======== Newsgroups: alt.comp.virus Subject: Frequently Asked Questions 3/4 From: harley@europa.lif.icnet.uk (David Harley) Date: 22 Mar 1996 16:03:27 GMT alt.comp.virus (Frequently Asked Questions) ******************************************* Version 1.01c : Part 3 of 4 Last-modified 21st March 1996 ("`-''-/").___..--''"`-._ `6_ 6 ) `-. ( ).`-.__.`) (_Y_.)' ._ ) `._ `. ``-..-' _..`--'_..-_/ /--'_.' ,' (il),-'' (li),' ((!.-' ADMINISTRIVIA ============= Disclaimer ---------- This document is an honest attempt to help individuals with computer virus-related problems and queries. It can *not* be regarded as being in any sense authoritative, and has no legal standing. The authors accept no responsibility for errors or omissions, or for any ill effects resulting from the use of any information contained in this document. Not all the views expressed in this document are mine, and those views which *are* mine are not necessarily shared by my employer. Copyright Notice ---------------- Copyright on all contributions to this FAQ remains with the authors and all rights are reserved. It may, however, be freely distributed and quoted - accurately, and with due credit. B-) It may not be reproduced for profit or distributed in part or as a whole with any product for which a charge is made, except with the prior permission of the copyright holders. To obtain such permission, please contact the maintainer of the FAQ. David Harley ************ ------------------------------------------------------------------------ TABLE OF CONTENTS ***************** Part 1 ------ (1) I have a virus - what do I do? (2) Minimal glossary (3) What is a virus (Trojan, Worm)? (4) How do viruses work? (5) How do viruses spread? (6) How can I avoid infection? (7) How does antivirus software work? Part 2 ------ (8) What's the best anti-virus software (and where do I get it)? (9) Where can I get further information? (10) Does anyone know about * Mac viruses? * UNIX viruses? * macro viruses? * the AOLGold virus? * the xyz PC virus? (11) Is it true that...? (12) Favourite myths * DOS file attributes protect executable files from infection * I'm safe from viruses because I don't use bulletin boards/shareware/Public Domain software * FDISK /MBR fixes boot sector viruses * Write-protecting suspect floppies stops infection * The write-protect tab always stops a disk write * I can infect my system by running DIR on an infected disk -----> Part 3 ------ -----> (13) What are the legal implications of computer viruses? Part 4 ------ (14) Miscellaneous Are there anti-virus packages which check zipped files? What's the genb/genp virus? Where do I get VCL and an assembler, & what's the password? Send me a virus. Is it viruses, virii or what? Where is alt.comp.virus archived? What about firewalls? Viruses on CD-ROM. Removing viruses. Can't viruses sometimes be useful? Do I have a virus, and how do I know? What should be on a (clean) boot disk? What other tools might I need? What are rescue disks? Are there CMOS viruses? How do I know I'm FTP-ing 'good' software? What is 386SPART.PAR? Can I get a virus to test my antivirus package with? When I do DIR | MORE I see a couple of files with funny names... Reasons NOT to use FDISK /MBR Placeholders ------------------------------------------------------------------- (13) What are the Legal Implications of Computer Viruses? ========================================================= ********************************************************************** The material in this section has no formal legal standing. It consists of several persons' attempts to interpret and clarify the legal issues, and cannot possibly be authoritative. ********************************************************************** Overview -------- It isn't possible to deal briefly with all the relevant legislation in one country, let alone all of them. In the USA, local statutes may be much more rigorous than federal legislation, which is, arguably, more concerned with computers in which the government has an interest than it is with those belonging to individuals. In many countries, writing of viruses is not an offence in itself, whereas in others, not only is this not the case, but distribution, even the sharing of virus code between antivirus researchers is, at least technically, also an offence. Once a virus is released 'into the wild', it is likely to cross national boundaries, making the writer and/or distributor answerable for his/her actions under a foreign legal system, in a country he/she may never have visited. Where virus writing and distribution may not apply locally in a particular case, the individual may nevertheless be subject to civil action: in other words, where you may be held to have committed no offence, you may still be sued for damage. Some of the grounds on which virus writing or distribution may be found to be illegal (obviously I'm not stating that all these grounds will apply at all times in all states or countries!) include: * Unauthorized access - you may be held to have obtained unauthorised access to a computer you've never seen, if you are responsible for distribution of a virus which