home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Internet Info 1997 December
/
Internet_Info_CD-ROM_Walnut_Creek_December_1997.iso
/
faqs
/
alt
/
comp
/
virus
/
[alt.comp.virus]_FAQ_Part_3_4
< prev
next >
Wrap
Internet Message Format
|
1997-10-24
|
24KB
Path: senator-bedfellow.mit.edu!faqserv
From: George Wenzel <gwenzel@gpu.srv.ualberta.ca>
Newsgroups: alt.comp.virus,comp.virus,alt.answers,comp.answers,news.answers
Subject: [alt.comp.virus] FAQ Part 3/4
Supersedes: <computer-virus/alt-faq/part3_876222027@rtfm.mit.edu>
Followup-To: alt.comp.virus
Date: 23 Oct 1997 09:38:34 GMT
Organization: none
Lines: 642
Approved: news-answers-request@MIT.EDU
Expires: 21 Nov 1997 09:32:10 GMT
Message-ID: <computer-virus/alt-faq/part3_877599130@rtfm.mit.edu>
References: <computer-virus/alt-faq/part1_877599130@rtfm.mit.edu>
NNTP-Posting-Host: penguin-lust.mit.edu
X-Last-Updated: 1997/09/07
Originator: faqserv@penguin-lust.MIT.EDU
Xref: senator-bedfellow.mit.edu alt.comp.virus:51176 comp.virus:30101 alt.answers:29803 comp.answers:28646 news.answers:115222
Archive-name: computer-virus/alt-faq/part3
Posting-Frequency: Fortnightly
URL: http://www.webworlds.co.uk/dharley/
Maintainer: Co-maintained by David Harley, Bruce Burrell, and George Wenzel
alt.comp.virus (Frequently Asked Questions)
*******************************************
Version 1.04: Part 3 of 4
Last modified 6th Sept 1997
("`-''-/").___..--''"`-._
`6_ 6 ) `-. ( ).`-.__.`)
(_Y_.)' ._ ) `._ `. ``-..-'
_..`--'_..-_/ /--'_.' ,'
(il),-'' (li),' ((!.-'
ADMINISTRIVIA
=============
Disclaimer
----------
This document is an honest attempt to help individuals with computer
virus-related problems and queries. It can *not* be regarded as being
in any sense authoritative, and has no legal standing. The authors
accept no responsibility for errors or omissions, or for any ill effects
resulting from the use of any information contained in this document.
Not all the views expressed in this document are mine, and those views
which *are* mine are not necessarily shared by my employer.
Copyright Notice
----------------
Copyright on all contributions to this FAQ remains with the authors
and all rights are reserved. It may, however, be freely distributed
and quoted - accurately, and with due credit. B-)
++
It may not be reproduced for profit or distributed in part or as
a whole with any product for which a charge is made, except with
the prior permission of the copyright holders. To obtain such permission,
please contact one of the co-maintainers of the FAQ.
David Harley <D.Harley@icrf.icnet.uk>
Bruce Burrell <bpb@umich.edu>
George Wenzel <gwenzel@gpu.srv.ualberta.ca>
[Please check out the more detailed copyright notice at the beginning
of part 1 of the FAQ]
------------------------------------------------------------------------
TABLE OF CONTENTS
*****************
Part 1
------
(1) I have a virus - what do I do?
(2) Minimal glossary
(3) What is a virus (Trojan, Worm)?
(4) How do viruses work?
(5) How do viruses spread?
(6) How can I avoid infection?
(7) How does antivirus software work?
Part 2
------
(8) What's the best anti-virus software
(and where do I get it)?
(9) Where can I get further information?
(10) Does anyone know about
* Mac viruses?
* UNIX viruses?
* macro viruses?
* the AOLGold virus?
* the PKZip trojan virus?
* the xyz PC virus?
* the Psychic Neon Buddha Jesus virus?
* the blem wit virus?
++ * the Irina virus
++ * Ghost
++ * General Info on Hoaxes/Erroneous Alerts
(11) Is it true that...?
