BBC hack 22,000 computers

[DarkStar]

Story here:

http://news.bbc.co.uk/1/hi/programmes/click_online/7932816.stm

I notice it says that the users were notified after wards, bet it doesn't make any difference though, they will still carry on using out of date AV and unpatched Windows etc. 

[Rik]

The interesting thing, Ian, is did the BBC breach the Misuse of Computers Act.

[Glenn]

Also the Data Protection act

[Rik]

Mmm. Could be a nice earner for the lawyers.

[DarkStar]

Another report on it here:

http://www.sophos.com/blogs/gc/g/2009/03/12/bbc-break-law-botnet-send-spam/

I don't think the BBC will get into trouble - they tell the government what to do don't they (along with BT) 
That's the impression I have had for a long time now.

[Sebby]

The interesting thing, Ian, is did the BBC breach the Misuse of Computers Act.

You'd have thought they would have considered that, but who knows?

[Lance]

The bbc will probably use 'educating internet users' as justification for extra funding!

[Noreen]

Mmm. Could be a nice earner for the lawyers.

From the article

The programme did not access any personal information on the infected PCs.

If this exercise had been done with criminal intent it would be breaking the law.

[Rik]

Is it not criminal to intend to send spam, though?

[Glenn]

The Computer Misuse Act

The Act introduced three criminal offences:

    1(1) A person is guilty of an offence if:

        a) he causes a computer to perform any function with intent to secure access to any program or data held in a computer;
        b) the access he intends to secure is unauthorized; and
        c) he knows at the time when he causes the computer to perform the function that this is the case.

    1(2) the intent a person has to commit an offence under this section need not be directed at

        a) any particular program or data
        b) a program or data of any particular kind; or
        c) a program or data held in any particular computer.

    1(3) a person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5, on the standard scale or both.

    2(1) a person is guilty of an offence under this section if he commits an offence under section 1 above ("the unauthorized access offence") With intent

        a) to commit an offence to which this section applies; or
        b) to facilitate the commission of such an offence (whether by himself or by any other person) and the offence he intends to commit or facilitate is referred to below in this section as the further offence.

    2(2) this section applies to offences

        a) for which the sentence is fixed by law; or
        b) for which a person of twenty one years of age or over (not previously convicted) may be sentenced to imprisonment for a term of five years (or in England and Wales might be so sentenced but for the restrictions imposed by section 33 of the Magistrates Courts Act 1980).

    2(5) a person guilty of an offence under this section shall be liable

        a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or both; and
        b) on conviction on indictment, to imprisonment for a term not exceeding five years, or to a fine, or both.

    3(1) A person is guilty of an offence if

        a) he does any act in a way which causes the unauthorized modification of the contents of any computer; and
        b) at the time when he does so the act he has the requisite intent and the requisite knowledge.

    3(2) for the purposes of subsection 3(1)b above the requisite intent is an intent to cause a modification of the contents of any computer and by so doing

        a) to impair the operation of any computer;
        b) to prevent or hinder access to any program or data held in any computer; or
        c) to impair the operation of any such program or the reliability of any such data.

    3(3) the intent need not be directed at

        a) any particular computer;
        b) any particular program or data or a program or data of any particular kind; or
        c) any particular modification or a modification of any particular kind.

    3(4) For the purpose of subsection 1b above, the requisite knowledge is knowledge that any modification he intends to cause is unauthorized. 3(5) it is immaterial for the purposes of this section whether an unauthorized modification or any intended effect of it of a kind mentioned in subsection (2) above is, or is intended to be, permanent or merely temporary.[3]

http://en.wikipedia.org/wiki/Computer_Misuse_Act

[Glenn]

I would have thought the highlighted text above would cause concern for the BBC

[Rik]

That would seem conclusive, as they would have had to access a program, albeit one the owners didn't know they had.

[Noreen]

http://www.theregister.co.uk/2009/03/12/bbc_botnet_probe/

[mrapoc]

Studied this today in organisational system security.

Although it was unethical and probably illegal, at least they did not set up their own botnet, merely tapped into someone elses then deleted it afterwards freeing the computers from the "zombie state"

Mind you im in a zombie state and in need of sleep

so i bid you goodnight

[Rik]

I'm always in a zombie state, Sam, I thought you knew.

[drummer]

Well, I for one am dead chuffed that the Beeb has used its resources to educate thousands of users about (their lack of) internet security.

