Results 1 to 10 of 10

Thread: Laws on posessing malicious code

  1. #1
    Senior Member
    Join Date
    Jan 2004
    Location
    Hawaii
    Posts
    350

    Question Laws on posessing malicious code

    I'm just curious on what the laws are regarding the posession of malicious code/software. As far as I know, the code, and the distribution of the code and binaries is covered under the First Amendment.

    I believe that law, back in 1986 only specified "releasing" a virus.

    Am I right?

    Also, what are the laws in other countries?


    A_T
    Geek isn't just a four-letter word; it's a six-figure income.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi, AFAIK actual possession of malicious code or software is not a crime in the UK.

    What would be criminal would be irresponsible distribution (incitement to commit a crime) or actually using it maliciously. Obviously you can toast as many of your own machines as you like.

    I guess it is a bit like the old argument "so charge me with being a rapist then, after all I do have the equipment"

  3. #3
    Banned
    Join Date
    Jul 2005
    Posts
    511
    The biggest problem is of course the definition of malicious code. Format.exe is very malicious if used by someone wanting to destroy data. Then again, there are good reasons too for destroying the data on your harddisk. For example, because you want to re-use your system with a completely new operating system.

    The same could be said about other kinds of malicious code. Pieces of this code could have legitime use. Even funnier, you might actually have that kind of code to check your own protection. Think about it as a factory that creates bulletproof jackets, yet they're not allowed to have guns or ammunition and they're definitely not allowed to shoot anything at their own vests. How would they know for sure it's bulletproof if they're not allowed to test it?

    Actually, there are many people out there who create malicious code as a "proof of concept". By keeping this code in a well-maintained system, (in the lab) they kan keep the world clean yet test for many vulnerabilities. And there are quite a lot of vulnerabilities out there.

    Malicious code control would be similar to gun control. People do have rights to use these things for proper reasons. Unfortunately it's not possible to cleck if people are using it for valid reasons.

    Basically, it's just better to judge people on their actions than on what they possess...

  4. #4
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    It is generally accepted by US courts that computer code is intellectual property, is considered a form of free speech, and therefore protected by the First Amendment. One could write the most destructive or harmful code ever, and it would be considered free speech, protected by the First Amendment.
    This includes viruses, worms, and encryption software.

  5. #5
    Senior Member
    Join Date
    Jan 2004
    Location
    Hawaii
    Posts
    350
    katja, that's a very good point...a few AP's for that one. though, as you probably know, what I implied was virus, malware, and other such source code.

    Anyone think the laws are too lax or too strict? Personally, I think they're good the way they are...I've always been a very big advocate of the First Amendment.

    A_T
    Geek isn't just a four-letter word; it's a six-figure income.

  6. #6
    Banned
    Join Date
    Jul 2005
    Posts
    511
    Thanks for the AP, A_T.
    Still, even the possession of the code of a virus can still have legitimate purposes. The code of the Melissa virus, for example, has been available on the Internet and you might still be able to find it somewhere. I've heard about the Christmas virus that spread around 15 years ago or maybe even longer. If I heard correctly, the creator of that "Christmas" virus just wanted to wish 'Merry Christmas' to as many people as possible, within his company. (IBM) So he wrote something that would read the address book of the user to send itself to everyone in that address book.
    Which of course ended up in half the company mailing the other half of the company and thus a mailserver that seriously needed antidepressiva...

    As I said, people should be judged based on their actions, not on what they happen to possess. So it's fine if you have the sourcecode of some virus. You can learn a lot from it, sometimes. Especially when you yourself are interested in programming and software development. The code of a virus can tell you about possible vulnerabilities in your code. Buffer overflow errors, for example. In the past, no one was really aware of the risks of this. Nowadays, it's considered a very huge risk. Even worse, a buffer overflow would theoretically allow badly-written code to execute arbitrary code in a data file. This happened with Microsoft in their JPeG-decompression libraries. As a result, *.jpg files can now be used to infect other systems and thus have to be classified as containing a possible virus... (Microsoft patched this, though, although not everyone has installed this patch.)