(12) Favourite myths
* DOS file attributes protect executable files from
infection
* I'm safe from viruses because I don't use bulletin
boards/shareware/Public Domain software
* FDISK /MBR fixes boot sector viruses
* Write-protecting suspect floppies stops infection
* The write-protect tab always stops a disk write
* I can infect my system by running DIR on an infected
disk
-----> Part 3
------
-----> (13) What are the legal implications of computer viruses?
Part 4
------
(14) Miscellaneous
Are there anti-virus packages which check zipped files?
What's the genb/genp virus?
Where do I get VCL and an assembler, & what's the password?
Send me a virus.
It said in a review......
Is it viruses, virii or what?
Where is alt.comp.virus archived?
++ What about firewalls?
Viruses on CD-ROM.
Removing viruses.
Can't viruses sometimes be useful?
Do I have a virus, and how do I know?
What should be on a (clean) boot disk?
How do I know I have a clean boot disk?
What other tools might I need?
What are rescue disks?
Are there CMOS viruses?
How do I know I'm FTP-ing 'good' software?
What is 386SPART.PAR?
Can I get a virus to test my antivirus package with?
When I do DIR | MORE I see a couple of files with funny names...
Reasons NOT to use FDISK /MBR
Why do people write/distribute viruses?
Where can I get an anti-virus policy?
Are there virus damage statistics?
What is NCSA approval
What language should I write a virus in?
No, seriously, what language are they written in?
[DRD], Doren Rosenthal, the Universe and Everything
What are CARO and EICAR?
++ "Am I idle?" - Yellow Smiley in Win95 System Tray
Placeholders
Supplement: Virus-related FAQs vs. 1.02b
* The alt.comp.virus FAQ
* The comp.virus/Virus-L FAQ
* The macro-virus FAQ
* The alt.comp.virus mini-FAQ
* The Antiviral Software Evaluation FAQ
-------------------------------------------------------------------
(13) What are the Legal Implications of Computer Viruses?
=========================================================
**********************************************************************
The material in this section has no formal legal standing. It consists
of several persons' attempts to interpret and clarify the legal
issues, and cannot possibly be authoritative.
**********************************************************************
Overview
--------
It isn't possible to deal briefly with all the relevant legislation in
one country, let alone all of them. In the USA, local statutes may be
much more rigorous than federal legislation, which is, arguably, more
concerned with computers in which the government has an interest than
it is with those belonging to individuals.
In many countries, writing of viruses is not an offence in itself,
whereas in others, not only is this not the case, but distribution,
even the sharing of virus code between antivirus researchers is,
at least technically, also an offence.
Once a virus is released 'into the wild', it is likely to cross
national boundaries, making the writer and/or distributor answerable
for his/her actions under a foreign legal system, in a country
he/she may never have visited.
Where virus writing and distribution may not apply locally in a
particular case, the individual may nevertheless be subject to
civil action: in other words, where you may be held to have
committed no offence, you may still be sued for damage.
Some of the grounds on which virus writing or distribution may be
found to be illegal (obviously I'm not stating that all these grounds
will apply at all times in all states or countries!) include:
* Unauthorized access - you may be held to have obtained unauthorised
access to a computer you've never seen, if you are responsible for
distribution of a virus which infects that machine.
* Unauthorized modification - this could be held to include an infected
file, boot sector, or partition sector.
* Loss of data - this might include liability for accidental damage as
well as intentional disk/file trashing.
* Endangering of public safety
* Incitement (e.g. making available viruses, virus code, information
on writing viruses, and virus engines)
* Denial of service
* Application of any of the above with reference to computer systems or
data in which the relevant government has an interest.
One major problem is that some residents of the United States
firmly believe that U.S. law is universal law. Worse, most of them
have limited knowledge of their own legal system, but this may apply
to the citizens of many countries. The idea that a person can be
acquitted of a criminal offence yet still lose a civil suit in
connection with that same offence strikes most laymen as preposterous,
yet it does happen in both Canada and the U.S., at least.