I've seen lots of posts here and elsewhere about how people need to be educated about internet security.  What a brilliant way to do it - publicly and unembarrassed.  Full marks to the Beeb for taking the initiative without compromising any machines except by alerting the owner that a malicious attack would've been a piece of cake on their computer.

It's a serious issue though and deserves better than people using it just to sound off about the BBC in general.

A school kid could achieve the same as Click because it's that flipping easy.  Don't blame the messenger for proving the fact.

It's public service broadcasting at its very best.

An honest legal opinion would probably be something along the lines of: "I don't have the faintest idea but I'll give you a quote which then makes me an 'expert' on untested legislation".

[Gary]

I haver noticed many newer security suites now use the Secunia vulnerability scanning tool, tring to get people to patch not just windows but also other programs, people forget how easy it is to get caught by a malicious security hole, The new Eset smart security version 4 along with Kaspersky and I think Norton all do that, not sure about Norton but I'm guessing they would. Trouble is peopel do not see this as useful and seem to want to turn those features off as patching is either to much like hard work, or daunting 

[talos]

Well, I for one am dead chuffed that the Beeb has used its resources to educate thousands of users about (their lack of) internet security.

I've seen lots of posts here and elsewhere about how people need to be educated about Internet security.  What a brilliant way to do it - publicly and unembarrassed.  Full marks to the Beeb for taking the initiative without compromising any machines except by alerting the owner that a malicious attack would've been a piece of cake on their computer.

It's a serious issue though and deserves better than people using it just to sound off about the BBC in general.

A school kid could achieve the same as Click because it's that flipping easy.  Don't blame the messenger for proving the fact.

It's public service broadcasting at its very best.

An honest legal opinion would probably be something along the lines of: "I don't have the faintest idea but I'll give you a quote which then makes me an 'expert' on untested legislation".

            This was done with good intent, and I believe it should be done regulaly to shock some of these users out of their complacency,  the criminals who infect computers for personal gain are the ones to "have a go at ",   just the basic security will stop many, not to use it is stupidity, esp since there are many good free ones out there.   Well done BBC this time you got it right, its what "public broadcasting" is all about.

[Tacitus]

Interesting piece here by Charles Arthur about how people are inured to malware.  The vast majority of people take it as 'the way it is', nothing you can do about it, etc etc.

It never ceases to amaze me the amount of effort it takes to keep a modern PC standing.  You imagine that at some point people would begin to wake up and realise the problem is not PCs, it's Windows which is simply not up to the task. 

They say Windows 7 will cure it all, but I've been hearing MS cry 'the next version will solve all problems' since the days of DOS3.3

[Rik]

I know just what you mean, Tac. I wonder, though, if the world moved to Macs, how long it would take for them to become vulnerable.

[somanyholes]

I have to say i disagree strongly with the way the bbc have approached this subject. Sure they should bring attention to the subject and user education is also good, however does the bbc go into people's homes unannounced because they have left their front door open? No it doesn't and would likely get punched if they did. I profess i have not looked into this in detail but no doubt it will advise the usual anti-virus, patch your system , don't click on emails with attachment's etc leading to a false sense of security .....

They broke the law with this and should be dealt with accordingly

[Rik]

Hi, So, long time no see, are you well?

[talos]

I have to say i disagree strongly with the way the bbc have approached this subject. Sure they should bring attention to the subject and user education is also good, however does the bbc go into people's homes unannounced because they have left their front door open? No it doesn't and would likely get punched if they did. I profess i have not looked into this in detail but no doubt it will advise the usual anti-virus, patch your system , don't click on emails with attachment's etc leading to a false sense of security .....

They broke the law with this and should be dealt with accordingly

I disagree, the law was not broken, this could easily be done by somebody with criminal intent.  I sincerely hope it wakes up some of the dozy individuals who by their own negligence keep the perpetrators of these crimes in business.

[somanyholes]

hey rik

http://www.idnetters.co.uk/forums/index.php?topic=13257.0

[somanyholes]

as Glen stated below the law was clearly broken. If access was allowed before entry then fair enough, but as far as I'm aware it wasn't, please correct me if i'm wrong....

b) the access he intends to secure is unauthorized; and
        c) he knows at the time when he causes the computer to perform the function that this is the case.

[Rik]

hey rik

http://www.idnetters.co.uk/forums/index.php?topic=13257.0

Just saw. 

