Path: utzoo!attcan!uunet!lll-winken!decwrl!polyslo!vlsi3b15!vax1.cc.lehigh.edu!sei.cmu.edu!krvw From: munnari!mqccsunc.mqcc.mq.oz.au!ifarqhar@uunet.UU.NET (Ian Farquhar) Newsgroups: comp.virus Subject: AIDS Copy Prtection System Message-ID: <0001.9002211611.AA05733@ge.sei.cmu.edu> Date: 19 Feb 90 21:22:43 GMT Sender: Virus Discussion List Lines: 105 Approved: krvw@sei.cmu.edu My article about the PC Cyborg AIDS Copy Protection System has caused quite a bit of discussion, and I would like to publicly reply to many issues that were raised. 1) FREE MARKET Many writers pointed out that the program itself was garbage, and justified their position (that it was a Trojan) with the argument that the money for the program was far too much and thus the program was an extortion racket. Being an Australia, I am used to being charged extortionate prices for software by both amateurs and professional companies. The point that must be made, however, is that in a free market economy the supplier can charge what they like. The idea is that supply and demand will weed out the excessively priced garbage from the reasonably priced quality items. Using this principle, PC Cyborg can charge what they like. This is not an effective argument either way. 2) THE ABSENCE OF THE REGISTRATION DISKS It is presumed that PC Cyborg would have sent the defuser program on receipt of the registration fee. Many people have pointed out that this did not happen. I imagine that the US Military rolling into Panama may have had something to do with that. 3) THE DEFINITION OF COPY PROTECTION Copy protection, by my definition, is a device, system or technique whereby the copyright holder can guarantee that the terms of the license are followed. Let us take the example of the color-bar system. The color bar is a small sheet or sheets of pages containing a series of codes that are matched to colors. The program, when started, asks the user what color is found on page 2, row 4 column 19. If the user answers correctly, then the program proceeds. If not, the program usually asks a couple of times more, then takes action. By the definitions of many of the writers, this would not be a copy protection system (because it allows you to copy the disk). However, it maintains the license agreements as only the person in possession of the color-bar sheet can run the program, and it is hard to cheaply copy a colored sheet. The AIDS CP System was simply an extension of this. It allowed copying of the distribution disk, and it allowed backing up of the hard disk. All it did was to ensure that people who were unregistered (and which were, I hasten to add, involved in a criminal activity) would have a lot of trouble. As for the concept of the user having legal control over what was deleted from his/her hard disk, I cannot see this as a problem. Multi-user systems have traditionally provided mechanisms for the superuser to control the user's files with far more privileges than the users themselves. This has never, to my knowledge, caused any legal problems. 4) INAPPLICABILITY OF US LAWS Many correspondents have quoted US laws and precedents at great length. These are totally irrelevant, as the license agreement prohibited importation into the US. 5) PRESUMPTION OF INNOCENCE Under British law, there is a concept called the "presumption of innocence". Put basically, someone is innocent until they are proven guilty. It would be nice to know that this basic concept is still followed, though I really do have my doubts. If I were the defense lawyer with access to this newsgroup, the first thing that I would have done is to take all of the relevant articles that have appeared, and present them as evidence prejudicial to the fair conduct of the trial. 6) CONCLUSION I am left wondering about the motives of many of the writers. There seems to be a fanatical, indeed almost religious zeal to see anyone concerned with the generation of viruses and Trojans convicted irregardless of the evidence (or its lack). There certainly seems to be a panic mentality at work here - the illusion that quick action is necessary regardless of the advisability of that action. There also is a strong reluctance to change an opinion in the light of new evidence, which is very worrying indeed. I have always maintained that computer security experts and employees of the intelligence services share many things in common, primarily the huge and quite unwarranted sense of paranoia. This whole discussion has only strengthened this view. Disclaimer: My opinions are my own. Ian Farquhar Phone : (612) 805-7420 Office of Computing Services Fax : (612) 805-7433 Macquarie University NSW 2109 Also : (612) 805-7205 Australia Telex : AA122377 ACSNet ifarqhar@macuni.mqcc.mq.oz.au ifarqhar@suna.mqcc.mq.oz.au