Since the law does vary widely from country to country (and even
within countries), it is entirely possible for one to break
the law of another country, state, province, or whatever, without ever
leaving your own, and since extradition treaties do exist, perhaps it's
best to assume that any act that might be construed as being or causing
wilful and malicious damage to a computer or computer system could
get you a roommate with undesirable tendencies and no social graces. :)
The best advice to give to any one contemplating a possibly illegal act
would be to contact their local Crown Prosecutor, Crown Attorney,
District Attorney, or whatever label the local government prosecutor
wears. Acting on the advice of one's own attorney doesn't render one
immune from prosecution, and the cost of defence can be high, even if
successful.
An extremely biased opinion is that very often attorneys attempt to
provide the answer they believe the client wishes to hear, or give an
opinion in areas where they have no real expertise. Prosecutors, on
the other hand, tend to look at a particular action in the light of
whether a successful prosecution can be mounted. If the local Crown
Prosecutor were to suggest that something was a Bad Thing, I should be
extremely nervous about doing it. :)
USA & Canada
------------
The following is an interpretation of the laws in the USA and
Canada, and has no legal standing as an authoritative document in
those countries or any other. Relevant legislation in other parts of
the world may be very different and in some cases far stricter.
Many thanks to David J. Loundy for his assistance with the legalities
regarding computer crime. A valuable source of information on this
topic can be found in his E-Law paper, which can be accessed
via the URL:
http://www.leepfrog.com/E-Law/E-Law/Part_VII.html
It is illegal in both the USA and Canada to damage data within
a computer system which is used or operated by the
government. This means that if you write a virus, and it
eventually infects a government system (highly probable),
you are in violation of the law. Inclusive in this category
are damages incurred due to computer stoppages (i.e.
writing a virus that causes a computer to crash or become
unusable), and viruses that destroy data.
The question regarding the writing of malevolent computer
viruses being illegal isn't really that hard to answer: It is
illegal to write and spread a virus that infects a government
system. Federal law is unclear as to whether this extends to
private computer systems as well, but State statutes are frequently
unequivocal about defining virus-related crimes against property.
The question has come up, however, about the distribution
of viruses and virus-related programs. A general guideline
is that it is legal to distribute viruses, for example, on a BBS,
as long as the people who are downloading the virus know
EXACTLY what they are getting. If you intentionally infect a
file and make it available for downloading, you may be
subject to prosecution. Your conscience should be your
guide in this kind of a situation. If a virus distributed by you
is used to damage or otherwise modify a major system, you can be
held accountable.
The reason that the explanations in this section are vague
is that the laws in various states, provinces, etc., are
different, and you should check with your local police before
you decide you want to distribute viruses.
If you spread a virus unknowingly, you generally cannot be
prosecuted unless it can be proven that you spread the
virus due to pure carelessness. The definition of
carelessness has not been tested in a court of law, as
far as I know at the date of writing (9/22/95)
The UK
------
In the UK, the Computer Misuse Act makes it a crime to make an
unauthorised modification on a computer. If you own a computer, you
can authorise anything you want for that computer, so you can
spread a virus on a computer you own. A virus makes a modification,
so if someone deliberately spreads a virus on someone else's
computer, that's a crime. Giving a virus to someone else isn't a
crime if it's with his/her knowledge and permission, however. So,
sending a diskette with a virus on to an AV company, together with
a note saying "There's a virus on this disk, please investigate it
for me" is legal.
If an action is a crime, then encouraging that action can also be a
crime ("incitement").
If you spread a virus unwittingly, then it isn't a crime, as you
don't have "intent".
If someone is negligent, and so spreads a virus (even unwittingly),
then there could be a civil action for damages through negligence.
The Canadian Criminal Code
--------------------------
Please bear in mind that the following information was culled from the
Criminal Code in 1993 and those sections may have been expanded or
revised since then, or possibly some computer-specific legislation may
have been enacted of which I am unaware.
No mention is made in the Code (as of 1993) of computer viruses as such,
but it would seem that prosecution under Sec. 430 would be appropriate.