[Tacitus]

I know just what you mean, Tac. I wonder, though, if the world moved to Macs, how long it would take for them to become vulnerable.

Oddly enough I deleted a sentence which said people will say if Macs/Linux had a bigger market share they would be just as bad, thinking I'd let someone else come up with the usual riposte  :-)

Not provable except in the event, but as Arthur says Windows was never designed for networks.  What he doesn't say is that the prime motivator in Windows design was not technical excellence but an overwhelming desire to destroy the opposition.  "It's not done till Lotus won't run" has more than a grain of truth in it.

In practice we need a diversity of systems and CPUs and with the internet we 'should' be moving towards that.  Different instruction sets, and OSs combined with better address space randomisation would make life increasingly difficult for the bad guys.  Probably not impossible but certainly much more difficult.

[Rik]

Sadly, nothing is impossible when it comes to computer malfeasance.

[DarkStar]

Another bit of info on this from Prevx:

Yesterday, 09:08 PM

PrevxHelp 
Support Specialist       Join Date: Sep 2008
Location: USA/UK
Posts: 1,109
Re: Introducing, The New Prevx Edge.
________________________________________
Quote:
Originally Posted by Longboard
@Joe
What's all this about?
http://www.theregister.co.uk/2009/03..._botnet_probe/
Bloggged anywhere ?
Looks to me like the BBC took a few liberties ??
Need to be Careful who you cooperate with ??

All those endusers who had their screensavers taken over must not have been running PrevX eh.

Don't believe everything you read  The BBC's demo did NOT take down our website  We allowed them to attack a small demo website which we put up - it actually has no relation to our website at all, but its reasonable that the true attack destination got confused.

I'm not sure what the users were actually using but the actual botnet was acquired by the BBC ~6 months ago, I believe, so they couldn't have been using Edge  (and also, we heuristically detect the backdoor trojan used in the attack so we would have blocked it anyway  )

(Also, FWIW, the BBC changed their desktop background, not screensaver, to report the infection)

EDIT: Minor text edits 
__________________
Prevx Software | Prevx Edge Help

[Rik]

I still feel they've broken the law, Ian.

[DarkStar]

I couldn't agree with you more Rik. I also think they broke the law but I can also understand why they did it. Unless someone takes out a private prosecution they will get away with it. The sad thing is that of the 22,000 that were hacked probably less than 1% will do anything about it. It's not that people don't know or understand, they simply are not interested as long as they can get on their favourite  social networking site.

[Rik]

I have to agree with you, Ian. If they cared, they wouldn't have been in the mess in the first place.

[Dopamine]

In practice we need a diversity of systems and CPUs and with the internet we 'should' be moving towards that.  Different instruction sets, and OSs combined with better address space randomisation would make life increasingly difficult for the bad guys.  Probably not impossible but certainly much more difficult.

"In practice we need a diversity of systems and CPUs"..... which would make it ruinously expensive for software companies to produce mass market products.

Just one example that illustrates where your argument is totally flawed: mobile phone chargers. For years we've needed a different charger for different phones. At long last a standard is being adopted.

Computers, the internet, mass usage of them and it, all are as a direct result of uniform design, even if that uniform design has been achieved by the market dominance of MS. It's fashionable to knock MS, but would you honestly want to go back to having no viable internet or well developed software to run on your PC? Many companies can't or don't attempt to get software to work on both PCs and Macs, so how you think an even greater variety would help is lost on me.

What we need is not diversity, but harsher penalties for virus writers and malicious hackers. Microsoft and Apple alone could afford to offer many millions in rewards for the successful identification and prosecution of culprits. $1,000,000 for the identity and location of the writer of virus abc anyone? We'd have the details within a few days. Send them to prison for life, and then see how many little kiddies think it's funny to mess with the world's computers.

[drummer]

What we need is not diversity, but harsher penalties for virus writers and malicious hackers. Microsoft and Apple alone could afford to offer many millions in rewards for the successful identification and prosecution of culprits. $1,000,000 for the identity and location of the writer of virus abc anyone? We'd have the details within a few days. Send them to prison for life, and then see how many little kiddies think it's funny to mess with the world's computers.

