Sigh!
Ballmer in your sinkhole? It is more likely than you think!
Awaiting Eadon Blast ... any minute now.
Security researchers are complaining about collateral damage from the latest botnet take-down efforts by Microsoft and its partners. The Windows 8 giant worked with financial service organisations, other technology firms and the Federal Bureau of Investigation to disrupt more than a thousand botnets. The botnets in question …
I hate to do it but i'm going to side with Microsoft, they should have a much greater freedom to fix the problem since I expect that buried somewhere in the EULA they probably have the right to make critical system updates to ensure security, Im just guessing though, I mean who actually reads EULA's?
However if this is the case then they have the freedom to actually fix the issue whilst the security researchers can only sit and watch.
"somewhere in the EULA they probably have the right to make critical system updates to ensure security"
I've said it before around the 'reg, but I'll say it again: EULAs do not indemnify you against criminal law, and not for nothing but US court's don't have global jurisdiction. The US keeps this stuff up and the Russians will get more backers next ITU conference - something that's bad for all of us generally, but will make this sort of effort impossible. The aim of the game should be look before you leap - if the data is available, check it.
You realize that sounds as stupid as suing the Fire Dept. for water dmg after they soaked down your house to put out the fire... You see the parallels, yeah?
MS has made piss-poor decisions in the past and their hands aren't exactly clean, but let's use some common sense before seeing MS in the headline and going full-on flame war.
Microsoft and the FBI took control of many domains. Were these all .com/.us/(.org?) domains and thus under the responsibility of US authorities? If so, they have the legal right to do that, subject to judicial oversight, I hope.
Were any non-US controlled domains involved? If so, did thay have the agreement of the foreign registries involved?
Had the Swiss organisation sinkholed domains under the control of the US or any non-Swiss registrars? If so, by what process? What is the relationship between the Swiss organisation anf the Swiss legal authorities?
How easy would it be for me to sinkhole your domain, wherever you may live and it may be hosted?
I'm sure someone will say that I ought to be grateful that MS and the FBI etc are taking a stand against 'financial terrorism' and stop asking awkward questions.
Microsoft plans to use intelligence gained in Operation b54 to work with ISPs and Computer Emergency Response Teams (CERTs) around the world to quickly and efficiently clean as many computers as possible.
So now they borked it once, and we're supposed to believe they won't bork it again? This is not an anti-Microsoft statement - just a good old fashioned pragmatic view.
So wait...
The problem here is that Microsoft is stepping on toes because they're doing a better job?
Let's all use our heads and think clearly hear for a second while we weigh the pros and cons.
**Pro - Microsoft takes down *three times* as many domains as all the rest of the other parties combined, while absorbing the 1000 or so that were already looked after.
**Con - ... This is the toughest one to find a con for. The other sites only got 1/4 of what Microsoft grabbed, I don't see what the problem is. Obviously the weren't doing a good enough job with 3x as many domains out there as they had in their possession.
**Pro - MS fixes the problems that the previous viruses created by removing the blackout to ALL (not just Microsoft funded) antivirus websites, restoring the ability to update and redownload AV software, etc.
***Con - MS violates the rights of the users - based on a technicality - by changing settings on users' computers away from what the virus did when it originally violated the users' rights. The difference is that MS is changing settings to help repair the situation and remove the problem and they are ONLY targeting machines that are definitely infected, because they are using the callback domains to do it.
As for whether or not MS is using US jurisdiction domains... Give your heads a shake. You want to allow ANOTHER loophole for these guys, by guaranteeing that non-US domains are free and clear from being shut down?