Quoting from the Code:-
Section 342.1
(1) Every one who, fraudulently and without color of right,
(a) obtains, directly or indirectly, any computer service,
(b) by means of an electro-magnetic, acoustic, mechanical or
any other device, intercepts or causes to be intercepted,
directly or indirectly, any function of a computer system, or
(c) uses or causes to be used, directly or indirectly, a
computer system with intent to commit an offence under
paragraph (a) or (b) or an offence under section 430 in
relation to data or a computer system
is guilty of an indictable offence and liable to imprisonment for a
term not exceeding ten years, or is guilty of an offence punishable
on summary conviction.
(2) In this section,
"computer program" means data representing instructions or statements
that, when executed in a computer system, causes the computer system
to perform a function;
"computer service" includes data processing and the storage or
retrieval of data;
"computer system" means a device that, or a group of interconnected
or related devices one or more of which,
(a) contains computer programs or other data, and
(b) pursuant to computer programs,
(i) performs logic and control, and
(ii) may perform other functions;
"data" means representation of information or of concepts that are
being prepared or have been prepared in a form suitable for use in a
computer system;
"electro-magnetic, acoustic, mechanical or other device" means any
device or apparatus that is used or is capable of being used to
intercept any function of a computer system, but does not include a
hearing aid used to correct subnormal hearing of the user to not
better than normal hearing;
"function" includes logic, control, arithmetic, deletion, storage
and retrieval and communication or telecommunication to, from or
within a computer system;
"intercept" includes listen to or record a function of a computer
system, or acquire the substance, meaning or purport thereof.
--------------- End of Sec. 342.1 ---------------
Apparently the laws governing trespass have not been considered as
having any application in cyberspace. Offenders under the above
section would be charged with mischief, which covers a multitude
of sins under Canadian law. The penalties stipulated in Sec. 342.1
are the same as the penalties for sabotage, just as a point of
interest.
Mischief is covered by Sec. 430:-
Section 430
(1) Every one commits mischief who wilfully
(a) destroys or damages property;
(b) renders property dangerous, useless, inoperative or
ineffective;
(c) obstructs, interrupts or interferes with the lawful use,
enjoyment or operation of property, or
(d) obstructs, interrupts or interferes with any person in
the lawful use, enjoyment or operation of property.
(1.1) Every one commits mischief who wilfully
(a) destroys or alters data;
(b) renders data meaningless, useless or ineffective;
(c) obstructs, interrupts or interferes with the lawful use
of data; or
(d) obstructs, interrupts or interferes with any person in
the lawful use of data or denies access to data to any person
who is entitled to access thereto.
(2) Every one who commits mischief that causes actual danger
to life is guilty of an indictable offence and liable to imprisonment
for life.
(3) Every one who commits mischief in relation to property
that is a testamentary instrument or the value of which exceeds one
thousand dollars
(a) is guilty of an indictable offence and liable to
imprisonment for a term not exceeding ten years; or
(b) is guilty of an offence punishable on summary conviction.
(4) Every one who commits mischief in relation to property,
other than property described in subsection (3),
(a) is guilty of an indictable offence and liable for
imprisonment for a term not exceeding two years; or
(b) is guilty of an offence punishable on summary conviction.
(5) Every one who commits mischief in relation to data
(a) is guilty of an indictable offence and liable to
imprisonment for a term not exceeding ten years; or
(b) is guilty of an offence punishable on summary conviction.
(5.1) Every one who wilfully does an act or wilfully omits
to do an act that it is his duty to do, if that act or omission is
likely to constitute mischief causing actual danger to life, or to
constitute mischief in relation to property or data,
(a) is guilty of an indictable offence and liable to
imprisonment for a term not exceeding five years; or
(b) is guilty of an offence punishable on summary conviction.
(6) No person commits mischief within the meaning of this
section by reason only that
(a) he stops work as a result of the failure of his employer
and himself to agree on any matter relating to his
employment;
(b) he stops work as a result of his employer and a
bargaining agent acting on his behalf to agree on any matter
relating to his employment; or
(c) he stops work as a result of his taking part in a
combination of workmen or employees for their own reasonable
protection as workmen or employees.
