Agent software is all well and good. But if you secretly implant the agents, and design them to be undetectable, and do not inform the intended user of the system that they are there, they are spyware - and at best, unethical. And, by my definition at least, unethical = bad.
=== Karen Mercedes Goertzel, CISSP Lead Associate Booz Allen Hamilton 703.698.7454 goertzel_ka...@bah.com "I love deadlines. I like the whooshing sound they make as they fly by." - Douglas Adams ________________________________________ From: brunn...@informatik.uni-hamburg.de [brunn...@informatik.uni-hamburg.de] Sent: 13 May 2012 04:17 To: sc-l@securecoding.org Cc: Goertzel, Karen [USA]; Peter G. Neumann; Gary McGraw Subject: Re (badware vs. "goodware"): [SC-L] SearchSecurity: Badware versus malware Karen, whereas "flaws and defects" can hardly be argued to have possibly some "good" affects, there have been many controversial arguments whether some "malware" (aka viruses) may have "beneficial" effects and may therefore be regarded as sort of "goodware". Indeed, I vividly remember a controversial debate with Fred Cohen at a MITI-invited conference in Tokyo (in the 1990s) whether viruses may be used for beneficial purposes (e.g. implanting automagically some security measures). My counter argument that good intentions of authors must be explicitly communicated to users (aka "usees" as their system is used without their knowledge and agreement) was not shared by the esteemed colleague, and I also remember controversial discussions at our lab (VTC of Hamburg university) with Vesselin Bontchev about aspects of "good viruses" :-) My 2 cents: nobody will (hopefully) doubt that "badware" is bad, whereas some may regard some "badware" to have "good" (aka beneficial) effects. Best wishes: Klaus (May 13, 2012) Zitat von "Goertzel, Karen [USA]" <goertzel_ka...@bah.com>: > In other words, flaws and defects caused through developer error, > ignorance, negligence etc. can be exploited to cause harm. So even > if one could prevent actual intentional malicious inclusions in > software, one hasn't eliminated the problem of exploitable flawed > logic. > > The megachallenge, of course, is looking for what one doesn't > actually know is there. Which is why software security testing is so > hard. > > === > Karen Mercedes Goertzel, CISSP > Lead Associate > Booz Allen Hamilton > 703.698.7454 > goertzel_ka...@bah.com > > "I love deadlines. I like the whooshing sound they make as they fly by." > - Douglas Adams > > ________________________________________ > From: sc-l-boun...@securecoding.org [sc-l-boun...@securecoding.org] > on behalf of Peter G. Neumann [neum...@csl.sri.com] > Sent: 08 May 2012 11:30 > To: Gary McGraw > Cc: Secure Code Mailing List > Subject: Re: [SC-L] SearchSecurity: Badware versus malware > > The differences are marginal. >> What's worse, bad software or malicious software? ... > > My book has a pervasive theme: > Many things that could happen accidentally could be triggered > intentionally. > Many things that happen intentionally could be triggered accidentally. > > Trying to reduce one without the other may be foolhardy in most realistic > threat models. > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates > _______________________________________________ > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates > _______________________________________________ > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
