Low End Mac
Search LEM 
Donate · Amazon.com · iResQ · Advertise
Other Cobweb sites: Low End Living · Reformed.net
Quicklinks: · Power Macs · 'Books · Early Macs · Week's Best Deals · OS Downloads
Page not found | Low End Mac

Well this is somewhat embarrassing, isn’t it?

It seems we can’t find what you’re looking for. Perhaps searching, or one of the links below, can help.

Most Used Categories

Archives

Try looking in the monthly archives. :)

Deliver Us From Evil

Thoughts on Computer Self Defense

Dan Knight
2003.01.16

Should you have the right to take active steps to stop a computerized attack on your computer system? More specifically, would attacking and disabling the malicious process on the computer undertaking the attack be an appropriate response?

In an era of viruses, denial of service attacks, worms, spam, peer-to-peer networking, and who knows what other kinds of spyware and malware, Tim Mullen of SecurityFocus has been making the case for computerized self defense since publishing Right to Defend in July 2002. He writes:

"Let's use Nimda as an example. If I tell my system to issue the exact same series of GET requests that Nimda does against a machine, that action could be considered a federal crime. I would be a criminal. A cracker. A felon. The scum of the earth. But if an administrator does not secure his box, and the same series of GET requests hammer against my network for months at a time, he is a victim."

Mullen proposes that we have a right to defend our systems from such attacks - and that one tool in protecting our computers from these attacks would be a "hack-back" program that would defend itself by attacking the program on the remote computer responsible for the attack.

Call it computerized self defense. When being attacked, computers should have the same right to use reasonable force that homeowners do when their property has been invaded.

This week Mullen takes the issue a step further in Strikeback, Part Deux. Because many attacks are virus- or worm-related, the owner of the machine may not even realize their computer is attacking another - or have a clue how to stop the process.

Mullen has written some code to demonstrate that it is possible for a machine to strike back when attacked, automatically attempting to shut down the rogue process on the attacking machine. Brilliant.

Of course, not everyone agrees. Some would view such a counterattack in the same light as the original malicious process, ignoring the fact that the defense mechanism only acts in response to an attack. And that kind of discussion helps us all grapple with the various aspects of the issue.

There's been a good discussion on Slashdot, Killing Others' Malicious Processes. One of the best postings draws explicit parallels between personal self defense and what Mullen is proposing as computer self defense.

No Duty to Retreat

Pii writes: "There is a concept in law called 'No Duty to Retreat,' and I see no reason why it cannot be applied in much the same way to cases like this.

"This concept relates to self-defense, and deadly force. Follow along with me...

If a person is in public, and is threatened, that person must make every reasonable effort to avoid the use of deadly force as a means of self defense, prior to useing such force. He must attempt to leave the scene, etc. In short, there is a Duty to Retreat.

If, however, that person is in his home, his own property, that person may use deadly force as a means of self defense without having to exhaust every means of escape or avoidance. On his own property, a person has No Duty to Retreat.

"How is the scenario for Cyber-attack any different? Unlike most of the people commenting on this article, I believe you do have the right to take active measures in protecting your property.

"Obviously, we're not talking about deadly force... We're simply talking about electronic countermeasures.

"If an unsecured system on the Internet has been infected by a malicious program, and is now launching it's own attack against your system, your property, denying you the use of bandwidth or resources that you are paying for, I think you're perfectly within your rights to put the attack down, and if necessary, the offending system.

"A person utilizing the Internet has a certain responsibility not to cause harm, either through action, or inaction. Most people on the Internet today seem tragically unaware of this. Without this, the Internet is ripe for a tragedy of the commons situation.

"Is it wrong to still believe that with Rights come Responsibilities, or that with Priviledge comes Obligation?"


Responsibility is a key issue here. Computer users on the Internet have a responsibility to the community of Internet users, a responsibility to do no harm. If they create viruses, actively participate in denial of service attacks, allow spam to be relayed by their servers, or even let an unwanted process run on their machine that brings harm to another, they have abdicated their responsibility to the community.

Just as we have the right to discard spam and remove viruses from our computers, we should have the right to prevent other computers from causing harm over the Internet. Our defense should include the right and ability to block the attack or, failing that, stop the attack at the source.

We cannot retreat short of taking our own computers off the Internet. We must be allowed to defend ourselves.

Who Is Responsible?

JPawloski writes: "'Since the owner of a system has no responsibility for the actions of a worm, or any malicious process, that runs without their knowledge, I submit that they also have no rights to the process. No responsibility means no rights.

"'So, if they have no rights to the process, there is no infringement against them when we neutralize it. If someone wants to claim that their rights were violated by our taking out the attacking process, then they should be held accountable for the actions of the process from its inception. They can't have it both ways.'