(7) No person commits mischief within the meaning of this
section by reason that he attends at or near or approaches a
dwelling-house or place for the purpose only of obtaining or
communicating information.
(8) In this section, "data" has the same meaning as in
section 342.1.
-------------- End of Sec. 430 -----------------
For the record, from Sec. 785:-
Section 785 (1)
"summary conviction court" means a person who has jurisdiction in the
territorial division where the subject-matter of the proceedings is
alleged to have arisen and who
(a) is given jurisdiction over the proceedings by the
enactment under which the proceedings are taken,
(b) is a justice or provincial court judge, where the
enactment under which the proceedings are taken does not
expressly give jurisdiction to any person or class of
persons, or
(c) is a provincial court judge, where the enactment under
which the proceedings are taken gives jurisdiction in respect
thereof to two or more justices;
To the best of my limited knowledge, the Canadian Criminal Code only
uses the term "incitement" in Sec. 319 (Public incitement of hatred)
and Sec. 53 (incitement to commit a traitorous or mutinous act).
A prosecutor would probably deal with incitement under Sec. 21
(Parties to offence), Sec. 463 (Attempts), or Sec. 465 (Conspiracy).
Section 21
(1) Every one is a party to an offence who
(a) actually commits it;
(b) does or omits to do anything for the purpose of aiding
any person to commit it; or
(c) abets any person in committing it.
(2) Where two or more persons form an intention in common to
carry out an unlawful purpose and to assist each other therein and
any one of them, in carrying out the common purpose, commits an
offence, each of them who knew or ought to have known that the
commission of the offence would be a probable consequence of carrying
out the common purpose is a party to that offence.
--------------- End of Sec. 21 ------------------
"Incite" does get mentioned in Sec. 22:-
Section 22
(1) Where a person counsels another person to be a party to
an offence and that other person is afterwards a party to that
offence, the person who counselled is a party to that offence,
notwithstanding that the offence was committed in a way different
from that which was counselled.
(2) Every one who counsels another person to be a party to
an offence is a party to every offence that the other commits in
consequence of the counselling that the person who counselled knew or
ought to have known was likely to be committed in consequence of the
counselling.
(3) For the purpose of this Act, "counsel" includes procure,
solicit or incite.
-------------- End of Sec. 22 -------------------
Section 23 deals with an accessory after the fact, and I've already
quoted too much, and more to come, but Sections 23.1 and 24 are
interesting.....
Section 23.1
For greater certainty, sections 21 to 23 apply in respect of
an accused notwithstanding the fact that the person whom the accused
aids or abets, counsels or procures or receives, comforts or assists
cannot be convicted of the offence.
Section 24
(1) Every one who, having an intent to commit an offence,
does or omits to do anything for the purpose of carrying out the
intention is guilty of an attempt to commit the offence whether or
not it was possible under to circumstances to commit the offence.
(2) The question whether an act or omission by a person who
has an intent to commit an offence is or is not mere preparation to
commit the offence, and too remote to constitute an attempt to commit
the offence, is a question of law.
-------------- End of Sec. 23.1 and 24 ----------
Under Sec. 465 (1)(c) and 465 (1)(d), conspiring to commit an offence
carries the same penalties as the actual commission of the crime.
Under certain circumstances, laws in other countries may be applicable
in cyberspace, where there are no formal territorial boundaries. For
instance, Sec. 465 (4) of the Canadian Criminal Code stipulates that every
one, "while in a place outside Canada" conspires to commit an offence in
Canada "shall be deemed to have conspired in Canada to do that thing."
Further Information
-------------------
Computer Crime (Icove, Seger, Von Storch) - O'Reilly
Computer Law & Security Report (periodical) - Elsevier Advanced Technology
Dr. Alan Solomon includes information on Hacking and Virus Laws in the
UK and elsewhere on his webpage at:
http://www.ibmpcug.co.uk/~drsolly
The NCSA have info on individual state legislation at:
http://www.ncsa.com/ncsalaws/
Try also:
http://www.law.cornell.edu/#net
-----------------------------------------------------------------------
End of a.c.v. FAQ Part 3 of 4