And harsher penalties for bank robbers too because Barclays and NatWest alone could afford to offer many millions in rewards for the successful identification and prosecution of culprits.    Not gonna happen and I fail to see why OSs should be judged by different criteria

Some blokes in the UK a few years back got 30 years for robbing a train, but it didn't stop any subsequent wannabes attempting heists of their own.  Bit of a pipedream if you think wannabe villains will grass on their heroes

With respect though, this is a recipe for chaos because it exonerates virtually everyone (apart from MS and Apple) from any kind of blame.  If I fail to lock my door when I go out and get burgled, is it okay to blame Banham?

Personally, I'd have a very big problem with an 11 year old Ukrainian "hacker" on a dollar a week going to jail for life in order to make me "safer".

My computers' security is my responsibility and I accept that as a fact of life.

[Dopamine]

And harsher penalties for bank robbers too because Barclays and NatWest alone could afford to offer many millions in rewards for the successful identification and prosecution of culprits.    Not gonna happen and I fail to see why OSs should be judged by different criteria

Bank robbers already have far harsher penalties than virus writers/hackers, and there are many, many, many times fewer bank robberies than computers messed up by viruses. The banks don't need to offer rewards as the apprehension and conviction rates of bank robbers are already high.

Some blokes in the UK a few years back got 30 years for robbing a train, but it didn't stop any subsequent wannabes attempting heists of their own.  Bit of a pipedream if you think wannabe villains will grass on their heroes

Are you kidding? There are as many prosecutions of major criminals that come about because of information from grasses as there are from evidence found elsewhere. Villains are the worst grasses of the lot. Just ask a few experienced policemen. And if that doesn't persuade you, look at the weakening of the mafia in the USA. Major trial after major trial recently where the star witness/es have been mafia grasses.

With respect though, this is a recipe for chaos because it exonerates virtually everyone (apart from MS and Apple) from any kind of blame.  If I fail to lock my door when I go out and get burgled, is it okay to blame Banham?

No, but it's perfectly reasonable to expect to be able to live in a society where you have no need to lock your door. You can find many societies where there is very little crime, and almost all have extremely severe penalties for the small amount of crime that does occur. Penalties, and the fear of them, are proven to work if severe enough. We in the UK have just got used to the idea of low penalties and "rights" for people who choose to break society's rules.

Personally, I'd have a very big problem with an 11 year old Ukrainian "hacker" on a dollar a week going to jail for life in order to make me "safer".

Well, I'll concede that life is a little strong for an 11 year old. 30 years should do it.

My computers' security is my responsibility and I accept that as a fact of life.

So would I if I was allowed to exercise that responsibility without constraint, i.e., shoot the buggers if I ever caught them. But, as I'm not allowed to do that and have to rely on the police and courts to catch and punish offenders, I'd like them to have strong enough powers, and exercise them, to act as a deterrent.

Deterrents work, it's a proven fact. All they need to be is strong enough. Viruses and hacks cause thousands of pounds worth of damage every day and aren't just the minor irritation that some will argue. They are serious crime, but the attempts to catch the culprits, and the penalties imposed, go nowhere close to matching the severity of that crime.

[Gary]

I know just what you mean, Tac. I wonder, though, if the world moved to Macs, how long it would take for them to become vulnerable.

Macs have vulnerability's like any machine, but not as many of course, but I think market share is what helps keep them safer a bit like the Opera browser, though, I do wonder as you say Rik, if everyone used one how they would fair, at least they look good and have a better GUI and handle system resources better. My Laptop has the same screen res as Sebby's mac, full 1080P, I think the same amount of HD space (640gb) mine has a T9400 core 2 duo proc at 2.53ghz and 4 gig of DDR3 at 1066, and a Nvidia 9700M GT graphics card and I bet side by side the mac would run all over it performance wise.

[Niall]

I have to agree with you, Ian. If they cared, they wouldn't have been in the mess in the first place.

If they had done that to me, they WOULD be receiving a letter from my solicitor. How is it that the BBC seem to constantly have idiots working for them in the higher positions that manage the muppets that come up with these ideas? A bad suggestion is made, then an uninformed person that hasn't had the correct background research given to them gives it the green light. Who is to blame at the BBC, is it the lawyers or the BBC itself? Who has the final say to allow something that is clearly breaking the law?

[Niall]

Macs have vulnerability's like any machine, but not as many of course, but I think market share is what helps keep them safer a bit like the Opera browser, though, I do wonder as you say Rik, if everyone used one how they would fair, at least they look good and have a better GUI and handle system resources better. My Laptop has the same screen res as Sebby's mac, full 1080P, I think the same amount of HD space (640gb) mine has a T9400 core 2 duo proc at 2.53ghz and 4 gig of DDR3 at 1066, and a Nvidia 9700M GT graphics card and I bet side by side the mac would run all over it performance wise.

Do we actually know this to be factually correct, with regards to their being less vulnerabilities? I've never actually come across a list of them, or even seen a number being quoted. I suppose if there is less code and the O/S for said system had less functionality I could see it being the case, but as I say, I've never seen anything proving that.

[talos]

If they had done that to me, they WOULD be receiving a letter from my solicitor.

How would you know ?

Who has the final say to allow something that is clearly breaking the law?

Do you know that for a fact?

[Rik]

None of us does unless it's tested in court, Bob.

[talos]

None of us does unless it's tested in court, Bob.

I agree Rick, to a point, but untill it has been tested

[somanyholes]

Do we actually know this to be factually correct, with regards to their being less vulnerabilities? I've never actually come

across a list of them, or even seen a number being quoted. I suppose if there is less code and the O/S for said system had

less functionality I could see it being the case, but as I say, I've never seen anything proving that.

This article is fairly dated but the source of information is reliable.
http://blogs.zdnet.com/security/?p=758

The thing to think about is are we just talking about OS vulnrabilities or are we also including general application vuln's.

Apple have a very different disclosure policy to that of Microsoft and the Nix's. They don't do full disclosure, they ignore
quite a range of reported vuln's and only act when people start kicking off. Again I will say Apple is just as vulnrabnle to
attack weather this is through os vuln's (this will include vuln's reported in bsd, after all mac is built on it) or
application vuln's. I think a prime example of apple's attitidue is when they advertised Anti-virus on their website, to
increase the os security, Apple's HR dept kicked off and the page was taken down due to this not tieing in with all the
adverts advising it's a secure OS etc etc and how viruses don't affect it (haha). Another thing to take into consideration is Apple's low market share, if more used the more vuln's there would be. A final thing I have noticed is that the apple user's attitude is often their downfall, on a number of security audit's I have done, the fastest way gaining access to a remote network is for example vnc access with no passwords set. Let's not forget there is no patch for human stupidity regardless of the OS.

[Rik]

Shame about your last point, So.

[Glenn]

There are one or two way to stop stupidity forever.

[Rik]

I believe that the Human Rights Act would prevent the technique though, Glenn.

[Glenn]

Spoil sport 

[Rik]

Back to two bricks then.

[Sebby]

Do we actually know this to be factually correct, with regards to their being less vulnerabilities? I've never actually come across a list of them, or even seen a number being quoted. I suppose if there is less code and the O/S for said system had less functionality I could see it being the case, but as I say, I've never seen anything proving that.

I suspect that Mac OS is a much more secure operating system to start with, but also there's less interest in writing viruses for Macs. I don't believe any actual viruses exist for Mac...

[zappaDPJ]

There are a growing number of MAC specific viruses but nothing on the same scale as there are for the PC. Apple do now recommend that all users install antivirus software which gives some indication of what may be to come.

As to what the BBC did, I wonder if they are aware that hacking and denial of service falls under the Terrorism Act. I don't think for one minute that there would be any prosecution brought because of the intent but nevertheless as a publicly funded body I think they are treading on slightly dangerous ground.

There is certainly a need for more awareness as far as computer security goes but I don't think this was the right way to go about it.

[Tacitus]

"In practice we need a diversity of systems and CPUs"..... which would make it ruinously expensive for software companies to produce mass market products.

Compiler technology is getting better all the time.  Java and C# become more viable as computer power increases.  Not to my mind as impossible as you suggest.  If much of the action takes place in the cloud it won't matter what the underlying OS is.

Computers, the internet, mass usage of them and it, all are as a direct result of uniform design, even if that uniform design has been achieved by the market dominance of MS. It's fashionable to knock MS, but would you honestly want to go back to having no viable internet or well developed software to run on your PC? Many companies can't or don't attempt to get software to work on both PCs and Macs, so how you think an even greater variety would help is lost on me.

You didn't need to have a 'standard PC' to have the Internet all you need are the communication protocols which were nothing to do with MS anyway.   I know all the arguments for standardised product gave us the 'standard PC' and I conceed that it allowed the market to develop.  The downside is that it also gave us a monoculture. In computers as in nature a monoculture is a bad thing.  We've already seen how a virus can spread more or less unchecked, although other systems remain standing.  Diversity is there already we just need more of it.  Some servers run Apache, other use MS.  Some of the more secure ones in finance run Solaris, probably, though not necessarily, on Sparc.