    I myself are interested in hacking, but from the security pointview. I want to know how hackers work so I can avoid falling into their traps. As such, I am a bit of a hacker myself (must remind myself to buy a white hat) and I even have some books about this topic too. I even have a book about computer viruses that's about 16 years old, I think. (Gift from my dad.) It talks mostly about those old MS-DOS viruses but it also has plenty of example code about how they work, internally.

    Let's compare it to a real-life example then. Say, you're a security guard. Would your chances of keeping an area secure increase if you know how criminals can break into a building? If you know how to detect a weak spot in a security system? If you know how security systems can be bypassed? I think it does.
    An experienced security guard might become suspicious if one security camera temporarily displays some snow before it gives a normal image back. He knows someone might have tampered with the signal at that point and thus he (hopefully) will check it out.
    An inexperienced guard will probably think everything is okay, while in the meantime some robber might have switched the signal from the camera with that of some VCR system. This gives him a chance to rob the system and then get away with it.

    I think that everyone who uses a computer should be aware of possible security risks. Especially when they start using this computer for their online banking and to make online purchases. I also think we need a lot of online security guards just to keep the Internet safe. I'm still just a trainee but I know that for me to become real good at keeping things secure, then I will need to know how a virus or a worm works, exactly.

    So basically, I think there should be no punishment for possession of malware. Neither should there be a punishment if you use this malware on your own systems only. However, punishments are required if you spread around this malware and the punishment should be related to the amount of damage caused by this malware.

  7. #7
    Senior Member
    Join Date
    Jan 2004
    Location
    Hawaii
    Posts
    350
    I've never seen any books on virus writing, what's the title? I like to study the code...though I'm a novice programmer. I have the msblaster source that I look at frequently, slowly but surely starting to understand it. I've actually changed a few things (almost a year ago) and released it on a network to see if what I changed could reinfect the machines.

    It infected one of them, even though it had the MS patch...so that was interesting...but the system just crashed on boot. If I can find what I did with my version of it, I can post it.

    A_T

    edit: some of the main things i changed were syntax errors i found that got past the compiler, and a lot of performance issues, like using srand() so often, when you only need it once.
    Geek isn't just a four-letter word; it's a six-figure income.

  8. #8
    Originally posted here by AxessTerminated
    I've never seen any books on virus writing, what's the title? I like to study the code...though I'm a novice programmer. I have the msblaster source that I look at frequently, slowly but surely starting to understand it. I've actually changed a few things (almost a year ago) and released it on a network to see if what I changed could reinfect the machines.
    John McAffe wrote a book named Computer Viruses, Worms, Data Diddlers, Killer Programs, And Other Threats To Your System. (Some Title ) This book has assembler source for viruses. The book is old, but the concepts remain. I've seen others but the titles have escaped my brain.
    http://www.AntiOnline.com/sig.php?imageid=789\"A dark angel of sin, preying deep from within...\" - Rob Halford

  9. #9
    Senior Member
    Join Date
    Jan 2004
    Location
    Hawaii
    Posts
    350
    Most of the virus source I see is in asm, is this because it was decompiled that way, or are most viruses, like Zotob, and the original msblaster written in ASM? The MSBlast variant I've seen is in VC++.

    A_T
    Geek isn't just a four-letter word; it's a six-figure income.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi, AxessTerminated ,

    Most of the virus source I see is in asm, is this because it was decompiled that way, or are most viruses, like Zotob, and the original msblaster written in ASM?
    If they are very old viruses, then they were probably written in ASM, otherwise I think the idea is to deter skiddies, who wouldn't know how to compile an ASM proggy, let alone modify it first.

    It sort of shifts the blame from the publisher/host of the code to the person who took it and used it for malicious purposes.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •