more than one documented case of this.

    2) As stated above, things have changed a LOT in the world of viruses since 1993 :)

    2a) The major problem, with rare exception (CIH, which really is novel in that it attempts to over-write BIOS info in boxen with flashable BIOSes), is not binary-based viruses like Stoned or Jerusalem (the two biggies in 1993, by the way). The biggies, by far, are Word macro viruses (literally more Word macro viruses exist now than binary ones exist now or in 1993, a fair number have nasty droppers or destructive payloads, and an increasing number can also be classified as worms as they propogate through vulnerabilities in a number of Internet programs [a short list--Outlook Express, Free Agent (Usenet client), Eudora, etc.]).

    2b) With the exception of CIH, the major problem with malicious binaries isn't with viruses anymore but with Trojans of various types. The vast majority of these may be classified either as worms (i.e. PrettyPark.exe, the latest in this line) or as attempts to pass off Back Orifice (a program designed by Cult of the Dead Cow to spotlight rather serious security flaws in Win9X, and which can be used to remotely control another computer--often without the victim knowing, as Back Orifice hides its processes and tries to make it difficult to uninstall).

    3) The single largest increase of ANY viruses or malicious programs today is in the form of worms. Many of these worms are essentially multiplatform and the vast majority target the single largest used office suite in businesses today. Many of these companies must share Word documents and other traffic with other sites, often untrusted traffic. In a way, the Internet has been the best thing since sliced bread for propogation of viruses (keep in mind, too, that when you left Symantec the vast majority of "program trading" was at universities and most of the "warez" traffic as well as virus traffic was at universities and on small, members-only BBS's; there were still roughly an equal number of *.edu and *.com sites online, the plague known as AOL had yet to hit the net (that occured in 1994 or 1995, and AOL has always had a wee bit of a script-kiddie/V/C community), and the Internet had NOWHERE near the penetration it has now--it was next to impossible for worms to spread the way they do now, much less Word macro viruses (again, keep in mind that macro viruses of ANY kind were unheard of before 1997).)

    4) In 1993, a lot of companies still used dumb terminals or didn't have much computer access. Now, a large number of folks have computers--frequently connected to the Internet--and they frequently have to take home work and such. Many of these folks don't practice Good Computer Hygiene--they run programs their friends send them online (unaware that many worms use address-lists specifically to propogate), while spreading rumours like "Good Times" because they literally don't know any better. Sometimes this even extends to the folks running the boxen--a number of sites use NT or even Windows 98 to administer networks, and many of these folks don't use proper security precautions (like not allowing executables to be installed, etc.). 5) The fact that so many folks ARE on the net with Win95/Win98 boxen has to be a major factor in how viruses are spreading, and especially worms (which had pretty much died out in the days of tht Morris Worm and WANK-Worm until Word macro viruses started coming out). Win95 and Win98 are notoriously insecure--in essence, everyone (even on a multi-user system) has root/administrator access, most of the Internet applications for these systems--especially those from Microsoft--are not exactly designed with security in mind, the major office suite for these boxes (Office 97) has major security flaws in its scripting language insofar as using it in a networked environment...the major scripting language for Microsoft-based Internet apps, ActiveX (which has even been incorporated into the OS in Win98) is so insecure that nearly every security site recommends disabling it...also, Win9X is designed for people who are complete and utter computer virgins, who aren't going to know about computer security and who are lucky to know how to install a program without some kind of installation-wizard. It's an OS designed for the clueless, and it's user-friendly to the point of sacrificing security...it also doesn't help that Internet apps (by and large) were actually an afterthought to the OS, added when the Internet exploded in popularity (especially the World Wide Web).

    I'd even go so far as to say that, as designed, Win95 and Win98 are outright unsafe to use in a networked environment without some sort of protection both against malicious programs and scripts AND against malicious parties trying to gain outside access. Win9X was not designed as a multi-user, networkable OS; it was originally designed as a home OS for the newbie user who needs stuff to be point-and-click simple, and networkability was an afterthought added when Microsoft found out people actually wanted that Internet thing. Security has always been an afterthought, if it's been thought of at all; to make it secure actually requires either add-ons (like antivirus software and intrusion-detection software) or keeping it off a network period. Yes, security really IS that bad with Windows9X. (NT and Win2000 are considerably more secure, but that's partly because they were designed as networkable OS's and they do have security features in light of this. They are also somewhat less user-friendly, especially in tighter security settings (many WinNT sites have EVERYONE with admin access because some things become unusuable in lower settings).)

    It's not just the Microsoft apps for Win9X that have security bugs, either--the whole idea of running untrusted apps is a Bad Thing (there REALLY needs to be a "sandbox" area for untrusted apps; moxe *nixes do this with multiple users and security settings, and Java does it by running it in a virtual machine with no direct hardware access). Eudora has had serious security bugs that worms exploit. mIRC, a major IRC client for Windows boxen, has had periodic troubles with script worms (in fact, before Word97 worms became popular, mIRC was the major target of worms on the net). WinGate, a popular telnet server for Windows boxen, is so horribly broken that early versions have essentially no security whatsoever and can be used as an anonymous relay host by Bad Folks because it has no logging whatsoever (and it HAS been used like this by Bad Folks, which makes it a MAJOR pain in the arse to try to track them down). Most FTP servers for Windows boxen can be cracked. Nearly any Internet-capable program for Windows can be made to cause the system to crash by simply sending "file://C|/con" (with HTML browsers and email clients that parse HTML like Outlook Express and Eudora), or requesting "C:\con" (with FTP clients)...hell, you could probably write malicious ActiveX code to do the same thing, or add that as a dropper to a Word macro virus. This is partly the fault of the programs, but it's partly a sign that the OS in and of itself is horribly mis-suited for network use.

    In short, there've been a lot of deep, almost fundamental changes in the world of viruses and malicious code, and more importantly, the dominant means by which they spread and the dominant "host" they breed in to begin with.

    Btw, the best source for free, up-to-date information on viruses (and even more importantly virus hoaxes, which greatly outnumber viruses) is the Computer Virus Myths web site.

    I wouldn't say virus myths outnumber actual viruses (I think the number of Word macro viruses slightly beats the number of variants of "Good Times"/"Jessica Maddick", etc. :) but Kumite's a good site. (Hell, I recommended it in my last post. :) There IS bad stuff out there, though (especially if you are misfortunate enough to have to use Win9X + Outlook Express + Office 97) and "computer condoms" never hurt. "Computer safe sex" (and yes, I posted a number of tips for that too) never hurts, either. Combine the two and you shouldn't have trouble. :)

  • Dang, I coulda sworn it was the top 50.

    Well, I still stand by the first point, that you can't just scan real quickly, and to do hundreds would simply take too long.

    Sorry 'bout that, chief...

    --

C makes it easy for you to shoot yourself in the foot. C++ makes that harder, but when you do, it blows away your whole leg. -- Bjarne Stroustrup

Working...