"That, I think, is a good point. The solution, however, is not to make the counterattack legal, thus continuing to absolve people of responsibility, but to make the owners of the systems legally responsible for their failure to secure their systems. If your system is 0wn3d and used to launch a DDoS attack on AOL (or Slashdot, Kuro5hin, whoever), then AOL should have the right to sue you for damages. Your incompetence caused their loss."


The point of responsibility is a good one, but it can be extended too far. If someone trespasses on your property and commits a crime, you would generally not be held responsible for their actions. Viruses, worms, and other malware are normally installed without the knowledge of the property (computer) owner.

It's one thing to sue someone for deliberately attacking another computer. It's something completely different to sue them because some new piece of malware has taken parasitic residence on their computer.

That said, it's conceivable that we could reach the point where failure to take measures against such trespass could make one liable for attacks launched on their computers. Especially on the Windows platform with its tens of thousands of worms and viruses, it should be unthinkable to run a computer connected to the Internet that doesn't have antivirus software and keep it updated.

Vigilante Justice or Self Defense?

Phil Reed writes, "Here's an interesting distinction (found in the letters on Crypto-Gram): If you reverse-attack a machine that's attacking you, is it vigilante justice or is it self-defense? Vigilante justice is when you hunt somebody down after the fact, self-defense is when you stop somebody during the act. Both have significant case law, and self-defense is quite justifiable under certain circumstances (action was done to avert a threat of immediate, significant harm, harm caused by the action was not disproportionate to the harm avoided, etc). I think a strong case for self-defense can be made here."


I have to agree. Launching a counterattack specifically against the IP address, rogue process, or computer responsible for the initial attack is self-defense.

Loss of Business

KDan writes, "The only problem with this strikeback thing is what if the machine which is infected is business-critical?

"If you're going to take it on yourself to fix other people's machines, what if this causes them loss of business? And there's also varying definitions of what 'strikeback' or 'fixing' could mean. What if someone decides to "fix" your database server by shutting it down? Shouldn't they be held liable for the damages caused, just as someone who does that maliciously can be held liable?

"There's just too many holes in this strikeback philosophy. It opens the door to tons of abuse too: 'I only broke into this machine to fix it, I swear, gov'nor!'

"I think it would also result in pretty dire situations when a machine equipped for strikeback mistakenly decides another machine (also strike-back-enabled) needs to be 'fixed', and starts attempting to hack into it - and then the other one detects it as well, and they start concurrently trying to hack into each other... probably saturating the network with crap on the way..."


If the machine is mission critical, why is someone allowing it to be hijacked by malware? That's my key objection to KDan's posting.

Whether the machine is "critical" or not shouldn't be a factor. If the machine is responsible for attacking another and the IP can't be blocked and the process can't be stopped any other way, it may be necessary to shut down or crash the system. This is one more argument for protecting computers from malware.

Processes

Today's computers are easier to use and have much more complex operating systems than ever before. Most users have no idea how many different processes are going on in the background, ranging from keyboard and mouse input to Internet access to possibly recording keystrokes in case of a crash to who knows what kinds of spyware reporting our computing activities to who knows what organizations.

Most people using a computer do not have the tools or expertise to identify a rogue process, let alone kill it. Ideally users would have programs on their computers that would notify them when a new process launches, especially if it's not part of the operating system. Even then most users wouldn't know what to do when some piece of malware launched itself, unless this program also gave them the ability to terminate the process.

Because the average computer user can't be expected to know everything their computer is doing, it's crucial that hack-back software exists. This software should function on several different levels:

  1. Identify the type, severity, and source of the attack.
  2. Notify the system owner of the attack.
  3. Attempt to block the attack at the firewall or router by blocking the offending IP address.
  4. Notify the sys admin of the network or ISP where the attack is taking place, requesting they block the offending IP, shut down the process, or turn off the attacking computer.
  5. Failing that, attempt to shut down the process and possibly remove the offending bit of malware.
  6. Failing that, attempt to shut down the computer.
  7. Failing that, attempt to crash the computer.
  8. Report details of the attack and response to a central clearing house.

Computer self defense would be rooted in taking the minimum steps necessary to protect your own computer and stop future attacks from the other machine. And this would have to be done very carefully.

As Digital Quartz notes on Slashdot, "Since you are intentionally running a process on someone else's machine, you are accountable for it's results." That's why I suggest a process that takes the minimum steps necessary to first protect your computer and then stop the attack.

The RIAA

There is a proposal floating about that would allow the RIAA to legally attack computers they suspect of illegally swapping music files. Under the proposed legislation, the RIAA would not be liable for any damage they inflict on these computers, even if they attacked one that was not involved in music swapping.

