Ethics Newsline®

In the end, they decide it’s not a good idea to take control of other peoples’ computers, even if their intentions are good

SAN FRANCISCO
Computer security specialists are facing a difficult ethical dilemma: They have discovered how to remove a spam-spewing program from a network of machines surreptitiously captured by malicious software — but should they clean the machines of people they don’t know?

The London Register reports that about 25,000 machines are believed to be infected by a particular “botnet” — a program that turns computers into zombies that churn out spam without their owners knowing it. Most of the infected machines are believed to be owned by home users who are connected to the Internet via broadband.

Researchers at a company called TippingPoint Technologies have found a way to infiltrate and control the botnet, according to reports from Wired and the trade journal eWEEK. But in doing so, they would have to invade users’ computers.

“This is where we got into the ethical discussion,” researcher Cody Pierce said, according to a report from ComputerWorld. He and a fellow programmer wanted to seize control of the robot network and wipe out infected computers, but their boss disagreed, citing possible corporate liability.

Most comments on the company’s electronic bulletin board sided with taking out the botnet, but some agreed with the boss: “You not only face a moral dilemma, but updating a computer without authorization is illegal in the U.S.,” said one user, according to ComputerWorld. “I fall on the side of proactive patching, but there is more than just the moral decision to decide upon before taking action.”

Computer trade journal Information Security Magazine notes that the ethical dilemma has been around for a while. Editor Dennis Fisher observes: “The idea of writing code to automatically patch machines against a specific vulnerability or to disable existing malware is by no means a new one. Security specialists and researchers have been toying with the notion for years, and it has produced almost as much inflamed rhetoric as the arguments for and against full disclosure.”

“Many security experts have argued that regardless of the good intentions people have when releasing code … the idea of issuing commands to PCs owned by other people is not a good one,” he concludes.

Sources: eWEEK, May 1 — London Register, May 1 — Information Security Magazine, May 1 — Wired, Apr. 30 — ComputerWorld, Apr. 30.

For more information, see: Related Newsline story, Oct. 1, 2007 — Related Newsline story, June 4, 2007 — Related Newsline story, Oct. 23, 2006 — Related Newsline story, July 17, 2006 — Related Newsline story, May 22, 2006.