Ethics prevents acting for good

Posted by Keith McMillan

April 30, 2008 | 2 Comments

Recently, the Kraken botnet has come into focus as the worlds largest, with an estimated number of zombie computers between 165,000 and 600,000. Each of these computers is probably sending you spam right now, and many have probably probed your computer to see if it can be compromised as well. Who knows, maybe your computer is already one of them.

Researchers at TippingPoint started out to determine the size of the network, which they did by building a server of their own, and waiting for zombies to connect to them for instructions. They eventually managed to attract a 25,000 in a week’s worth of time. Here’s where things get interesting.

Most botnets include a feature that lets the controller upgrade the zombie computer with a new version, so the researchers could use their new-found power for good, directing these machines to remove the infection, or render it benign. Due to liability concerns, TippingPoint, the good guys, decided they could not remove the infection.

In a comment attached to Amini’s initial blog post, Endler put it plainly. “Cleansing the systems would probably help 99% of the infected user base,” he said. “It’s just the 1% of corner cases that scares me from a corporate liability standpoint.”

I sympathize with TippingPoint, but it’s a sad commentary on the world when the good guys are afraid of doing something that’s clearly right out of liability concerns. While accessing a computer without the owner’s consent is illegal in the US, shouldn’t a Good Samaritan law apply in cases like this?

[ via CompuWorld ]


RSS feed | Trackback URI


Comment by Andy Kailhofer
2008-05-01 08:28:02

Of course, the problem comes from when a well-meaning but less-l33t “good guy” does a removal which leaves a smoking hole where a computer once stood—“The operation was a success, but the patient had better have made a backup…”

Comment by Keith McMillan
2008-05-01 17:11:19

Your remarks are true. I think I might be a tad upset if my computer vendor pushed an update at me that I didn’t request. Oh, wait, Microsoft already does that!

I think there’s a question here of a greater good, though. An infected machine is a danger to the internet society, as it will infect others as soon as it gets a chance. Is it better to have some people with a smoking hole for a computer, or another 1,000 infected machines in a botnet? When does it become a problem that these networks are out there? I hope it’s before they take out some major piece of infrastructure like the power grid.

Name (required)
E-mail (required - never shown publicly)
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> in your comment.