What we need is not diversity, but harsher penalties for virus writers and malicious hackers. [SNIP]  Send them to prison for life, and then see how many little kiddies think it's funny to mess with the world's computers.

Do you seriously think a court is going to jail some script kid for life?  You might feel like it but I can't see it happening.  The real villains need to be caught not just the low hanging fruit.  Fair enough detection techniques are getting better but I think there's a long way to go. 

If you really want to jail someone how about allowing MS to be sued for loss of business due to their OS being insecure?  If they had to face the same consequential damages that (say) a car manufacturer has to face for bad design leading to failure, I guarantee Windows would be the most secure OS in existence. 

[drummer]

...Deterrents work, it's a proven fact. All they need to be is strong enough. Viruses and hacks cause thousands of pounds worth of damage every day and aren't just the minor irritation that some will argue. They are serious crime, but the attempts to catch the culprits, and the penalties imposed, go nowhere close to matching the severity of that crime...

Care to share those "proven" facts?

I'm guessing you also believe the "war on drugs" and the "war on terror" are working too.

To reiterate: your computer security is down to you alone, not the company that supplies the OS.

Unless of course you're one of those people who believe that when bad things happen, it's always someone elses fault.

To get back on topic though, it's incredible the lengths some people will go to in order to denigrate the BBC.

[Tacitus]

There are a growing number of MAC specific viruses ......

How many viruses have been reported for Macs?  Note I mean a self propagating virus which spreads without user interaction.

There have been recent reports of trojans and worms, but no reports of any *real* viruses.  The recent trojan which accompanied a copy of CS4 which people downloaded from the torrent sites required the user to give an Admin password in order to install it.  No operating system can protect against that.

Again I will say Apple is just as vulnrabnle to  attack weather this is through os vuln's (this will include vuln's reported in bsd, after all mac is built on it) or application vuln's. ...[...]  Another thing to take into consideration is Apple's low market share, if more used the more vuln's there would be.

Can't follow the logic here    The number of vulnerabilities in the OS doesn't increase whether there are more or less Macs in use.  The possibility of them being exploited may increase as the bad guys see more opportunities.  If you are using the market share argument OSX can't be just as vulnerable.

Personally I couldn't care less whether OSX is more secure because it is better designed (I happen to think it is), or because it flies under the radar because of a low market share.  Either way I get work done without the endless aggravation that seems to be the norm for many PC users. 

Works for me. 

[talos]

Looks like this thread is degenerating into the old Mac versus Pc debate again

[Tacitus]

Looks like this thread is degenerating into the old Mac versus Pc debate again

I know - in my original post I studiously avoided mentioning Macs, calling instead for a diversity of operating systems.  

[Den]

If there were ten shops on the high street and nine of them had 100 people through there doors each day and the other just one person, you would advertise in the nine and leave the other alone. The same applys to computers, if you are going to write a virus, write it for the computer that most people have and leave the other ones alone.
If you require protection pay for a decent one and don't expect to get the best for nothing as there is no such thing.  

[Rik]

I'm free. 

[Niall]

How would you know ? 
Do you know that for a fact?

Your point is a little odd considering I was saying that from the point that if I knew they would be. Obviously if I didn't know they wouldn't. As for your second comment, it's already been posted in here that accessing someone's system without permission is breaking the law, so if you go and do it anyway, you've broken the law, or am I missing something here?

[talos]

Your point is a little odd considering I was saying that from the point that if I knew they would be. Obviously if I didn't know they wouldn't.

Pardon

As for your second comment, it's already been posted in here that accessing someone's system without permission is breaking the law, so if you go and do it anyway, you've broken the law, or am I missing something here?

So thats a no then?

[Dopamine]

Care to share those "proven" facts?

I'm guessing you also believe the "war on drugs" and the "war on terror" are working too.

To reiterate: your computer security is down to you alone, not the company that supplies the OS.

Unless of course you're one of those people who believe that when bad things happen, it's always someone elses fault.

To get back on topic though, it's incredible the lengths some people will go to in order to denigrate the BBC.

No, I believe the "war on drugs" and "war on terror" have been abject failures and will never work, and in fact am a vociferous objector to many of the government impositions placed on our freedoms in the name of the "war on terror". I also believe that computer security is not the responsibility of OS manufacturers. You've misinterpreted my post, or I didn't express it well.

