Fog Creek Software
Discussion Board




Witty Worm , Black Ice, and Product Liability

So there's this 'witty' worm that takes advantage of a security hole in Black Ice Defender to get into a computer and then ERASES THE HARD DRIVE.

http://story.news.yahoo.com/news?tmpl=story&cid=1804&e=6&u=/washpost/a11310_2004mar20

Yep, we finally have it folks - the mythical virus that erases the hard drive has at last been seen.

Now, I think that the folks who bought Black Ice Defender thinking it was a firewall that would PROTECT them from viruses are very shocked right now looking at their erased shell of a computer realizing that the very same program WEAKENED their security.

I predict that this will be the first software product liability suit that will be won. And I predict that once won, the precedent set, it will open the door for a flood of lawsuits against every imaginable ill.

Say goodbye to the software industry.

The good news? The companies that outsourced the entire company may find themselves, being located overseas, immune to the lawsuits!

Dennis Atkins
Sunday, March 21, 2004

Dennis,

I am pretty sure Black ICE would be denying all kinds of responsibilities in their EULA...

FWIW: I have heard highly of BlackICE.

Prakash S
Sunday, March 21, 2004

Mmmh, BlackICE ... good name, any Gibson reader will instantly want to buy that product =)

_
Sunday, March 21, 2004

But then, a lot of people don't think that highly of Steve Gibson either.  eg: http://grcsucks.com

?
Sunday, March 21, 2004

? : I think _ refers to the readers of William Gibsons books.. ?
http://www.antonraubenweiss.com/gibson/gibson0.html

Name expired
Sunday, March 21, 2004

I assumed that he was talking about Steve Gibson:  http://www.google.co.uk/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=BlackIce+site%3AGRC%2Ecom  He's a self proclaimed internet security expert with a thing about BlackICE

?
Sunday, March 21, 2004

What would a non-self-proclaimed security expert be like?

veal
Sunday, March 21, 2004

Veal: http://www.counterpane.com/schneier.html


Sunday, March 21, 2004

I've just bounced around the grcsucks site a bit.  As the site name suggests, it feels like the weblog of a sarcastic 16-year-old who has merely directed his angst at Gibson.  Perhaps it's a crush?

I enjoyed for instance http://grcsucks.com/intro2.htm wherein he calls out Gibson's "as far as we know" qualifiers as somehow revelatory while doing the same just two comments back.

.
Sunday, March 21, 2004

I'm still waiting for them to hack Nortons website/virus definitions & spread a virus through AntiVirus software. It would be the ultimate irony, though this comes close.

Now the question is... Is Black Ice + Another Firewall twice as good (i.e. the other firewall blocks the access to Black Ice) or twice as bad?

www.MarkTAW.com
Sunday, March 21, 2004

Yes, I really like Schneier's work.

My question was sarcastic and rhetorical.  I get bent out of shape by the term "self-proclaimed" and the false underlying implication that the term has a meaningful opposite.

veal
Sunday, March 21, 2004

What about "peer-proclaimed"?


Sunday, March 21, 2004

Yeah, William Gibson, sorry.

BlackICE is security software from the Neuromancer-novels. ICE stands for "Intrusion Countermeasure Electronics" if memory serves, and black ICE is illegal software that will kill the person attempting a hack via neural feedback (Gibson was among the first to foresee virtual reality, in his vision people browsed it by plugging their brains into "decks").

_
Sunday, March 21, 2004

>  the very same program WEAKENED their security.

Um, no.  Had the author wanted to, s/he could just as easily trash the drives of those with no software firewall.    The author just had to jump through extra hoops to only kill black-ICE customers.

Snotnose
Sunday, March 21, 2004

> Yep, we finally have it folks - the mythical virus that erases the hard drive has at last been seen.

From what I've read, it "just" overwrites the boot sector.  Data isn't actually lost, but average Joe won't be able to get it back himself.