Self defense software such at Mullen proposes could be a tool in protecting our computers from the predations of the RIAA, MPAA, and anyone else who thinks denial of service attacks and other ways of attacking user computers might in any way be considered a good thing.

It's bad enough the record companies have produced "music CDs" that fail to work or actually damage computers that attempt to play them. A right of computer self defense would give us a tool we need to protect ourselves not only from worms and viruses, but also from deliberate attacks on our personal computers authorized by law.

Page not found | Low End Mac

Well this is somewhat embarrassing, isn’t it?

It seems we can’t find what you’re looking for. Perhaps searching, or one of the links below, can help.

Most Used Categories

Archives

Try looking in the monthly archives. :)

<This article available in a printer-friendly version.>

Low End Mac Reader Specials

\r\n\r\n"; if ((isset($pool) AND isset($type)) AND (isset($ip) OR isset($ok))) { if (!isset($siteid)) $siteid="270"; if (!isset($pageid)) $pageid="0"; if (!isset($force)) $force=""; if (!isset($keywords)) $keywords=""; if (!isset($pos)) $pos=""; if (!isset($optcode)) $optcode=""; getad($siteid, $pageid, $pool, $type, $ip, $force, $keywords, $pos, $optcode); # $adr = "http://adserver1.backbeatmedia.com:6789/servlet/ajrotator/$siteid/$pageid/viewHTML?pool=$pool&type=$type&ajip=$ip"; # $success = @readfile("$adr"); } ?>

Join us on Facebook, follow us on Twitter or Google+, or subscribe to our RSS news feed

Dan Knight has been using Macs since 1986, sold Macs for several years, supported them for many more years, and has been publishing Low End Mac since April 1997. If you find Dan's articles helpful, please consider making a donation to his tip jar.

Links for the Day

Recent Content


back to Mac Musings index



Entire Low End Mac site copyright ©1997-2016 by Cobweb Publishing, Inc., unless otherwise noted. All rights reserved. Advice presented in good faith, but what works for one may not work for all. Please report errors to the webmaster.
  LINKS: We allow and encourage links to any public page as long as the linked page does not appear within a frame that prevents bookmarking it.
  Access our RSS news feed at http://lowendmac.com/feed.xml.
  Email may be published at our discretion; email addresses will not be published without permission. If you prefer your message not be published, mark it "not for publication." Letters may be edited for length, context, and to match house style.
  PRIVACY: We don't collect personal information unless you explicitly provide it. For more details, see our Terms of Use.
  Low End Mac is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple Computer. Apple, the Apple logo, Macintosh, iBook, iMac, eMac, iPod, and PowerBook are registered trademarks of Apple Computer, Inc. Additional company and product names may be trademarks or registered trademarks and are hereby acknowledged.

\r\n\r\n"; if ((isset($pool) AND isset($type)) AND (isset($ip) OR isset($ok))) { if (!isset($siteid)) $siteid="270"; if (!isset($pageid)) $pageid="0"; if (!isset($force)) $force=""; if (!isset($keywords)) $keywords=""; if (!isset($pos)) $pos=""; if (!isset($optcode)) $optcode=""; getad($siteid, $pageid, $pool, $type, $ip, $force, $keywords, $pos, $optcode); # $adr = "http://adserver1.backbeatmedia.com:6789/servlet/ajrotator/$siteid/$pageid/viewHTML?pool=$pool&type=$type&ajip=$ip"; # $success = @readfile("$adr"); } ?>

  • Mac of the Day: Blue & White Power Mac G3, introduced 1999.01.05. The most colorful Power Mac introduced an innovative 'drawbridge' enclosure.
  • List of the Day: LisaList supports Lisa users.
  • Channels
     Power Macs
     iMac Channel
     iBook/PowerBook
     MacInSchool
    Computer Profiles
     iMac
     Power Mac
     PowerBook/iBook
     Performas
     Mac Clones
     Older Macs
     LisaNeXT
    Editorial Archive
    Mac Daniel's Advice
    Email Lists
    LEMchat (uses AIM)
    Online Tech Journal
    Consumer
     advice, reviews
     guides, deals
    Software
    Apple History
    Best of the Web
     Best of the Mac Web surveys
    Miscellaneous Links
     Used Mac Dealers
     Video Cards
     Mac OS X
     Mac Linux
     Macspeak
     RAM Upgrades
    About Low End Mac
    Site Contacts

    Open Link

    Support LEM

    Affiliates

    The Apple Store
    The iTunes Store
    MacMall
    iResQ
    ExperCom
    eBay
    Amazon.com
    PayPal
    PCMall
    PC Zone
    Crucial Memory

    Our advertising is handled by BackBeat Media. For detailed price quotes and advertising information, please contactat BackBeat Media (646-546-5194). This number is for advertising only.