infects that machine. * Unauthorized modification - this could be held to include an infected file, boot sector, or partition sector. * Loss of data - this might include liability for accidental damage as well as intentional disk/file trashing. * Endangering of public safety * Incitement (e.g. making available viruses, virus code, information on writing viruses, and virus engines) * Denial of service * Application of any of the above with reference to computer systems or data in which the relevant government has an interest. One major problem is that some residents of the United States firmly believe that U.S. law is universal law. Worse, most of them have limited knowledge of their own legal system, but this may apply to the citizens of many countries. The idea that a person can be acquitted of a criminal offence yet still lose a civil suit in connection with that same offence strikes most laymen as preposterous, yet it does happen in both Canada and the U.S., at least. Since the law does vary widely from country to country (and even within countries), it is entirely possible for one to break the law of another country, state, province, or whatever, without ever leaving your own, and since extradition treaties do exist, perhaps it's best to assume that any act that might be construed as being or causing wilful and malicious damage to a computer or computer system could get you a roommate with undesirable tendencies and no social graces. :) The best advice to give to any one contemplating a possibly illegal act would be to contact their local Crown Prosecutor, Crown Attorney, District Attorney, or whatever label the local government prosecutor wears. Acting on the advice of one's own attorney doesn't render one immune from prosecution, and the cost of defence can be high, even if successful. An extremely biased opinion is that very often attorneys attempt to provide the answer they believe the client wishes to hear, or give an opinion in areas where they have no real expertise. Prosecutors, on the other hand, tend to look at a particular action in the light of whether a successful prosecution can be mounted. If the local Crown Prosecutor were to suggest that something was a Bad Thing, I should be extremely nervous about doing it. :) USA & Canada ------------ The following is an interpretation of the laws in the USA and Canada, and has no legal standing as an authoritative document in those countries or any other. Relevant legislation in other parts of the world may be very different and in some cases far stricter. Many thanks to David J. Loundy for his assistance with the legalities regarding computer crime. A valuable source of information on this topic can be found in his E-Law paper, which can be accessed via the URL: http://www.leepfrog.com/E-Law/E-Law/Part_VII.html It is illegal in both the USA and Canada to damage data within a computer system which is used or operated by the government. This means that if you write a virus, and it eventually infects a government system (highly probable), you are in violation of the law. Inclusive in this category are damages incurred due to computer stoppages (i.e. writing a virus that causes a computer to crash or become unusable), and viruses that destroy data. The question regarding the writing of malevolent computer viruses being illegal isn't really that hard to answer: It is illegal to write and spread a virus that infects a government system. Federal law is unclear as to whether this extends to private computer systems as well, but State statutes are frequently unequivocal about defining virus-related crimes against property. The question has come up, however, about the distribution of viruses and virus-related programs. A general guideline is that it is legal to distribute viruses, for example, on a BBS, as long as the people who are downloading the virus know EXACTLY what they are getting. If you intentionally infect a file and make it available for downloading, you may be subject to prosecution. Your conscience should be your guide in this kind of a situation. If a virus distributed by you is used to damage or otherwise modify a major system, you can be held accountable. The reason that the explanations in this section are vague is that the laws in various states, provinces, etc., are different, and you should check with your local police before you decide you want to distribute viruses. If you spread a virus unknowingly, you generally cannot be prosecuted unless it can be proven that you spread the virus due to pure carelessness. The definition of carelessness has not been tested in a court of law, as far as I know at the date of writing (9/22/95) The UK ------ In the UK, the Computer Misuse Act makes it a crime to make an unauthorised modification on a computer. If you own a computer, you can authorise anything you want for that computer, so you can spread a virus on a computer you own. A virus makes a modification, so if someone deliberately spreads a virus on someone else's computer, that's a crime. Giving a virus to someone else isn't a crime if it's with his/her knowledge and permission, however. So, sending a diskette