As a service to society, everyone, I believe, has a duty to help where they can, whether that's stepping in and reprimanding a group of youths vandalising a bus shelter, or volunteering a small amount of time once in their lives to help the needy. Microsoft and Apple have sufficient wealth to be able to offer substantial rewards without any negligible effect on their profits or costs to consumers. That was my point; they could, and perhaps morally should, assist.

As for believing everything is someone else's fault... absolutely not. Personal responsibility is paramount, but blinkered approaches such as yours are stupid. Do you protect your own computers from threats, or do you use software developed by others to do it for you? Of course, you use software.

And when it comes to proven deterrents.. . Do you really need examples? Speed cameras? I assume you're more vigilant as a result. Who knowingly drives past a live speed camera at excess speed? Nobody that I know. Do you? Perhaps it would be easier if you gave examples of where sufficiently severe deterrents don't work.

[Den]

I'm free. 

Are you saying you use a free anti-virus to protect your computers Rik 

[Rik]

Not I, Den, I'm a fully paid-up NOD man.

[Den]

Thank the Lord for that 

[zappaDPJ]

How many viruses have been reported for Macs?  Note I mean a self propagating virus which spreads without user interaction.

There have been recent reports of trojans and worms, but no reports of any *real* viruses.  The recent trojan which accompanied a copy of CS4 which people downloaded from the torrent sites required the user to give an Admin password in order to install it.  No operating system can protect against that.

That's a very valid point, self propagating viruses are indeed a very rare occurrence on the Mac platform as they are extraordinary hard to create. Distributed infections such as malware and trojans are definitely on the increase though.

While on the subject of viruses, I still have somewhere an original copy of what I believe was the first computer virus (DOS) ever to be distributed. The distribution method was the Royal Mail and the payload if I recall correctly was a rather rude full screen message and number of corrupted .com files. It came with printed installation instructions on a floppy disk (when discs really were floppy) all nicely packaged in a cardboard envelope with a first class stamp! It purported to be a medical database and was sent out to NHS Planning & Information departments which is where I received it.

[Niall]

Pardon
So thats a no then?

How is that difficult to understand, and what on earth are you talking about with the no? That isn't even answering any questions asked, or are you answering a question in another post as I can't see what you're referring to?

[Sebby]

Well I for one am confused.

[talos]

How is that difficult to understand, and what on earth are you talking about with the no? That isn't even answering any questions asked, or are you answering a question in another post as I can't see what you're referring to?

[Tacitus]

That's a very valid point, self propagating viruses are indeed a very rare occurrence on the Mac platform as they are extraordinary hard to create.

Which suggests Macs are better designed to resist infections?   

Distributed infections such as malware and trojans are definitely on the increase though.

I agree, but when you look at these the vast majority require user interaction (= an admin password).  Not a lot you can do about social engineering apart from educate users.  One reason I always tell people to setup a user account rather than run as admin since it should stop most of these.

It never ceases to amaze me the number of people who saye they got this or that app either from a warez site or via torrents, totally blind to the risks.  I've even known Mac users who do it on the (stupid) assumption that Macs are bulletproof.  As those who got CS4 from a file sharing site discovered this is untrue....

No such thing as 100% security on any platform.

[drummer]

<some snipping for brevity>

As for believing everything is someone else's fault... absolutely not. Personal responsibility is paramount, but blinkered approaches such as yours are stupid. Do you protect your own computers from threats, or do you use software developed by others to do it for you? Of course, you use software.

Blinkered?  I'll let that pass because life's too short...

Of course I use a combination of commercial and free software to stop nasties getting through, and I constantly check that they're working and are regularly updated.  Not sure what point you're actually here making though.

And when it comes to proven deterrents.. . Do you really need examples? Speed cameras? I assume you're more vigilant as a result. Who knowingly drives past a live speed camera at excess speed? Nobody that I know. Do you? Perhaps it would be easier if you gave examples of where sufficiently severe deterrents don't work.

Some of us actually gave up our cars several years ago, so I have no idea about the deceptions of which you speak, but I'm assuming you're suggesting that breaking the law by speeding is okay when you can get away with it.

Nice.

Your original claim was that locking lots of people up for a long time is a realistic deterrent to those considering a life of crime which - if correct - would make the USA the crime-free centre of the world.

*stifles childish giggle*