Brian
Sunday, March 21, 2004

"Had the author wanted to, s/he could just as easily trash the drives of those with no software firewall. "

What are you talking about? This worm specifically exploits a vulnerability in the aforementioned security products - if you don't have the security product installed, you aren't vulnerable to this specific fault.

http://www.eeye.com/html/Research/Advisories/AD20040318.html

Dennis Forbes
Sunday, March 21, 2004

Re describing Gibson as "self-proclaimed" expert, and the implied devaluing, it's worth noting that most of us know who he is, and of his work, and that no-one seriously challenges his work.

(The script kiddie's web page doesn't count. I recall Gibson took one batch of script kiddies to the cleaners when they tried DOS'ing him.)


Sunday, March 21, 2004

William Gibson isn't a self proclaimed security expert, he wrote Neuromancer on a typewriter.

(ok sorry, I couldn't resists)

www.MarkTAW.com
Sunday, March 21, 2004

And in the same vein on Friday:

Flaw stymies Norton Internet Security
http://news.com.com/2100-7355_3-5176442.html

When it rains it pours for users of the popular platform, no?

veal
Sunday, March 21, 2004

> What are you talking about? This worm specifically exploits a vulnerability in the aforementioned security products

Think of Black-ICE as a door lock that has a flaw whereby it unlocks with 2 sharp up juggles, 1 left jiggle, a pause followed by a quick right and up jiggle.  Then the latch pops open.  With this flaw the local scuzbag can steal your stereo as long as they know of the flaw.

Now, if you don't have this lock does it mean local scuzbag can't get in?  No, they just don't need to do the jiggle thing. 

What we have is a scuzbat that just looks for Black-ICE locks and steals those stereos. 

Snotnose
Monday, March 22, 2004

"Now, if you don't have this lock does it mean local scuzbag can't get in?  No, they just don't need to do the jiggle thing."

Is this of the "it's hopeless because hackers are all capable" line of thought? I worked with someone once who basically claimed that we shouldn't spend too much on the security architecture of our system because, in his words, if hackers wanted in they could get in anyways. How nonsensical.

Dennis Forbes
Monday, March 22, 2004

That is correct, it doesn't reformat the hard drive, but it certainly does overrite the boot sector.  My buddy had this hit this weekend...PC wouldn't boot, couldn't do a repair installation on XP either.  That virus/intrusion was nasty.

Curtis Newton
Monday, March 22, 2004

> Is this of the "it's hopeless because hackers are all capable" line of thought?

Not at all.  At home I have a hardware firewall, and 2 out of 3 PCs have a software firewall (I don't want to teach my wife what things like "program frobozz wants to access the internet, allow it?" mean).  Even wearing asbestos underwear and a tin-foil hat, this doesn't make my computing secure.  It just helps.

In the same vein, I lock the door to my house every morning, and lock my car.  Doesn't mean I can't be burgled, nor my car stolen.  It just makes it more difficult.

Snotnose
Monday, March 22, 2004

Well, I'm attempting to get some information anywhere without first renewing my support contract with BlackIce.

I have BlackIce Defender 2.5 (old version) and it began stopping (red slash through it on Sat.)  I start it again but it continues to stop itself periodically. 

I run updated Norton Virusscan but it cannot locate any "viruses"  I have not noticed any strange behavior other than that from my computer yet.

Do I have the Witty Worm?  Is my hard drive being erased bit by bit?  Can any of you bright individuals shed some light on my issue?

Thanks.

Trent M.
Monday, March 22, 2004

Aah yes... BlackICE. The real problem with BlackICE is that it gives it's users false security in that their system is secure, and then something like this comes out and it's all over.

Whereas instead, they could have used a system that actually IS secure and been safe from the beginning (for instance, ZAP is a GREAT program).

Charlie
Wednesday, March 24, 2004

I got hit by this worm, and it totally sucks.

Lost everything on my server.

Sent a nice little e-mail to ISS, and have yet to hear back from them. I assume they just trashed my e-mail, even though I have a support contract with them for the next 2 years.

Bah. Someone sue the crap out of them.

nicholas
Wednesday, March 24, 2004

*  Recent Topics

*  Fog Creek Home