with a virus on to an AV company, together with a note saying "There's a virus on this disk, please investigate it for me" is legal. If an action is a crime, then encouraging that action can also be a crime ("incitement"). If you spread a virus unwittingly, then it isn't a crime, as you don't have "intent". If someone is negligent, and so spreads a virus (even unwittingly), then there could be a civil action for damages through negligence. The Canadian Criminal Code -------------------------- Please bear in mind that the following information was culled from the Criminal Code in 1993 and those sections may have been expanded or revised since then, or possibly some computer-specific legislation may have been enacted of which I am unaware. No mention is made in the Code (as of 1993) of computer viruses as such, but it would seem that prosecution under Sec. 430 would be appropriate. Quoting from the Code:- Section 342.1 (1) Every one who, fraudulently and without color of right, (a) obtains, directly or indirectly, any computer service, (b) by means of an electro-magnetic, acoustic, mechanical or any other device, intercepts or causes to be intercepted, directly or indirectly, any function of a computer system, or (c) uses or causes to be used, directly or indirectly, a computer system with intent to commit an offence under paragraph (a) or (b) or an offence under section 430 in relation to data or a computer system is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years, or is guilty of an offence punishable on summary conviction. (2) In this section, "computer program" means data representing instructions or statements that, when executed in a computer system, causes the computer system to perform a function; "computer service" includes data processing and the storage or retrieval of data; "computer system" means a device that, or a group of interconnected or related devices one or more of which, (a) contains computer programs or other data, and (b) pursuant to computer programs, (i) performs logic and control, and (ii) may perform other functions; "data" means representation of information or of concepts that are being prepared or have been prepared in a form suitable for use in a computer system; "electro-magnetic, acoustic, mechanical or other device" means any device or apparatus that is used or is capable of being used to intercept any function of a computer system, but does not include a hearing aid used to correct subnormal hearing of the user to not better than normal hearing; "function" includes logic, control, arithmetic, deletion, storage and retrieval and communication or telecommunication to, from or within a computer system; "intercept" includes listen to or record a function of a computer system, or acquire the substance, meaning or purport thereof. --------------- End of Sec. 342.1 --------------- Apparently the laws governing trespass have not been considered as having any application in cyberspace. Offenders under the above section would be charged with mischief, which covers a multitude of sins under Canadian law. The penalties stipulated in Sec. 342.1 are the same as the penalties for sabotage, just as a point of interest. Mischief is covered by Sec. 430:- Section 430 (1) Every one commits mischief who wilfully (a) destroys or damages property; (b) renders property dangerous, useless, inoperative or ineffective; (c) obstructs, interrupts or interferes with the lawful use, enjoyment or operation of property, or (d) obstructs, interrupts or interferes with any person in the lawful use, enjoyment or operation of property. (1.1) Every one commits mischief who wilfully (a) destroys or alters data; (b) renders data meaningless, useless or ineffective; (c) obstructs, interrupts or interferes with the lawful use of data; or (d) obstructs, interrupts or interferes with any person in the lawful use of data or denies access to data to any person who is entitled to access thereto. (2) Every one who commits mischief that causes actual danger to life is guilty of an indictable offence and liable to imprisonment for life. (3) Every one who commits mischief in relation to property that is a testamentary instrument or the value of which exceeds one thousand dollars (a) is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years; or (b) is guilty of an offence punishable on summary conviction. (4) Every one who commits mischief in relation to property, other than property described in subsection (3), (a) is guilty of an indictable offence and liable for imprisonment for a term not exceeding two years; or (b) is guilty of an offence punishable on summary conviction. (5) Every one who commits mischief in relation to data (a) is guilty of an indictable offence and liable to imprisonment for a term not exceeding ten years; or (b) is guilty of an offence punishable on summary conviction. (5.1) Every one who wilfully does an act or wilfully omits to do an act that it is his duty to do, if that act or omission is likely to constitute mischief causing actual danger to life, or to constitute mischief in relation to property or data, (a) is guilty of an indictable offence and liable to imprisonment for a term not exceeding five years; or (b) is guilty of an offence punishable on summary conviction. (6) No person commits mischief within the meaning of this section by reason only that (a) he stops work as a result of the failure of his employer and himself to agree on any matter relating to his employment; (b) he stops work as a result of his employer and a bargaining agent acting on his behalf to agree on any matter relating to his employment; or (c) he stops work as a result of his taking part in a combination of workmen or employees for their own reasonable protection as workmen or employees. (7) No person commits mischief within the meaning of this section by reason that he attends at or near or approaches a dwelling-house or place for the purpose only of obtaining or communicating information. (8) In this section, "data" has the same meaning as in section 342.1. -------------- End of Sec. 430 ----------------- For the record, from Sec. 785:- Section 785 (1) "summary conviction court" means a person who has jurisdiction in the territorial division where the subject-matter of the proceedings is alleged to have arisen and who (a) is given jurisdiction over the proceedings by the enactment under which the proceedings are taken, (b) is a justice or provincial court judge, where the enactment under which the proceedings are taken does not expressly give jurisdiction to any person or class of persons, or (c) is a provincial court judge, where the enactment under which the proceedings are taken gives jurisdiction in respect thereof to two or more justices; To the best of my limited knowledge, the Canadian Criminal Code only uses the term "incitement" in Sec. 319 (Public incitement of hatred) and Sec. 53 (incitement to commit a traitorous or mutinous act). A prosecutor would probably deal with incitement under Sec. 21 (Parties to offence), Sec. 463 (Attempts), or Sec. 465 (Conspiracy). Section 21 (1) Every one is a party to an offence who (a) actually commits it; (b) does or omits to do anything for the purpose of aiding any person to commit it; or (c) abets any person in committing it. (2) Where two or more persons form an intention in common to carry out an unlawful purpose and to assist each other therein and any one of them, in carrying out the common purpose, commits an offence, each of them who knew or ought to have known that the commission of the offence would be a probable consequence of carrying out the common purpose is a party to that offence. --------------- End of Sec. 21 ------------------ "Incite" does get mentioned in Sec. 22:- Section 22 (1) Where a person counsels another person to be a party to an offence and that other person is afterwards a party to that offence, the person who counselled is a party to that offence, notwithstanding that the offence was committed in a way different from that which was counselled. (2) Every one who counsels another person to be a party to an offence is a party to every offence that the other commits in consequence of the counselling that the person who counselled knew or ought to have known was likely to be committed in consequence of the counselling. (3) For the purpose of this Act, "counsel" includes procure, solicit or incite. -------------- End of Sec. 22 ------------------- Section 23 deals with an accessory after the fact, and I've already quoted too much, and more to come, but Sections 23.1 and 24 are interesting..... Section 23.1 For greater certainty, sections 21 to 23 apply in respect of an accused notwithstanding the fact that the person whom the accused aids or abets, counsels or procures or receives, comforts or assists cannot be convicted of the offence. Section 24 (1) Every one who, having an intent to commit an offence, does or omits to do anything for the purpose of carrying out the intention is guilty of an attempt to commit the offence whether or not it was possible under to circumstances to commit the offence. (2) The question whether an act or omission by a person who has an intent to commit an offence is or is not mere preparation to commit the offence, and too remote to constitute an attempt to commit the offence, is a question of law. -------------- End of Sec. 23.1 and 24 ---------- Under Sec. 465 (1)(c) and 465 (1)(d), conspiring to commit an offence carries the same penalties as the actual commission of the crime. Under certain circumstances, laws in other countries may be applicable in cyberspace, where there are no formal territorial boundaries. For instance, Sec. 465 (4) of the Canadian Criminal Code stipulates that every one, "while in a place outside Canada" conspires to commit an offence in Canada "shall be deemed to have conspired in Canada to do that thing." Further Information ------------------- Computer Crime (Icove, Seger, Von Storch) - O'Reilly Computer Law & Security Report (periodical) - Elsevier Advanced Technology Dr. Alan Solomon includes information on Hacking and Virus Laws in the UK and elsewhere on his webpage at http://www.ibmpcug.co.uk/~drsolly ----------------------------------------------------------------------- End of a.c.v. FAQ Part 3 of 4